As computer use becomes more widespread, legislation has been developed to protect individuals and organisations from some of the potential abuses of information technology (IT). The main Acts of Parliament that currently exist relating to IT are:



Data Protection Acts (1984/1998)


Computer Misuse Act (1990)


Copyright, Design & Patents Act (1988)



Defamation Act (1996)


Data Protection Act (1998)


Note that some acts (like the Data Protection Acts) are available in their entirety on-line and others are not. All new legislation will be available in full over the Internet. There are two types of legislation that effect the use of computers:


4    Legislation that was explicitly designed to deal with IT (such as the Computer Misuse Act)

4    Other legislation that has been updated to take into account developments in computing (such as the Copyright Act).



The Computer Misuse Act (1990) was the second piece of legislation that was explicitly introduced to protect the rights of individuals (after the Data Protection Act of 1984). Except this time it was the rights of computer users and computer owners that was being addressed (rather than the rights of data subjects). The Act was introduced in response to the growing problem of computer hacking and the spread of computer viruses.


From 1st September 1990, three new offences were created under the above Act:

1.       Unauthorised access to computer material (basic hacking) including the illicit copying of software held in any computer.

Penalty: Up to six months imprisonment or up to a 5,000 fine.

2.       Unauthorised access with intent to commit or facilitate commission of further offences, which covers more serious cases of hacking.

Penalty: Up to five years of imprisonment and an unlimited fine.

3.       Unauthorised modification of computer material, which includes:

(i)                   Intentional and unauthorised destruction of software or data.

(ii)                 The circulation of "infected" materials on-line.

(iii)                An unauthorised addition of a password to a data file.

Penalty: Up to five years of imprisonment and an unlimited fine.

You must not:

4    display any information which enables others to gain unauthorised access to computer material.

4    display any information that may lead to any unauthorised modification of computer material.

4    display any material which may incite or encourage others to carry out unauthorised access to or modification of computer material.

So the Computer Misuse Act made it illegal to try to access a computer system without permission – even if your sole purpose was the ‘hack’ into the computer and cause no actual harm to the system (first offence). So trying to crack someone’s password (without their permission) is illegal. The second offence under this law increased the penalty if you tried to break into a system with criminal intent. So if you were trying to crack someone’s password with intent to copy his or her data (for example) then you would fall foul of this aspect of the Act. The third offence made it illegal (among other things) to spread a virus, add a password to file or delete files without permission. So watch out the next time you add a password to someone’s screen-saver! In practice, the Act would only be applied to serious cases of computer misuse. But anyone found guilty of accessing a secure computer without permission or deliberately spreading a computer virus would certainly be breaking this law.


Limitations of the Act

Perceived problems include the following.



Short answer questions on the Data Protection Act (1984)



What does ‘hacking’ mean?


What is a computer ‘virus’?


What three new offences did the Computer Misuse Act create?


Why might it be difficult to find evidence to convict someone under this law?


Is it illegal to write down someone’s password and display this on a notice board?