JISC Legal : Computer Misuse

The prevalence of computer related crime means that FE and HE institutions are affected in many of the same ways as other businesses, organisations and individuals.

This Cybercrime overview paper explores the main obligations imposed on institutions concerning the provision and use of IT facilities in terms of cybercrime.

This guidance is designed to help institutions deal with consent management when sharing personal data across and between institutions and external service providers.

In this guide, you’ll find summaries of the key legal considerations of using Facebook in an FE and HE context.

This paper considers the legal issues which arise in relation to the taking of or possession of images (still and moving) of children for use in an Open Education Resource. 

This JANET factsheet on providing email accounts for alumni is intended to assist in considering all the potential issues involved, with JISC Legal contribution from a legal perspective.

This guidance document examines the Digital Economy Act 2010 and its implications for universities and colleges in the UK.

Information on and examples of acceptable and unacceptable use of computer systems as well as practical tips on dealing with computer crime.

A checklist of questions for institutions to consider when updating or framing an e-safety policy.

This webcast was designed to assist institutions in meeting their legal duties and inspection needs in relation to safeguarding and e-security.

The purpose of this Model Policy is to outline the circumstances in which it is permissible for an institution to access the IT accounts of staff members or students.

This overview paper briefly clarifies the current situation with regard to retention of communications traffic data by certain UK organisations.

Webcast providing practical guidance on legally accessing user email accounts, computer hard drive or network storage. 

The prevalence of computer related crime means that FE and HE institutions are affected in many of the same ways as other businesses, organisations and individuals.

This Cybercrime overview paper explores the main obligations imposed on institutions concerning the provision and use of IT facilities in terms of cybercrime.

Legal issues which may affect the development and use of particular ePortfolio systems.

This paper summarises the legal issues involved in the development and use of information and communication technologies (ICT) in learning and teaching.

ARCHIVED

This document describes an investigation process, the legal issues to be considered and provides guidance in formulation of an institutions policy in dealing with incidents of computer misuse and their subsequent investigation at institutions.

ARCHIVED

Guidance on potential liability for FE and HE in storing information on networks, best practice and limitation of risk.

Some links to further resources.

We are pleased to announce the launch of JISC Legal Plus - a new staff development service bringing JISC Legal's expertise to your institution at competitive prices...  (cont'd)

This is a decision for the institution to make. There have certainly been various news articles highlighting privacy and data protection concerns related to Facebook, and similar issues apply to other external social networking sites ... (cont)

Clearly the Principal has to be very careful and one of the first difficulties is that someone has to make a decision as to whether the material involved is illegal ... (cont)

 Under the Regulatory and Investigatory Powers Act 2000 (RIPA) some public authorities (e.g. the police) are empowered to ask a college or university ... (cont)

The High Court states that even where private individuals are expressing their own views online the requirements of lawful processing in the DPA can apply.

Vince Cable has announced that controversial plans to force ISPs to block websites that host copyright infringing material are to be dumped. 

Fines of up to £500,000 for the most serious incidents of sending unwanted emails.

New law gives individuals more control over what information organisations can store on their computer.

The EU has taken a step towards common rules for cracking down on those who sexually abuse children and post images of the abuse on the internet.

This bill seeks to amend current defamation legislation and is progressing through Parliament. The main focus of the bill is to make sure that defamation legislation is fit for modern times.

The European Commission has announced a consultation on the Commission report on the enforcement of intellectual property rights.

The controversial Digital Economy Act (DEA) is to be reviewed by the High Court and subject to a Parliamentary enquiry

Data protection law needs to provide more clarity on what actually constitutes personal data.

A consultation by the GEO seeks views on proposals for draft regulations on the new public sector equality duty.

A working party representing 37 EU countries is currently negotiating the Anti-counterfeiting Trade Agreement (ACTA) which intends to tackle online copyright infringements on an international level.

On 8 April 2010 the Equality Act received royal assent after completing its parliamentary process.

The Digital Economy Act 2010 was given royal assent late on Thursday, 8 April 2010, following the final reading of the Digital Economy Bill in the House of Commons, the previous night.

A surprise amendment forced through for controversial clause 17 of the Digital Economy Bill could lead to entire sites being forced offline if it becomes law.

Removing potentially libellous material posted by website users as soon as possible can protect from liability

Institutions falling to report data breaches can face financial penalties from April 2010

Further to consultation on The Regulation of Investigatory Powers Act 2000, the Home Office has published new Codes of Practice that will come into force on 6 April 2010.

The ICO has published privacy notice codes of practice.

ACAS guide offers practical tips on the impact of social networking on discipline and grievances, bullying, defamation, data protection and privacy.

With input from JISC Legal, JISC has put out a summary of "Resources to help combat cybercrime" - helping institutions avoid the consequences of being a victim of computer misuse, or being an inadvertent agent in some else's criminal activity.

Janet Guidelines to assist universities and colleges in handling indecent images of children found on their information systems.

The European Network and Information Security Agency (ENISA) has published its report ‘Security and Resilience in Governmental Clouds’ which assesses the operational, legal, and security requirements of cloud computing.

Guidance for public sector organisationsaims to make current equality law more consistent, clearer and easier to follow in order to make society fairer.

Specific e-safety policy template available.

e-Safety resources, including a sample audit and core policy.

The Internet Watch Foundation, established in 1996, aims to minimise the availability of online criminal content.

The Child Exploitation and Online Protection (CEOP) Centre delivers a multi-agency service dedicated to tackling the exploitation of children.

Information on and examples of acceptable and unacceptable use of computer systems as well as practical tips on dealing with computer crime.

The EFF is a lobbying organisation which campaigns for consumer rights and monitors cases and legislative changes relevant to the sphere of digital technologies.
http://www.eff.org/.

Links to news items about legal and regulatory aspects of the Internet and the information society, particularly those relating to information content as well as technology.  http://www.qlinks.net/quicklinks/comcrime.htm.  

One of a series of exclusive features focusing on different aspects of crime.
http://news.bbc.co.uk/hi/english/static/in_depth/uk/2001/life_of_crime/cybercrime.stm.

The Charter is aimed at three user groups and is available here -
http://www.ja.net/development/legal-and-regulatory/regulated-activities/charter-for-system-administrators.html.

Factsheets focusing on various aspects of information security, and good practice in information security have been published for the Department of Business, Enterprise and Regulatory Reform. They can be accessed from the BERR web site at:
http://www.berr.gov.uk/sectors/infosec/infosecadvice/resources/checklistshowtoguides/page33298.html.

The Parliamentary Office of Science and Technology (POST) produced a briefing document in October 2006 on data encryption. It provides an outline of the various encryption techniques, how they may be applied and some discussion of government initiatives under the Regulation of Investigatory Powers Act to help criminal investigations deal with encrypted data. The document has been published as POSTnote 270 and is available on the Parliament website at: http://www.parliament.uk/documents/post/postpn270.pdf.

The Parliamentary Office of Science and Technology (POST) produced a briefing document in October 2006 on computer crime. It provides a general overview, with an indication of the legislation and policy initiatives to combat it. The document has been published as POSTnote 271 and is available on the Parliament website at: http://www.parliament.uk/documents/post/postpn271.pdf.

JISC has worked with UCISA (Universities and Colleges Information Systems Association) to produce an Information Security Toolkit aimed at assisting educational establishments to protect themselves, their staff and students from online threats. The toolkit is available on the UCISA website at http://www.ucisa.ac.uk/ist

Cybercrime Useful Links