Security Fundamentals

12. Legal Protection of Data, Systems & Privacy

Legal Protection

Hacking can be appear a fairly harmless, often glamorised on TV and in films with the struggling hero trying to obtain a critical piece of information from a faceless organisation in order to solve a crime or to prevent a disaster.

In reality, hacking can cause tremendous harm; from damaging reputations, causing financial loss, threatening jobs and more. Increasingly and more and more people are becoming victims of hacking they are looking to the law to help protect them and punish hackers for their crimes.

Legal Protection

Hacking & the Law

Computer Misuse

Computer Misuse Act 1990

Helps protect individuals and companies from being hacked for the purposes of fraud.

  1. Unauthorised access to computer material.
  2. Unauthorised access with an intent to commit a further offence.
  3. Unauthorised modification
Data Proterction

Data Protection Act 1988

Controls how personal information is used by organisations, businesses and the government. Everyone responsible for holding data about others has to follow certain principals and obligations.

Communication Act

Communications Act 2003

Helps provide protection from others who may try to intercept your communications and what can be sent through a communications network/

Computer Misuse Act 1990

1. Unauthorised access to computer material

This covers accessing material for which the 'hacker' has no permission to access. By definition, if someone accesses material for which they haven't received permission to 'see' then they are breaking the law. All that is required, is for the user to know that they haven't been given permission.

Computer material covers all information and programs on any device capable of storing and processing information. So it covers all phones, tablets, laptops, desktops, internet servers, mini and mainframe computers.

Authorised Access

2. Unauthorised access to commit a further offence

This section covers all those instances where hackers will try to access unauthorised material to gain further information that will help them commit further offences. For example, stealing credit information from a computer so that they obtain money from your bank account, or getting details and placing online orders in your name and getting them delivered elsewhere.

Hackers who do this, not only break the Computer Misuse Act, but can also be charged with:-

  • Fraud under the Fraud Act.
  • Forgery or counterfeiting under the Forgery & Counterfeiting Act 1981
  • Theft under the Theft Act 1968
  • Criminal damage under the Criminal Damage Act 1971
Further Offence

3. Unauthorised modification

This covers those cases where someone has introduced a change to a computer system, that prevents or hinders access to programs or data, or affects it's reliability or introduced a program or data without permission. To be found guilty someone has to:-

  1. Caused an unauthorised modification to the the contents of a computer device.
  2. Has the intention to make a modification.
  3. Knows that what they intend to do is unauthorised.

This section of the law is specifically aims at those who plant viruses, Trojans or other malware on specific computer systems.

Software Modification
Data Protection Act 1988

1. Data Protection Principles

Everyone who uses personal data has to agree to abide by certain principles. First though, there are two important distinctions.

  1. Data controller - the person, organisation, company who keeps the data.
  2. Data subject - that's the person on which the data is about.

The Data controller has to:-

  • Make sure the information is used fairly and lawfully.
  • The information has to be kept for a clearly stated purpose and only used for that purpose.
  • The information has to be accurate.
  • The information has to be adequate and relevant to the purpose its being kept for.
  • Shouldn't keep the information longer than necessary.
  • Information should be kept safe and secure.
  • Shouldn't be transferred outside the Europe without protection.

In short, you can't just keep information on anyone without a reason, to be used for any purpose you like for as along as you like and let anyone else see it just because they want to and not worry about whether its accurate.

2. Data Subject Rights

As a Data Subject, you have the right to:-

  • Find out what information is held about you by the government and other organisations.
  • See the information held about you and have it corrected - the might be a small fee for this.

Unsurprisingly, there are a few organisations who are exempt from the Data Protection Act especially when the information is about:-

  • the prevention, detection or investigation of a crime.
  • national security or defence.
  • the assessment or collection of taxes.
  • judicial or ministerial appointments

And to add an element of mystery, the organisation doesn't have to say why they are withholding the information.

Data Protection
Communications Act 2003

While the Computer Misuse Act provides legal protection from people trying to change the way computer devices work or use them as part of another crime and the Data Protection Act provides protection for your personal data, this act provides legal protection for your wireless network channel and the content of messages passed on line. In particular, it provides protection against:-

  1. 'Piggybacking'/
  2. Threatening behaviour online.
  3. Offensive & Indecent Images.

The last two categories are used to provide protection against Cyber-bullying and trolls.


1. Piggybacking

This is the offence of using someone else's WiFi connection without permission, like your neighbour's. Using free WiFi in coffee shops can assume they've been granted permission by the WiFi owner.


2. Threatening behaviour online

This provides legal protection against receiving threats online, particularly on social media where people mistakenly assume they are free to say anything they like without fear of retribution. As well as a protection against cyber-bullying it also represents an attempt to tackle 'trolling' or the act of posting offensive comments to deliberately cause offense.

3. Offensive & Indecent Images

Sending offensive and indecent images is now an offence, especially sharing them on social media, perhaps for revenge purposes in order to embarrass or humiliate.


Create a page in your notebook title Legal Protection.. Copy each of the following situations and give your answer.

  1. Your friend goes to the toilet leaving their phone behind. For a joke, you use it to download an image and change the screen image to give the impression its cracked. Has a crime been committed and if so, under the section of which law?
  2. You forget to logout at school. When you next log in, you discover that someone has added inappropriate messages into your English report. Under which section(s) of the law has a crime been committed?
  3. A friend borrows your tablet. Unknown to you, they install an app so that they can listen to music. Has a crime has been committed and if so, what part of which law can your friend be charged?
Cracked Screen
Personal Information Form

As before, copy the scenario and answer the questions.

  1. You decide to join a local sports club and you begin to complete a membership form. You notice that a lot of the questions seem to be about your friends and family. In particular, they ask you for their contact details. Should the sports club be asking you these questions and if not why not?
  2. You've moved house and you are about to go on a school trip. You get a consent letter from the school and you notice the school is still using your old address and emergency telehpone number. What should you do?
  3. While on a school trip, you make friends with someone from another school. Unfortunateley, they loose your contact details, so they ring the school to find out your address and telephone number, which the school provides. Was this the right thing to do or not?
  1. Your modem/router at home stops working and you have to do some important research to do for your project. While attempting to get your internet connection started working again, you discover another 'open' network, so you use that instead. What crime has been comitted and under which law?
  2. While using social media, a former friend starts leaving abusive and threatening messages. Are they allowed to do this?
  3. A friend tells you that you are 'trending' on twitter. You log in and discover someone has photoshopped your face onto an embarrassing meme. Everyone is laughing about it and you're begining to recieve tweets about your wight and looks. Which part of which law can you use to help protect you against such onlinbe bullying?
You should be able to:-
  • List the key acts that provide users legal protection online.
  • Be able to identify the correct act that covers a given offence.
  • Provide examples of offences covered by each act.

If you don't feel confident in meeting any of these performance criteria, ask your teacher or re-read the information again.

Cyber Security

  • Security Fundamentals
  • Data Security
  • Digital Forensics
  • Ethical Hacking
Supporting courses by the SQA Logo
css badge
html badgee