Computer related legislation

The Computer Misuse Act (1990) was introduced to secure computer material against unauthorised access or modification. Three categories of criminal offences were established to cover the following conduct:

1. Unauthorised access to computer material (basic hacking) including the illicit copying of software held in any computer.
   Penalty: up to six months of imprisonment or up to a £5,000 fine.
2. Unauthorised access with intent to commit or facilitate commission of further offences, which covers more serious cases of hacking.
   Penalty: up to five years of imprisonment and an unlimited fine.
3. Unauthorised modification of computer material, which includes:
   i.   intentional and unauthorised destruction of software or data
   ii.  the circulation of ‘infected’ materials on-line
   iii. an unauthorised addition of a password to a data file.
   Penalty: up to five years of imprisonment and an unlimited fine.

You must not:

• display any information which enables others to gain unauthorised access to computer material (this includes instructions for gaining such access, computer codes or other devices which facilitate unauthorised access)
• display any information which may lead to any unauthorised modification of computer materials (such modification would include activities such as the circulation of ‘infected’ software or the unauthorised use of a password)
• display any material which may incite or encourage others to carry out unauthorised access to or modification of computer materials.

The Copyright, Design and Patents Act (1988) is applicable to all types of creations, including text, graphics and sounds by an author or an artist. This includes any which are accessible through the University's IT facilities and network. Any unloading, downloading or printing of information through on-line technologies, which is not authorised by the copyright owner will be deemed to be an infringement of his/her rights.

Some types of infringement give rise to criminal offences, the penalties for which are up to two years imprisonment or an unlimited fine. It is also possible for the copyright owner to claim compensation or to have infringing activities prevented by injunction.

You must not:

• make
• transmit
• print
• store an electronic copy of copyright material on the University’s IT equipment without the permission of the owner.

The Data Protection Act (1998) concerns the processing of information about living individuals. It gives rights to those individuals about whom information is recorded and demands good practice in handling information about people.

Every person or organisation holding personal data (data controller) must be registered with the Information Commissioner.

Please visit Data Protection Policy for further information.

You must:

• only use personal data for a University related purpose

• ensure that the use of University related personal data is restricted to the minimum consistent with the achievement of academic purposes

• contact the University's Data Protection Officer before conducting any activity which involves the collection, storage or display of personal data through the University’s IT facilities.

The Official Secrets Acts (1911) establish severe criminal penalties for any person who discloses any material which relates to security, intelligence, defence or international relations and which has come into that person’s possession through an unauthorised disclosure by a crown servant or government contractor. They also cover material which has been legitimately disclosed by a crown servant or government contractor on terms requiring it to be kept confidential or in circumstances in which it might reasonably be expected to be treated as confidential. This means that certain information handled by the University’s departments may be covered by the provisions of the Acts, particularly if such information concerns a project specifically commissioned by a government office.

You must:

• ensure that any such material is securely stored and avoid displaying it on the University’s IT facilities.

Defamation consists of the publication of an untrue statement (which can include an opinion), which adversely affects the reputation of a person or a group of persons. If such a statement is published in a permanent form, as is the case with statements published on the Internet, including messages transmitted by email, an action for libel may be brought against those responsible.

In accordance with the Defamation Act (1996), the University acknowledges the convention of academic freedom, but will take all reasonable care to avoid the dissemination of defamatory material and will act promptly to remove any such material which comes to its attention. Messages which have only one intended recipient may reach a vast audience through the Internet and as a result, the transmission of statements which discredit an identifiable individual or organisation may lead to substantial financial penalties.

You must:

• ensure that all published facts are accurate

• ensure that opinions and views expressed in personal home pages or via bulletin boards do not discredit their subjects in any way which could damage their reputation.

You must not:

• place links to bulletin boards which are likely to publish defamatory materials.

Remember that your email communications are publications.

The University is committed to the prevention of publication through any of the University’s IT facilities of any material which it may consider pornographic, excessively violent or which comes with the provisions of the Obscene Publications Act (1959), the Protection of Children Act (1978) or the Criminal Justice Public Order Act (1994). The University will regard any such publications as a very serious matter, which it will not hesitate to report to the law enforcement agencies. Users of the IT facilities are reminded that these are principally for use in connection with academic purposes, therefore any use of the IT equipment to publish or gain access to obscene, pornographic or excessively violent material is inappropriate, and you may be liable to legal proceedings.

You must not:

• disseminate, access or encourage access to materials which the institution deems to be obscene, pornographic or excessively violent through the University’s IT facilities.

The Telecommunications Act (1984) and the Interception of Communications Act (1985) make it illegal to communicate any information of an indecent, obscene or menacing character by a public telecommunications system, or to misuse or tap a telecommunications system.

You must:

• ensure that use of institutional voice and data systems, i.e. telephones and networks, is operated in accordance with the provision of these acts.

The Health and Safety at Work Act (1974), including the Control of Substances Hazardous to Health (COSHH) Regulations (1988), regulates safety in the workplace and contains a number of clauses pertinent to the IT environment, such as the Display Screen Equipment Regulations (1992).

You must:

• operate in accordance with the institutional code of conduct as detailed in the health and safety section.

The Police and Criminal Evidence Act (1984) limits the use of certain computer material as evidence in court.

Disclosure of computer held information to the law enforcement agencies may be covered by the provision of this act.

A new Equality Act came into force on 1 October 2010. The Equality Act brings together over 116 separate pieces of legislation into one single Act. Combined, they make up a new Act that provides a legal framework to protect the rights of individuals and advance equality of opportunity for all.

The Act simplifies, strengthens and harmonises the current legislation to provide Britain with a new discrimination law which protects individuals from unfair treatment and promotes a fair and more equal society.

In addition, European Union legislation can cover situations where discrimination takes place on the grounds of sexual orientation. Therefore, any material located on or disseminated through the University’s IT facilities which may be considered discriminatory or may encourage discrimination on grounds of sex, gender, sexual orientation, race or ethnic origin may be unlawful. Any such material will also be against the University’s Equal Opportunities Policy.

You must not:

• use the University’s IT services to place or disseminate materials which discriminate or encourage discrimination on grounds of sex, gender, sexual orientation, religion, race or ethnic origin.

The incitement to commit a crime is a criminal offence in itself, regardless of whether a crime has actually been committed or not. This includes the provision of information via IT equipment/services which facilitates crime.

You must not:

• place links to sites which facilitate illegal or improper use;

• place links to sites where copyright protected works, such as computer software, are unlawfully distributed

• place links to sites which display pornographic materials

• place links to bulletin boards which are likely to contain discriminatory statements

• post messages which would be in contempt of court.

The University’s IT facilities must not be used for placing or distributing advertisements relating to any course or business other than those promoting the University’s teaching and research activities or its own trading operations.

You must:

• remember that all advertisements should be ‘legal, decent, honest and truthful’ and comply with the Code of Practice for Advertisers issued by the Advertising Standards Authority.

Since there is no international convention on Internet regulation, caution is necessary in considering what law may be applicable. As a basic rule, all users of the University’s IT facilities must note that although certain materials may be considered legal in their places of origin, that does not prevent the application of UK law if those materials are considered to be illegal under the law in this country. Similarly, material transmitted world-wide is subject to the law of whichever country it is viewed in.

As required by UK legislation, IT Services draws to the attention of all users of the University's Data and Telephones Networks the fact that their communications may be intercepted as permitted by legislation.

The legislation allows an employer and/or organisation to intercept without consent for purposes such as recording evidence of transactions, ensuring regulatory compliance, detecting crime or unauthorised use, and ensuring the operation of their telecoms systems. The employer and/or organisation does not need to gain consent before intercepting for these purposes, although it does need to inform staff and students that interceptions may take place.

UWE is connected to the internet via the Joint Academic Network (JANET). As well as this policy, JANET’s own Acceptable Use Policy must be adhered to.