by The Open University
Available in 39 free installments
Owner:
In Chapter 1 of IT Governance: A Manager's Guide to Data Security & BS 7799/ISO 177799 (the Set Book), the section entitled ‘Legislation? lists the UK legislation that affects the management of information security. One way to appreciate the relevance of legislation to an organisation is to identify the rights and entitlements it establishes and then to establish whether the organisation or its stakeholders have an interest in those rights and entitlements. For each law considered, Table 1 identifies, in general terms, the legal rights established and the parties whose interests are protected by it.
| Law | Rights established |
|---|---|
| Data Protection Act 1998 | Protects individuals against the use of personal information by another individual or organisation. |
| Freedom of Information Act 2000 | Provides individuals with the right of access to information held by public authorities and those providing services for them. |
| Computer Misuse Act 1990 | Protects the right of individuals and organisations to preserve the confidentiality and integrity of their computer data. |
| Copyright Designs and Patents Act 1988 | Protects intellectual property, i.e. protects the interests of an individual, or an organisation that employs such individuals, whose ownership of novel, creative or inventive work is recognised in law. |
| Electronic Communications Act 2000 | Protects the interests of society by restricting the use of cryptographic techniques so that the Government and its authorised agents are able to decrypt any message that is legitimately intercepted. |
| Human Rights Act 1998 | Protects the right of individuals against unreasonable disruption of and intrusion into their lives, while balancing this individual right with those of others. |
| Regulation of Investigatory Powers Act 2000 | Protects the originators of electronic communication from its interception without lawful authority and protects employees from unreasonable monitoring. |
| Public Interest Disclosure Act 1998 | Protects employees who, in the public interest, disclose criminal or civil wrongdoing by their employer. |
We include this final law for completeness. It is not listed in the section on ‘Legislation? in Chapter 1, but is mentioned in the ‘Intellectual property rights (IPR)? section of Chapter 27.
Read the sections entitled ‘Identification of applicable legislation? and ‘Intellectual property rights (IPR)? at the start of Chapter 27 of the Set Book. Then, in light of your reading and for each law identified in Table 1, try to give one example of how it affects your organisation's use of information.
You might find it helpful to discuss this activity with other learners, using the unit forum.
Here are some examples in the case of the Open University.
| Law | Example |
|---|---|
| Data Protection Act 1998 | Relevance to OU: governs the storage and use of information about staff and students. |
| Effect: the University is careful to communicate its policy to staff and students and to monitor internal compliance. | |
| Freedom of Information Act 2000 | Relevance to OU: establishes the public's right of access to information relating to policy, decision-making and use of public funds by the University. |
| Effect: the University has systems to ensure that relevant information is either publicly available (e.g. in the OU Library) or appropriately archived. | |
| Computer Misuse Act 1990 | Relevance to OU: protects the University's computer systems from unauthorised access. |
| Effect: the University has systems for monitoring potential abuse. | |
| Copyright Designs and Patents Act 1988 | Relevance to OU: protects the rights of the University with regard to its published materials. |
| Effect: all materials associated with this and other courses are copyrighted. | |
| Electronic Communications Act 2000 | Relevance to OU: limits the cryptographic protocols that can be used by the University. |
| Effect: restricts the protocols used by staff for remote computer access. | |
| Human Rights Act 1998 | Relevance to OU: the University affects the lives of people. |
| Effect: regulates the activities of the University among the communities within which it works. | |
| Regulation of Investigatory Powers Act 2000 | Relevance to OU: the University uses much electronic communication and has many employees. |
| Effect: gives the University an assurance that its electronic communication cannot be unlawfully intercepted and limits the University's power to monitor staff activity. | |
| Public Interest Disclosure Act 1998 | Relevance to OU: the University is an employer. |
| Effect: the University has a ‘whistle-blowing? procedure which guides employees in what to do if they believe the University has engaged, or intends to engage, in criminal or civil wrongdoing. |
Original Copyright © 2007 The Open University. Now made available within the Creative Commons framework under the CC Attribution – Non-commercial licence (see http://creativecommons.org/by-nc-sa/2.0/uk/).
