Exam Board:
OCR A-Level
Specification:
Computer Science H446
5.1 - Computing-related Legislation
Watch on YouTube:
Data Protection Act
Computer Misuse Act
Copyright Design and Patents Act
Regulation of Investigatory Powers Act
Several key UK laws govern the ethical and legal use of computers and digital information including the Data Protection Act and Computer Misuse Act. Each act is designed to protect data, users or intellectual property in the digital age.
Data Protection Act (2018)
The Data Protection Act is a UK law designed to ensure that personal data is collected, stored and used responsibly. It gives individuals (data subjects) rights over their personal information and sets rules for organisations that process it. Introduced in 1998, it was updated in 2018 to align with the EU’s General Data Protection Regulation (GDPR).
​​
The Data Protection Act's key principles include that data must be processed lawfully, fairly and transparently, used for specific purposes, kept accurate and up to date, stored securely and not kept longer than necessary.
​
It also gives data subjects rights such as accessing their data, correcting inaccuracies, objecting to processing and requesting deletion. Organisations that break the law can face heavy fines and legal action from the Information Commissioner’s Office (ICO).
Computer Misuse Act (1990)
The Computer Misuse Act (1990) is a UK law created to make unauthorised access and use of computer systems illegal. It was introduced in response to the rise of hacking and other cybercrimes as computers became more common.
​
This act defines several offences, including:
-
Unauthorised access to computer material, such as hacking into a system without permission.
-
Unauthorised access with the intent to commit further offences, such as fraud or data theft.
-
Unauthorised modification of data or programs, for example, spreading viruses or deleting files.
-
Making, supplying or obtaining tools used for committing these offences.
​​
Penalties range from fines to imprisonment, depending on the severity of the crime. This act helps protect individuals, organisations and data from malicious attacks and misuse.
Copyright, Designs & Patents Act (1988)
The Copyright, Designs and Patents Act (1988) is a UK law that protects people’s creative and intellectual work from being copied or used without permission. It gives creators automatic legal rights over their original work, such as books, music, films and software.
​​
The act states that the copyright owner controls how their work is used, including the rights to copy, distribute or adapt it. Anyone wishing to use the work must get permission or a licence from the owner.
​​
It also includes exceptions, allowing limited use for purposes like education or research. This act helps ensure that creators are fairly rewarded for their work and that their intellectual property is legally protected.
Regulation of Investigatory Powers Act (2000)
The Regulation of Investigatory Powers Act (RIPA) (2000) is a UK law that governs how public bodies and law enforcement can carry out surveillance and access electronic communications. It was introduced to balance national security and crime prevention with individuals’ right to privacy.
​
RIPA allows authorised agencies, such as the police, intelligence services and local councils, to monitor communications, intercept phone calls or emails and use covert surveillance, but only with proper legal authorisation. It also regulates the use of informants and access to encrypted data.
​​
This act aims to ensure that surveillance is done lawfully, proportionately and for legitimate purposes, such as preventing or detecting serious crime or protecting public safety.
Questo's Key Terms
Legislation:
Data Protection Act (2018)
Computer Misuse Act (1990)
Copyright Design and Patents Act (1988)
Regulation of Investigatory Powers Act (2000)
Did You Know?
In 1985, two journalists were arrested for ‘hacking’ into the emails of the Duke of Edinburgh (Prince Philip) after discovering an engineer’s username was ‘2222222222’ and password was ‘1234’. They were acquitted in court because no UK laws covered hacking, exposing a major legal gap that led to the creation of the Computer Misuse Act (1990).
