The document discusses various UK legislation related to information and communication technology (ICT), including the Data Protection Act, Freedom of Information Act, Computer Misuse Act, Copyright Designs and Patents Act, and Health and Safety at Work Act. It explains how these legislations impact ICT policies and security practices within organizations. Compliance is important to avoid legal consequences, and the duties of both employers and employees are outlined.

1. 3.6 Legislation and Regulations

3. 1. What is an ICT Policy?
2. What is the impact of legislations on these policies?
3. Name 5 legislations that relate to the use of ICT
4. If you were responsible for an orgnaisations compliance with legislations what
approach would you take to ensure that the all legal requirements are met?
5. What are the consequences of not complying with the legislations?
6. What is the purpose of the Data Protection Act (DPA)?
7. What affect would the DPA have on organisations and their policies?
8. What is the purpose of the Freedom of Information Act?
9. What affect would the Freedom of Information Act have on organisations and
their policies?
10. What is the purpose of the Computer Misuse Act?
11. What affect would the Computer Misuse Act have on organisations and their
policies?
12. What is the purpose of the Copyright, Designs and Patents Act?
13. What affect would the Copyright, Designs and Patents Act have on organisations
and their policies?
14. What is the purpose of the Health and Safety at Work Act?
15. What affect would the Health and Safety at Work Act have on organisations and
their policies?

4.  ICT policies outline how the ICT Strategy will
be put into operation

5.  Legislations will affect the content of ICT
Policies
 E.g.
◦ The writing of the Security Policy will be affected
by the Computer Misuse Act.
◦ The Acceptable Use Policy will be affected by the
Health and Safety at Work Act

6.  Data Protection Act
 Freedom of Information Act
 Computer Misuse Act
 Copyright, Designs and Patents Act
 Health and Safety at Work Act

7.  Make sure that you are fully aware of the implications
of each legislation
 Check how your company currently complies with
each act
 Identify areas of non compliance and correct them
 Update procedures to make sure that the company
continues to comply
 Train staff so that they are aware of what is required
from them under each act
 Build the procedures into induction training,
contracts of employment and disciplinary procedures
 Check that procedures are being followed

8.  Organisations can be prosecuted for not
putting appropriate procedures in place
 Employees can be prosecuted for failing to
meet their responsibilities

9.  The purpose of the Data Protection Act is to
control the way information is handled and to
give legal rights to people who have
information stored about them.

10.  An organisation would probably hirer a data controller to take
responsibility for the companies data
 The organisation would have to register with the Information
Commissioner’s office
 The organisation would have to look at each of the 8 principles
of the act and put procedures in place that highlight what needs
to be done and who is responsible for doing it
 E.g.
◦ The handling of customer requests to view their data – who handles it,
how are they logged, who checks response times?

11.  The Freedom of Information Act gives you the right to
ask any public body for all the information they have
on any subject you choose.
 Unless there’s a good reason, the
organisation must provide the information within 20
working days.
 You can also ask for all the personal information they
hold on you.
http://goo.gl/1xgKh

12.  The organisation must identify what
information they must release under the act
and what information is exempt
 Procedures are requires to handle requests
and collect any necessary payments

13.  The act makes it illegal to:
◦ Gain unauthorised access to computer material
◦ Gain unauthorised access to computer material with
intent to commit further offences
◦ Alter computer data without permission

14.  Largely a matter of staff training and network security
 Staff must be made aware of their rights when accessing
the network and should understand that any breach of
those rights would result in disciplinary measures.
 Staff should be trained and informed about what is illegal
and what is bad practice
 Access rights on the network must be considered
 Security features must be utilised e.g. automatic logout if
work station not being used

15.  To ensure people are rewarded for their
endeavours and to give protection to the
copyright holder if there is an infringement

16.  For most organisations the biggest impact of this legislation is with
regards to software licenses
 Software tools can be used to analyse what software is installed on all
workstations across a network
 Any unauthorised software must be removed or licenses purchased
 Steps should be put in place to ensure unauthorised software cannot be
installed
◦ E.g. disabling drives, banning internet downloads, restricting permissions to install
.exe files
 Staff must understand the importance of only using authorised software
and made aware of consequences
 The network audit should be regularly repeated

17.  To ensure that employers provide a safe
working environment for their staff
 To ensure that the employees use
workstations and equipment correctly in
accordance with the training provided by the
employer

18. Employers must:
 Carry out risk assessments on all workstations
 Supply suitable adjustable furniture
 Train users
 Provide sufficient desk space
 Consider the tasks being carried out and build in adequate breaks
 Provide software that has been designed to good health and safety principles
 Provide a system through which employees can report health and safety issues
 Review workstations regularly