UK Computer Legislation
The specific legal acts governing data, hacking, and copyright.
Examiner's Eye - The "Law Mix-Up Trap"!
Students constantly confuse the DPA 2018 with the CMA 1990 in the exam. You must memorise the distinct difference:
- DPA (Data Protection Act): Punishes the COMPANY for mishandling or failing to secure the data they collected from you (e.g. they mistakenly email your medical file to a stranger).
- CMA (Computer Misuse Act): Punishes the HACKER for committing a cyber-crime (e.g. an external attacker bypasses the firewall to actively steal your medical file).
Data Protection Act (2018)
Data Handling by Orgs
A company must keep user data secure (using encryption/firewalls), they cannot sell it without explicit consent, they must permanently delete it when no longer needed, and they must provide a full copy of the data if the user explicitly requests it.
Computer Misuse Act (1990)
Malicious Hacking
Prevents unauthorised access to computer systems. This Act is broken the exact second someone guesses a password, installs a keylogger, uses a packet sniffer, or distributes a virus with malicious intent.
Copyright, Designs & Patents (1988)
Intellectual Property
Protects creators. It is highly illegal to copy, modify, or distribute someone else's software, imagery, or films without their explicit permission. It outlaws digital piracy and plagiarism.
Interactive Lab: The Courtroom Docket
You are the presiding judge. A rapid-fire conveyor belt of criminal scenarios is approaching the bench. You must legally categorise each crime under the correct Act before the 10-second timer expires!
Court Adjourned
You scored 0/5.
Check Your Understanding
1. A student guesses their teacher's password to log into the school network without permission. Which specific Act has been broken?
2. Under the DPA 2018, what is an absolute legal right of a customer regarding their own data held by a company?
Written Exam Scenario (AO2/AO3)
"A school continually loses unencrypted USB drives containing student medical records. Identify the specific legislation broken and evaluate the legal consequences for the school." (6 marks)
Legislation: The school has severely breached the Data Protection Act 2018 (DPA).
Principle Violated: They have violated the principle that data must be kept completely secure. Storing highly sensitive medical data on an easily lost, unencrypted portable memory stick is legally negligent.