Hardware Reference
In-Depth Information
In most situations, personal information may not be collected without your
authorization.
In many nations, you have a right of access to the information kept on you, again
subject to some exceptions.
No personal information may be kept any longer than it's needed. For example, if
you're no longer a customer, a company no longer needs your data. Your data must
be kept up-to-date.
Personal information may not be sent outside the nation (or nation group) in question.
(This part has some complex exceptions.)
In most nations and most cases, organizations that hold personal data must
register with a related government department. (In the U.K., this is the Information
Commissioner's offi ce.)
Any organization holding personal information is required to have adequate security
measures in place, such as fi rewalls and staff security training.
You're entitled to view the data that pertains to you, and to challenge its accuracy
and have it amended if needed (unless the data involves personal opinion).
Computer Misuse Act
Computer misuse is a euphemism for hacking. Anything that involves anyone gaining
access to systems where they don't have permission is computer misuse. In fact, legislation
covers the act of trying to get information to
prepare
to hack (social engineering) as well
as the deed itself.
Sections 1-3 of the U.K. Computer Misuse Act of 1990 introduced three criminal offenses:
Section 1: Unauthorized Access to Computer Material
This could include using
another person's login and password without permission in order to use either data
or an application. This also includes the alteration, deletion, copying, or movement of an
application or data, or simply printing out the source code of an application or printing/
emailing the data found.
Section 2: Unauthorized Access with Intent to Commit or Facilitate Commission of
Further Offenses
This may include accessing system records or databases in order to prepare
to commit a crime, or laying a trap to obtain someone's login information or private data.
Section 3: Unauthorized Modification of Computer Material
This includes destroying
another user's fi les, modifying system fi les, creating a virus, introducing malware locally or
on a network, a denial of service attack, or anything that may cause a complete system
(or partial system) to malfunction.
There has been some controversy over this act, with complaints that it was hastily
prepared and not well thought out, and that it contains signifi cant loopholes and has the
potential to lead to unintended consequences. Several amendments have been made to the act
via part 5 of the Police and Justice Act of 2006, which helped to clarify the act's intent.
