|
Legislation/Statutory Instrument
|
Implications
|
|
Data Protection Act
1998/Freedom of Information Act 2000
|
The
Data Protection Act came fully into force in October 2001 and governs
the use of personal data. This is any data
which can be used to identify living individuals. The
Act imposes strict requirements on anyone processing personal data
including the requirement to have “appropriate organisational and
technological measures” in place to safeguard data. Failure
to comply with the act can result in heavy fines.
In addition to
the Act itself, the Information Commissioner has produced a number of
codes of practice on areas such as employee monitoring, the use of CCTV
etc.
The Freedom of
Information Act has been staged into effect in the UK over the last
couple of years. Whereas the DPA dealt with personal information this
Act gives people a
general
right of access to information held by or on behalf of public
authorities. Note, private organisation are NOT covered by this Act
but ARE subject to DPA.
More
detailed information on all of this can be obtained from the UK
Information Commissioner (see website in previous postings)
|
|
Defamation Act 1996
|
Defamation
law protects the reputation of both individuals and corporate
organisations and is designed to prevent untrue statements that would
“lower the defamed person or organisation in the estimation of right
thinking members of society”. The Defamation
Act covers both libel and slander. Where the
act of defamation is carried out by an employee, the business itself
can be held responsible and therefore penalised.
|
|
Sexual and Racial
Discrimination Act and Race Relations Act
|
Under
these combined acts, any organisation which fails to take all
reasonable steps to prevent the dissemination of material of a sexual
or racial nature can be sued by the offended individual.
Until recently, a cap of £50,000 existed for the payments
of compensation in discrimination cases, however, with the removal of
these caps, it is now not uncommon to see payments in excess of
£200,000. Additionally, any organisation that
permits the dissemination of material intended to incite riot or racial
hatred can find themselves facing criminal prosecution.
|
|
Obscene Publications Act
1959
|
This
Act defines obscene material as material that is likely to deprave and
corrupt. Quaint as this description may sound it must still be taken
seriously. Offences occur when material of an
obscene nature is ‘published’ and the Act has been amended to include
electronic publication. Consequently, if
obscene material is being downloaded and stored on a company server
that members of staff have open access to, the company may well be
deemed to be the publisher of the material and the Directors of the
company held responsible. In such cases the
penalties are heavy fines and even imprisonment.
|
|
Telecommunications Act 1984
|
Under
the provision of this Act an offence is committed when an individual
“sends by means of a public telecommunications system, a message or
other matter that is grossly offensive or of an indecent, obscene or
menacing character’. Since almost all online
services, including electronic mail, will involve the use of a public
telecommunications system at some stage, the Directors of a company are
exposed to the risk of prosecution should they allow the transmission
of messages of this nature.
|
|
The Protection of Children
Act 1978
|
This
deals specifically with the matter of indecent material involving
children. It should be noted that the threshold
of ‘indecency’ is much lower than that of ‘obscenity’ and the offence
occurs from the possession and not the publication of the material. The storage of such material on a server would
therefore be deemed to be possession. Furthermore,
when an email arrives it is deemed to be the property of the
organisation and NOT of the recipient. Such
material arriving as an attachment within an email would also therefore
be in the possession of the company. The
penalties for possession of this form of indecent material are severe
indeed and, in most cases, will result in prosecution of the directors
of the company and result in custodial sentences along with inclusion
on the sex offenders register.
|
|
Copyrights, Designs and
Patents Act 1988
|
The
majority of the material available over the Internet will be either
copyrighted or have database rights attached to it. The
downloading of copyright protected software, documents and assorted
images from the Internet without the permission of the author can lead
to corporate liability. In addition to
vicarious liability, directors can also face personal liability.
|
|
Computer Misuse Act 1990
|
Although
widely considered to be out of date this Act still holds much relevance. The intention of the Act is to prevent the
unauthorised access to and modification or destruction of data held on
a computer system. Also covered under this is
the onward transmission of malicious software including computer
viruses. Under the terms of the Act if a
company fails to take all reasonable precautions to prevent the onward
transmission of malicious software and a third party experiences damage
or loss of data as a result, then a company can be held directly
responsible even though they were not the original authors.
|
|
Electronic Communications
Act 2000
|
The
main purpose of this piece of legislation is to encourage organisations
to develop electronic equivalents of written documents and manual
signatures. Unfortunately, there is still a
common misconception that a hard copy document is required for the
formation of a contract. This is no longer true
and an employee can inadvertently enter into a contract via electronic
mail. The second risk under this Act is that of
misrepresentation. If an employee of a company
exaggerates the specification of a product, and if a company or
individual purchases the product based on that recommendation, then the
purchasing party can sue that company for misrepresentation.
|
|
Human Rights Act 2000
|
Described
by Lord McLuskey as “A field day for crackpots, a pain in the neck for
judges and legislators and a goldmine for lawyers” the Human Rights Act
became part of UK
legislation in October 2000. It contains a
number of articles relating to the rights that an individual should be
entitled to. Of particular relevance is Article
8, “The right to respect for private and family life, home and
correspondence”. Correspondence has already
been shown to include electronic mail and if the right procedures are
not followed then the use of email monitoring can be a direct
infringement of this right.
|
|
Regulation of
Investigatory Powers Act 2000
|
Following
quickly on the heels of the Human Rights Act this piece of legislation
made provisions for law enforcement agencies to be able to monitor and
intercept communications over public and private telecommunications
systems. However, under the framework of the
Act it is illegal except in matters of national security for anyone to
intercept communications without consent.
|
|
Telecommunications (Lawful
Business Practice) Regulations 2000
|
This
Statutory Instrument provided for a number of circumstances in which it
would be legal for an employer to monitor, intercept and record
communications without obtaining consent. It
requires organisations implementing such systems to comply with set
regulations, particularly that they should “make all reasonable efforts
to inform every person who may use the system that communications may
be intercepted”. Failure to comply with these
regulations could result both in legal action from the individual(s)
being monitored and also in criminal proceeding against the company.
|
