OCR J277 Unit 1.6 Impacts

Lesson 3: Legislation (DPA & CMA)

"Understanding the laws that govern data and protect against digital crime."

Lesson Progress

0/7
01 Retrieval

DO NOW: Lesson 2 Review

Match the environmental and privacy impacts to their descriptions.

1 E-Waste
2 Data Centres
3 Obsolescence
A. Designing products to fail early to force new purchases.
B. Toxic chemicals (lead/mercury) from discarded hardware.
C. High energy consumption due to 24/7 cooling and processing.
02 Objective

Learning Objective

To master the laws that protect your personal data and learn how the law stops hackers and cyber-criminals.

03 Vocabulary

Core Terminology

Data Subject

The Individual Expand Card

Subject: Definition

The living person who the data is about (e.g. you).

Subject: Examples

  • A student in a school database.
  • A customer on an online shop.
Click to close

Data Controller

The Organisation Expand Card

Controller: Definition

The person or organisation who decides how data is used.

Controller: Examples

  • A school managing grades.
  • Amazon managing orders.
Click to close

Unauthorized Access

Digital Hacking Expand Card

Hacking: Definition

Gaining entry to a computer system without permission.

Hacking: Examples

  • Guessing a friend's password.
  • Using SQL Injection to see data.
Click to close
04 Analysis

Legal Frameworks

Legal: DPA 2018

The Data Protection Act 2018

The DPA governs how personal data is handled by organisations. It ensures that Data Subjects have control over their digital lives. There are 6 key principles organisations must follow:

1. Fair, Lawful and Transparent processing.
2. Specified, explicit and legitimate purposes.
3. Adequate, relevant and limited to what is necessary.
4. Accurate and kept up to date.
5. Kept no longer than is necessary.
6. Processed in a secure manner.

Applied Thinking

Scenario: A supermarket collects your home address and bank details just so you can use their free Wi-Fi.
Which DPA principle are they breaking?

Reveal Answer

Principle 3: Data must be Adequate, relevant and limited to what is necessary. Wi-Fi doesn't need your home address.

Legal: CMA 1990

The Computer Misuse Act 1990

The CMA makes specific digital actions illegal. There are 3 main offences students must know:

1. Unauthorised Access

Gaining entry to computer material without permission (e.g. logging into a friend's social media).

2. Access with Intent

Gaining entry with the specific intent to commit a further crime (e.g. logging in to steal bank details or company secrets).

3. Unauthorised Modification

Deliberately changing or impairing the operation of a computer (e.g. spreading viruses, deleting files, or starting a DDoS attack).

Applied Thinking

Scenario: A student logs into their teacher's account just to see the exam questions, but they don't change anything.
Which CMA offence is this?

Reveal Answer

Unauthorised Access: Gaining entry to computer material without permission. Even if nothing is changed or stolen, the act of logging in without permission is the offence.

05 Testing Lab

The Cyber Detective

Identify which laws are being broken in various hacking and data breach scenarios. 100% required to pass.

Legal Auditor Tool

Start Investigation
06 Engagement

The Legislation Hub

The ultimate Triple-Challenge Hub. Master the CMA Interceptor, DPA Auditor, and Subject Sentinel in three high-intensity missions!

Security Challenge

Launch 60s Mission
07 Plenary

Teacher Plenary

Lesson Complete

Students: Signal completion. Teacher: Initiate class reflection.

Discussion A

"Does the DPA 2018 do enough to protect us from global giants like Facebook and Google?"

Discussion B

"Should hacking into a system just to 'look around' be a crime, or only if you steal something?"