Jisc Legal : Computer Misuse

Site Map
Privacy Statement
Copyright Policy
Accessibility
Feedback

COOKIES: This site uses Google Analytics Cookies for performance monitoring only. By using our website you agree that we can place these cookies on your device.

Legal Guidance for ICT Use in Education, Research and External Engagement

Home
My Role
Legal Areas
Themes
Contact Us
- Enquiry Form
About Us
Training
- JISC Legal Plus

Content

Legal Areas

Computer Misuse

Computer Misuse and Cybercrime

email message

FE and HE institutions are subject to potential computer crime. JISC legal aim to provide you with guidance on your responsibilities in this area relating to the Computer Misuse Act 1990, and include publications on such crimes as hacking, fraud and theft, copyright abuse, obscene content (including child pornography) and harassment. Corrupting data, violating privacy and disrupting the work of others will, at the very least, affect individuals in an adverse manner and could seriously affect the running of an institution. Useful links and FAQs are also available below to further assist you in this field.

Resources

JISC Legal Overviews
Guidance
FAQs
Law Watch
Links

Cybercrime Essentials (1 February 2007)

The prevalence of computer related crime means that FE and HE institutions are affected in many of the same ways as other businesses, organisations and individuals.

Cybercrime Overview (1 February 2007)

This Cybercrime overview paper explores the main obligations imposed on institutions concerning the provision and use of IT facilities in terms of cybercrime.

3D Digitisation and Intellectual Property Rights (17 January 2013)
This guidance is intended to assist 3D digitisation projects with intellectual property rights issues, including copyright, design rights, moral rights, trade marks and patents.

Mobile Technologies and the Law Overview (19 November 2012)
This paper considers the legal issues likely to arise from the use of mobile devices by colleges and universities. It is relevant for staff with responsibility for planning and managing the introduction and use of mobile technologies in their institution and for lecturers, researchers and support staff using or supporting the use of mobile technologies.

e-Safety Policy Checklist (30 October 2012)
A checklist of questions for institutions to consider when updating or framing an e-safety policy.

Law and ICT for Vulnerable Learners in FE (30 July 2012)
This guidance is intended for staff in UK FE colleges whose provision includes further education or training for vulnerable learners with varying needs including disability issues.

Law, ICT and Independent Specialist Colleges (12 January 2012)
This guidance is intended for staff in independent specialist colleges that provide further education or training for learners with varying learning needs due to disability issues.

Personal Data and Consent Management: A Briefing Paper (16 November 2011)

This guidance is designed to help institutions deal with consent management when sharing personal data across and between institutions and external service providers.

Facing up to Facebook: A Guide for FE and HE (02 August 2011)

In this guide, you’ll find summaries of the key legal considerations of using Facebook in an FE and HE context.

Legal Aspects of the Use of Child Images in OERs (15 March 2011)

This paper considers the legal issues which arise in relation to the taking of or possession of images (still and moving) of children for use in an Open Education Resource.

The Digital Economy Act 2010: Implications for UK Colleges and Universities (23 July 2010)

This guidance document examines the Digital Economy Act 2010 and its implications for universities and colleges in the UK.

JISC Legal Presentation @ RSC NW Annual Event (22 June 2010)
Service Manager Jason Miles-Campbell presented on the Law and e-Assessment.

ARCHIVED: RSC Northern - e-Safety and the Law: How to Safeguard Your Learners - Presentation (23 March 2010)
ARCHIVED
Jackie Milne presented on legal aspects of safeguarding e-safety.

Safeguarding: Meeting your e-Safety Duties Webcast (3 March 2010)This webcast was designed to assist institutions in meeting their legal duties and inspection needs in relation to safeguarding and e-security.

ARCHIVED: RSC West Midlands- e-Safety: My Legal Duty to Young Learners - Presentation (16 December 2009)
ARCHIVED
e-Safety presentation, delivered by Jackie Milne at RSC WM workshop.

Institutional Access to Staff and Student IT Accounts and IT Equipment - Model Policy (2 November 2007)

The purpose of this Model Policy is to outline the circumstances in which it is permissible for an institution to access the IT accounts of staff members or students.

Data Retention Directive Overview (21 June 2007)
This overview paper briefly clarifies the current situation with regard to retention of communications traffic data by certain UK organisations.

Interception and Monitoring Law Webcast (16 May 2007)

Webcast providing practical guidance on legally accessing user email accounts, computer hard drive or network storage.

Cybercrime Essentials (1 February 2007)

The prevalence of computer related crime means that FE and HE institutions are affected in many of the same ways as other businesses, organisations and individuals.

Cybercrime Overview (1 February 2007)

This Cybercrime overview paper explores the main obligations imposed on institutions concerning the provision and use of IT facilities in terms of cybercrime.

Developing and Operating an ePortfolio System - Assessing the Legal Issues (9 July 2006)

Legal issues which may affect the development and use of particular ePortfolio systems.

IT Law for FE and HE Senior Management (1 November 2005)

This paper summarises the legal issues involved in the development and use of information and communication technologies (ICT) in learning and teaching.

Page 1 of 2

First Previous [1] 2 Next Last

If we provide remote access to our CRM from abroad, what are the legal considerations? (14 May 2013)
This question raises an interesting issue regarding ‘access’ overseas and ‘transfer’ overseas but unfortunately the legal position is unclear. Read on to find out more.

What's the legal position of transporting encrypted equipment abroad? (13 May 2013)
The Export Control Organisation (ECO) do have rules on what can and cannot be exported to certain countries. This FAQ explores what they have to say on the question of taking encrypted laptops abroad.

What are the FOI and DP implications of using services like Dropbox or Evernote? (28 January 2013)
Dropbox and Evernote are both cloud computing services, adopting a cloud computing service does not change an institution''s legal duties but requires a reassessment of the risks, and may involve changing the processes which ensure compliance. This FAQ considers the legal issues pertinent to adopting such a service.

What balance should we strike between a strict internet filter and a more lenient policy? (29 October 2012)
The simplest way of addressing this is to remind users that it is the institution's responsibility to comply with the JANET Acceptable Use Policy ... (cont)

Do we need to get parental consent for students (16+) to watch unfiltered content on YouTube? (29 October 2012)
In order to meet the duty of care owed to learners, a college will have to show it has taken adequate precautions to prevent reasonably foreseeable loss or harm occurring.

What is the legal position with regards to digitising our student newspaper, if the content turns out to be libellous? (19 October 2012)
The general rule of UK defamation law is that the publisher of a defamation faces liability and this applies to FE and HE institutions as publishers in the same way as to any other publisher.

Our employed apprentice students require access to MIS information which may be sensitive. Is this allowed? (11 September 2012)
Where a college employs students as apprentices and provides them access to MIS information as part of the responsibilities of their job and this enables them to view the records of other students this would not be a breach of data protection law in itself.

What is the legal position concerning defamatory statements posted on an institution's computer networks? (24 August 2012)
The general rule of UK defamation law is that the publisher of defamation faces liability. This applies to FE and HE institutions in the same way as ... (cont)

Is it Lawful to Monitor Student Computer Screens? (30 July 2012)
Some software permits staff to view from a remote device what students are viewing on their computer screens. What are the legal implications of using such software?

Do the legal risks of using Facebook in education outweigh the benefits? (22 June 2012)
This is a decision for the institution to make. There have certainly been various news articles highlighting privacy and data protection concerns related to Facebook, and similar issues apply to other external social networking sites ... (cont)

What should we do if we come across email communications that clearly break the law? (21 December 2011)
Any monitoring of systems, even if it is minimal, must be done only after consent has been sought from the persons who are subject to monitoring ... (cont)

Further FAQs (31 August 2011)

Some links to further resources.

Where can we get practical, relevant staff development training on ICT and law issues such as copyright, data protection and e-safety? (3 June 2011)
We are pleased to announce the launch of JISC Legal Plus - a new staff development service bringing JISC Legal's expertise to your institution at competitive prices... (cont'd)

An IT manager has informed the Principal that member of staff has been downloading obscene materials onto college computers. What should the Principal do? (28 February 2011)

Clearly the Principal has to be very careful and one of the first difficulties is that someone has to make a decision as to whether the material involved is illegal ... (cont)

An institution has been made aware of terrorist material found on an employees PC. What is the legal position concerning disclosure of such communications data to the police? (8 September 2010)

Under the Regulatory and Investigatory Powers Act 2000 (RIPA) some public authorities (e.g. the police) are empowered to ask a college or university ... (cont)

Defamation Bill Receives Royal Assent

The purpose of the reforms is to ensure that defamation legislation is fit for modern times. The Act aims to strike a balance between the right to freedom of expression and the protection of reputation.

Defamation Bill Set to Bite the Dust?
It is reported that the proposed Defamation Bill is no longer expected to become law.

Report on Draft Communications Data Bill due to be published (5 December 2012)
The Draft Communications Bill currently making its way through the legislative process has implications for the UK academic network.

Websites Forced to Identify Trolls (12 June 2012)
New government proposals, to be added to the Defamation Bill, state that internet 'trolling' victims have a right to know who is behind the malicious comments made about them.

New Plans for Defamation Law and Communications Data (21 May 2012)
Improving the protection of freedom of speech and increasing access to vital communications, including internet use, are proposed in the Queen's speech.

Digital Economy Act's Anti-Piracy Measured Delayed (1 May 2012)
The Digital Economy Act 2010 was given royal assent late on Thursday, 8 April 2010, following the final reading of the Digital Economy Bill in the House of Commons, the previous night.

Personal Opinions Online Subject to the DPA (9 December 2011)
The High Court states that even where private individuals are expressing their own views online the requirements of lawful processing in the DPA can apply.

Defamation - Academics to get Increased Protection (20 October 2011)
Joint Committee report on defamation law recommends new notice and take-down internet procedures as well as increased protection for scientists and academics.

Preece v JD Wetherspoons plc – Employee’s Facebook Comments Constitute Gross Misconduct (18 October 2011)
Recent case law has highlighted the risks of posting inappropriate comments to social networking sites and the importance of institutions having in place a robust internet use policy for both staff and learners, including a policy on the use of social media, to manage such risks.

Website Blocking Plans Dumped (4 August 2011)
Vince Cable has announced that controversial plans to force ISPs to block websites that host copyright infringing material are to be dumped.

New ICO Regulations - Unwanted Emails - Cookies (27 April 2011)
Fines of up to £500,000 for the most serious incidents of sending unwanted emails.

New Law on Cookies Coming into Force (8 March 2011)
New law gives individuals more control over what information organisations can store on their computer.

Proposed New EU Rules to have Child Pornography Online Deleted (16 February 2011)
The EU has taken a step towards common rules for cracking down on those who sexually abuse children and post images of the abuse on the internet.

Defamation Bill 2011 (11 February 2011)
This bill seeks to amend current defamation legislation and is progressing through Parliament. The main focus of the bill is to make sure that defamation legislation is fit for modern times.

EC Consultation on IPR Enforcement- Get Involved (13 January 2011)
The European Commission has announced a consultation on the Commission report on the enforcement of intellectual property rights.

Digital Economy Act Subject to Judicial Review (11 November 2010)
The controversial Digital Economy Act (DEA) is to be reviewed by the High Court and subject to a Parliamentary enquiry

What Constitutes Personal Data? (6 October 2010)
Data protection law needs to provide more clarity on what actually constitutes personal data.

Wanted - Your Views on New Public Sector Equality Duty (20 August 2010)
A consultation by the GEO seeks views on proposals for draft regulations on the new public sector equality duty.

Nowhere to Run - EU Online Copyright Infringement Agreement Being Drawn Up (28 July 2010)
A working party representing 37 EU countries is currently negotiating the Anti-counterfeiting Trade Agreement (ACTA) which intends to tackle online copyright infringements on an international level.

Equality Act Receives Royal Assent (14 April 2010)
On 8 April 2010 the Equality Act received royal assent after completing its parliamentary process.

Watch Out YouTube (5 March 2010)
A surprise amendment forced through for controversial clause 17 of the Digital Economy Bill could lead to entire sites being forced offline if it becomes law.

Swift Action by Website Beats Defamation (29 January 2010)
Removing potentially libellous material posted by website users as soon as possible can protect from liability

Data Breaches - ICO Raises the Stakes (28 January 2010)
Institutions falling to report data breaches can face financial penalties from April 2010

RIPA (Part 2) New Codes of Practice (22 January 2010)
Further to consultation on The Regulation of Investigatory Powers Act 2000, the Home Office has published new Codes of Practice that will come into force on 6 April 2010.

User Friendly Privacy Notices, Please (12 June 2009)
The ICO has published privacy notice codes of practice.

Guide to Social Networking in the Workplace

ACAS guide offers practical tips on the impact of social networking on discipline and grievances, bullying, defamation, data protection and privacy.

JISC Summary of "Resources to help combat cybercrime"

With input from JISC Legal, JISC has put out a summary of "Resources to help combat cybercrime" - helping institutions avoid the consequences of being a victim of computer misuse, or being an inadvertent agent in some else's criminal activity.

JANET Guidelines for Handling Illegal MaterialJanet Guidelines to assist universities and colleges in handling indecent images of children found on their information systems.

EU Report Highlights Pros and Cons of Cloud Computing

The European Network and Information Security Agency (ENISA) has published its report ‘Security and Resilience in Governmental Clouds’ which assesses the operational, legal, and security requirements of cloud computing.

JANET Factsheet: Providing Email Addresses for AlumniThis JANET factsheet on providing email accounts for alumni is intended to assist in considering all the potential issues involved, with JISC Legal contribution from a legal perspective.

Equality Act 2010 - A Summary Guide for Public Sector Organisations

Guidance for public sector organisationsaims to make current equality law more consistent, clearer and easier to follow in order to make society fairer.

South West Grid for Learning Trust - Template Policy and Review
Specific e-safety policy template available and 360 degree self review tool.

Kent Trust Web - Core e-Safety Policy and Audit

e-Safety resources, including a sample audit and core policy.

IWF

The Internet Watch Foundation, established in 1996, aims to minimise the availability of online criminal content.

CEOP and Thinkuknow

The Child Exploitation and Online Protection (CEOP) Centre delivers a multi-agency service dedicated to tackling the exploitation of children.

JANET Guidance on Computer MisuseInformation on and examples of acceptable and unacceptable use of computer systems as well as practical tips on dealing with computer crime.

Electronic Frontier Foundation (EFF) (US)

The EFF is a lobbying organisation which campaigns for consumer rights and monitors cases and legislative changes relevant to the sphere of digital technologies.
http://www.eff.org/.

QuickLinks - Computer Crime

Links to news items about legal and regulatory aspects of the Internet and the information society, particularly those relating to information content as well as technology. http://www.qlinks.net/quicklinks/comcrime.htm.

Life of Crime - British Broadcasting Corporation (UK)

One of a series of exclusive features focusing on different aspects of crime.
http://news.bbc.co.uk/hi/english/static/in_depth/uk/2001/life_of_crime/cybercrime.stm.

Charter for System and Network Administrators - prepared by Andrew Cormack, CSA, at UKERNA (UK)

The Charter is aimed at three user groups and is available here -
http://www.ja.net/development/legal-and-regulatory/regulated-activities/charter-for-system-administrators.html.

Good Practice in Information Security - Factsheets & Checklists (UK)

Factsheets focusing on various aspects of information security, and good practice in information security have been published for the Department of Business, Enterprise and Regulatory Reform. They can be accessed from the BERR web site at:
http://www.berr.gov.uk/sectors/infosec/infosecadvice/resources/checklistshowtoguides/page33298.html.

Data Encryption Overview (UK)

The Parliamentary Office of Science and Technology (POST) produced a briefing document in October 2006 on data encryption. It provides an outline of the various encryption techniques, how they may be applied and some discussion of government initiatives under the Regulation of Investigatory Powers Act to help criminal investigations deal with encrypted data. The document has been published as POSTnote 270 and is available on the Parliament website at: http://www.parliament.uk/documents/post/postpn270.pdf.

Computer Crime Overview (UK)

The Parliamentary Office of Science and Technology (POST) produced a briefing document in October 2006 on computer crime. It provides a general overview, with an indication of the legislation and policy initiatives to combat it. The document has been published as POSTnote 271 and is available on the Parliament website at: http://www.parliament.uk/documents/post/postpn271.pdf.

UCISA Information Security Toolkit (UK)

JISC has worked with UCISA (Universities and Colleges Information Systems Association) to produce an Information Security Toolkit aimed at assisting educational establishments to protect themselves, their staff and students from online threats. The toolkit is available on the UCISA website at http://www.ucisa.ac.uk/ist

Cybercrime Useful Links Cybercrime Useful Links

Computer Misuse Newslinks

The Enterprise and Regulatory Reform Act 2013
The Enterprise and Regulatory Reform Act 2013 (ERRA) received Royal Assent on 25 April 2013.

Defamation Bill Receives Royal Assent

The Bill is now an Act of Parliament. It received Royal Assent on the 25 April 2013.

New Jisc Legal BYOD Toolkit

The toolkit will be useful to those colleges and universities that have not yet set out their approach or offered guidance to their staff and students on BYOD.

New e-Safety infoKit for HE, FE and Skills
This latest infoKit from Jisc infoNet provides guidance on the strategic and operational issues in managing e-Safety in post-16 education.

View all Computer Misuse news

Recent JISC Legal Events

No events listed.

Social Media