Show Menu

Legal Aspects of Information Technology (L6) Cheat Sheet by

Certain technologies driven by computers and the internet (such as social media tools, digital marketing and cloud computing etc.) are the new strategic priorities of business, according to McKinsey’s first annual survey on the topic in April 2012. Anyone wishing to work effectively with new digital business techniques/social media will need a practical understanding of the issues and protections provided by information technology law (“IT Law”).

Criminal Law

• Criminal Law is Undertaken on behalf of the State
• The parties are described as Plaint­iff­(s)­/De­fen­dant(s)
• The Defendant does not have to prove Innocence
• The Plaintiff (who acts on behalf of society) must prove Guilt beyond all reasonable doubt

The Equality Act (2010)

The Equality Act 2010 legally protects people from discri­min­ation in the workplace and in wider society. It replaced previous anti-d­isc­rim­ination laws with a single Act, making the law easier to understand and streng­thening protection in some situat­ions.

Civil Law

• Civil Law is between Individual Parties
• The parties are described as Plaintiff (s), or commonly
Claimant, and Defendant (s)
• The Claimant will bring a case against the Defendant

English Legal System

Civil Law
Criminal Law
Law Set by legisl­ation - form of public law
Non Criminal Disputes between parties - Form of private law
Passed by Government and enforced by State
Brought by state
Brought by Claimant
Regulates Society
Claimant Seeks remedy
Burden of proof - guilt must be proven beyond reasonable doubt
The outcome is usually in the form of financial compen­sation

The Computer Misuse Act 1990

The Computer Misuse Act protects personal data held by organi­sations from unauth­orised access and modifi­cat­ion).

The act makes the following illegal:
1.Unau­tho­rised access to computer material. This refers to entering a computer system without permission (hacking)
2.Unau­tho­rised access to computer materials with intent to commit a further crime. This refers to entering a computer system to steal data or destroy a device or network (such as planting a virus)
3.Unau­tho­rised modifi­cation of data. This refers to modifying or deleting data, and also covers the introd­uction of malware or spyware onto a computer (elect­ronic vandalism and theft of inform­ation)
4.Making, supplying or obtaining anything which can be used in computer misuse offences

These four clauses cover a range of offences including hacking, computer fraud, blackmail and viruses.

Failure to comply with the Computer Misuse Act can lead to fines and potent­ially impris­onment.


Unauth­orised access to computer material
Up to 6 months in prison and/or a £5,000 fine
Unauth­orised access to computer materials with intent to commit a further crime
Up to 5-year prison sentence and/or unlimited fine
Unauth­orised modifi­cation of data
Up to a 5-year prison sentence and/or an unlimited fine
Making, supplying or obtaining anything which can be used in a computer misuse offences
Up to a 10-year prison sentence and/or an unlimited fine

Privacy Termin­ology


The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional inform­ation, provided that such additional inform­ation is kept separately and is subject to technical and organi­sat­ional measures to ensure that the personal data are not attributed to an identified or identi­fiable person. Pseudo­nymised data is therefore re-ide­nti­fiable and falls within the definition of personal data.


Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a person, in particular to analyse or predict aspects concerning their perfor­mance at work or studies, economic situation, health, personal prefer­ences, interests, reliab­ility, behaviour, location or movements.

Restri­ction of processing

The marking of stored personal data with the aim of limiting their processing in the future.

Records of Processing Activities

Detailed records of the personal data processing activities that a Data Controller or Processor is required to maintain and make available under the GDPR.

Superv­isory authority

An indepe­ndent public authority establ­ished by the UK or another state to regulate compliance with data protection law by Data Contro­llers and Processors and take enforc­ement action in the case of non-co­mpl­iance. In the UK the superv­isory authority is the Inform­ation Commis­sio­ner’s Office (ICO).

The Defamation Act 1996

The Defamation Act 1996 was created with the purpose of protecting indivi­duals or organi­sations from slander and libel. Defamation occurs when untrue, damaging inform­ation about someone is published to a third party. If the Act is violated, the courts may decide that the guilty party has to compensate the person who was defamed.

The commun­ica­tions act 2003

Commun­ica­tions Act 2003 Section 127(1) covers offensive and threat­ening messages sent over a "­pub­lic­" electronic commun­ica­tions network. Since 2010 it has increa­singly been used to arrest and prosecute indivi­duals for messages posted to sites such as Twitter and Facebook. Section 127(2) covers causing annoyance by sending messages known to be false, which is one of the laws that hoax-999 callers can be prosecuted under.

The Commun­ica­tions Act 2003 Examples

A workplace discusson is undertaken in a public offiece space between collea­gues. The conver­sation is about a mutual aquani­tance and body image. The conver­sation is overheard by another colleageu who shares the content on a social media site, naming all three people
An individual takes a consensual naked photo of a partner using a mobile phone, which immedi­ately stores to a user's account. The individual then uses social media to distribute the image to a friend without gaining consent

The invest­igatory powers act (2016)

A Bill to make provision about the interc­eption of commun­ica­tions, equipment interf­erence and the acquis­ition and retention of commun­ica­tions data, bulk personal datasets and other inform­ation; to make provision about the treatment of material held as a result of such interc­eption, equipment interf­erence or acquis­ition or retention; to establish the Invest­igatory Powers Commis­sioner and other Judicial Commis­sioners and make provision about them and other oversight arrang­ements; to make further provision about invest­igatory powers and national security; to amend sections 3 and 5 of the Intell­igence Services Act 1994; and for connected purposes.

The Human Rights Act 1998

The Human Rights Act 1998 sets out the fundam­ental rights and freedoms that everyone in the UK is entitled to. It incorp­orates the rights set out in the European Convention on Human Rights (ECHR) into domestic British law. The Human Rights Act came into force in the UK in October 2000.

The Act has three main effects:

1. You can seek justice in a British court

It incorp­orates the rights set out in the European Convention on Human Rights (ECHR) into domestic British law. This means that if your human rights have been breached, you can take your case to a British court rather than having to seek justice from the European Court of Human Rights in Strasb­ourg, France.

2. Public bodies must respect your rights

It requires all public bodies (like courts, police, local author­ities, hospitals and publicly funded schools) and other bodies carrying out public functions to respect and protect your human rights.

3. New laws are compatible with Convention rights

In practice it means that Parliament will nearly always make sure that new laws are compatible with the rights set out in the European Convention on Human Rights (although ultimately Parliament is sovereign and can pass laws which are incomp­ati­ble). The courts will also, where possible, interpret laws in a way which is compatible with Convention rights.

The Copyright Designs and Patents Act (1988)

The Copyright Designs and Patents Act (1988) gives creators of digital media the rights to control how their work is used and distri­buted. Music, books, videos, games and software can all be covered by copyright law.

Anything which you design or code is automa­tically copyri­ghted and may not be copied without your permis­sion, as the digital creator.

- When you buy software, for example, copyright law forbids you from: Giving a copy to a friend
- Making a copy and then selling it
-Using the software on a network (unless the licence you signed allows it. For example, you may be allowed to install an app on 3 devices within a family)
-Renting the software without the permission of the copyright holder

The Intell­ectual Property Act (2014)

Intell­ectual property (IP) refers to the ownership of an idea or design by the person who came up with it. It is a term used in property law. It gives a person certain exclusive rights to a distinct type of creative design, meaning that nobody else can copy or reuse that creation without the owner's permis­sion.

The Data Protection Act (1998)

The fundam­ental principles of DPA 1998 specify that personal data must:
•be processed fairly and lawfully.
•be obtained only for lawful purposes and not processed in any manner incomp­atible with those purposes.
•be adequate, relevant and not excessive.
•be accurate and current.
•not be retained for longer than necessary.
•be processed in accordance with the rights and freedoms of data subjects.
•be protected against unauth­orized or unlawful processing and against accidental loss, destru­ction or damage.
•not be transf­erred to a country or territory outside the European Economic Area unless that country or territory protects the rights and freedoms of the data subjects.

Types of Data

Personal Data - This is Data that can identify you, either as a single element of data or as part of a dataset. Fully anonymised or data relating to a deceased person is not subject to GDPR.

Sensitive Data - This is data that if breached, could create a more signif­icant risk to the indivi­dual, therefore it has more protec­tion, includes most of the 'protected charac­ter­ist­ics', biometric and genetic data.

Criminal Data - This is criminal conviction and offences data and cannot be held or processed without legal or official authority.

The Freedom of Inform­ation Act (2000)

The Freedom of Inform­ation Act 2000 provides public access to inform­ation held by public author­ities.

It does this in two ways:
•public author­ities are obliged to publish certain inform­ation about their activi­ties; and
•members of the public are entitled to request inform­ation from public author­ities.

The Act covers any recorded inform­ation that is held by a public authority in England, Wales and Northern Ireland, and by UK-wide public author­ities based in Scotland. Inform­ation held by Scottish public author­ities is covered by Scotland’s own Freedom of Inform­ation (Scotland) Act 2002.

Public author­ities include government depart­ments, local author­ities, the NHS, state schools and police forces. However, the Act does not necess­arily cover every organi­sation that receives public money. For example, it does not cover some charities that receive grants and certain private sector organi­sations that perform public functions.


No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.

          Related Cheat Sheets

          Coffee Drinks and Machines Cheat Sheet
          ASA Cheat Sheet