Security Fundamentals

Legal Protection of Data, Systems & Privacy

Legal Protection

Hacking can be appear a fairly harmless, often glamorised on TV and in films with the struggling hero trying to obtain a critical piece of information from a faceless organisation in order to solve a crime or to prevent a disaster.

In reality, hacking can cause tremendous harm; from damaging reputations, causing financial loss, threatening jobs and more. Increasingly and more and more people are becoming victims of hacking they are looking to the law to help protect them and punish hackers for their crimes.

Legal Protection

Hacking & the Law

Computer Misuse

Computer Misuse Act 1990

Helps protect individuals and companies from being hacked for the purposes of fraud.

  1. Unauthorised access to computer material.
  2. Unauthorised access with an intent to commit a further offence.
  3. Unauthorised modification
Data Proterction

Data Protection Act 1988

Controls how personal information is used by organisations, businesses and the government. Everyone responsible for holding data about others has to follow certain principals and obligations.

Communication Act

Communications Act 2003

Helps provide protection from others who may try to intercept your communications and what can be sent through a communications network/

Computer Misuse Act 1990

1. Unauthorised access to computer material

This covers accessing material for which the 'hacker' has no permission to access. By definition, if someone accesses material for which they haven't received permission to 'see' then they are breaking the law. All that is required, is for the user to know that they haven't been given permission.

Computer material covers all information and programs on any device capable of storing and processing information. So it covers all phones, tablets, laptops, desktops, internet servers, mini and mainframe computers.

Authorised Access

2. Unauthorised access to commit a further offence

This section covers all those instances where hackers will try to access unauthorised material to gain further information that will help them commit further offences. For example, stealing credit information from a computer so that they obtain money from your bank account, or getting details and placing online orders in your name and getting them delivered elsewhere.

Hackers who do this, not only break the Computer Misuse Act, but can also be charged with:-

  • Fraud under the Fraud Act.
  • Forgery or counterfeiting under the Forgery & Counterfeiting Act 1981
  • Theft under the Theft Act 1968
  • Criminal damage under the Criminal Damage Act 1971
Further Offence

3. Unauthorised modification

This covers those cases where someone has introduced a change to a computer system, that prevents or hinders access to programs or data, or affects it's reliability or introduced a program or data without permission. To be found guilty someone has to:-

  1. Caused an unauthorised modification to the the contents of a computer device.
  2. Has the intention to make a modification.
  3. Knows that what they intend to do is unauthorised.

This section of the law is specifically aims at those who plant viruses, Trojans or other malware on specific computer systems.

Software Modification
Data Protection Act 1988

1. Data Protection Principles

Everyone who uses personal data has to agree to abide by certain principles. First though, there are two important distinctions.

  1. Data controller - the person, organisation, company who keeps the data.
  2. Data subject - that's the person on which the data is about.

The Data controller has to:-

  • Make sure the information is used fairly and lawfully.
  • The information has to be kept for a clearly stated purpose and only used for that purpose.
  • The information has to be accurate.
  • The information has to be adequate and relevant to the purpose its being kept for.
  • Shouldn't keep the information longer than necessary.
  • Information should be kept safe and secure.
  • Shouldn't be transferred outside the Europe without protection.

In short, you can't just keep information on anyone without a reason, to be used for any purpose you like for as along as you like and let anyone else see it just because they want to and not worry about whether its accurate.

2. Data Subject Rights

As a Data Subject, you have the right to:-

  • Find out what information is held about you by the government and other organisations.
  • See the information held about you and have it corrected - the might be a small fee for this.

Unsurprisingly, there are a few organisations who are exempt from the Data Protection Act especially when the information is about:-

  • the prevention, detection or investigation of a crime.
  • national security or defence.
  • the assessment or collection of taxes.
  • judicial or ministerial appointments

And to add an element of mystery, the organisation doesn't have to say why they are withholding the information.

Data Protection
Communications Act 2003

While the Computer Misuse Act provides legal protection from people trying to change the way computer devices work or use them as part of another crime and the Data Protection Act provides protection for your personal data, this act provides legal protection for your wireless network channel and the content of messages passed on line. In particular, it provides protection against:-

  1. 'Piggybacking'/
  2. Threatening behaviour online.
  3. Offensive & Indecent Images.

The last two categories are used to provide protection against Cyber-bullying and trolls.


1. Piggybacking

This is the offence of using someone else's WiFi connection without permission, like your neighbour's. Using free WiFi in coffee shops can assume they've been granted permission by the WiFi owner.


2. Threatening behaviour online

This provides legal protection against receiving threats online, particularly on social media where people mistakenly assume they are free to say anything they like without fear of retribution. As well as a protection against cyber-bullying it also represents an attempt to tackle 'trolling' or the act of posting offensive comments to deliberately cause offense.

3. Offensive & Indecent Images

Sending offensive and indecent images is now an offence, especially sharing them on social media, perhaps for revenge purposes in order to embarrass or humiliate.

Content for Accordion Panel 1
Placeholder image
Content for Accordion Panel 2
Content for Accordion Panel 3
You should be able to:-
  • List the key acts that provide users legal protection online.
  • Be able to identify the correct act that covers a given offence.
  • Provide examples of offences covered by each act.

If you don't feel confident in meeting any of these performance criteria, ask your teacher or re-read the information again.

Cyber Security

  • Security Fundamentals
  • Data Security
  • Digital Forensics
  • Ethical Hacking
Supporting courses by the SQA Logo
css badge
html badgee