Computer Procedure

This page gives an insight into a breadth of Computer Procedure and IT Law from the Computer Misuse Act through to the history of, and advice relating to Viruses. Some information included is tentative however, meant as a guideline only, so please doubly ensure with relevant authority where appropriate.

Computer Misuse Act

Technology is vulnerable to breaches in security which threaten the confidentiality, availability and integrity of the information it manages and can result in financial and economic loss. The Act was introduced to combat this and to include criminal offences such as hacking. Prior to this the only criminal offence being committed by someone who broke into a computer system was that of theft of electricity.

Three new offences were introduced during August 1990 as follows:

1.  Unauthorised access to computer programmes and data.
2.  Unauthorised access, intent to commit or facilitate the commission of further crime.
3.  Unauthorised modification of computer materials e.g. programs and data…

Computer crimes are policed by the Computer Crime Unit (CPU).

Copyright

City & Guilds quote in their 7261 DTPII handbook (issue 2.0): "The exclusive right to, and control of, the reproduction, sales, copy or distribution of creative works of art, music, literature or coded programs for computing."

For those of you who might like a little more information, I endeavour to expand a little and the following may be of some help. However, please remember that copyright is a complex subject and grey area should be clarified with proper authority where necessary.

Copyright remains with the author and need not be illustrated. For example, you may find that some documentation may not appear restricted by copyright; however permission to reproduce material may all the same be appropriate.

Educational authorities will perhaps have a licence to reproduce a small percentage of literature, 5% perhaps.

Those that have purchased published material will be permitted to copy pages providing it is specifically for their own use.

Graphics displayed on web sites can more often be copied (saved), however permission may be required and/or conditions will apply. Images classed as Royalty Free, for example, may only be used freely during a period of development and therefore conditions will perhaps include that the artwork must be purchased if used/published to the Internet; or used for business purposes.

Copyright is clearly breached when financial gain is made from the work of others without given permission. It may be an idea to contact the source of such material to clarify where licence might be needed for any given purpose.

Reference to the Copyright, Designs and Patents Act 1988 may also be appropriate. HMSO publications are available from HMSO Publication Centre, PO Box 276, London SW8 5DT. Internet: www.opsi.gov.uk.

To qualify for copyright protection, criteria specific to nationality or UK citizenship may apply.

See also: Software

Data Protection Act 1984/1998

European amendment to the Data Protection Act – the Data Protection Act 1998, is not covered here. For a broader understanding, you are encouraged to visit www.dataprotection.gov.uk.

To establish whether you, as an organisation perhaps, need to register, you will find an on-line data protection register at www.dpr.gov.uk. All criteria regarding legislative matters should be carefully studied. Information below is intended as a guide only.

Home users may not be affected by this legislation nonetheless may need to be aware should it affect them outside of the home.

The Data Protection Act applies to all those who control automatically processed data – anyone who holds information about a person or persons – specifically applying to information that refers to a living individual who can be identified from that information; to protect them from having such information used detrimentally.

Data covered by the Act must be registered with the Data Protection Registrar and comply with the Data Protection principles – personal data must be:

1.  Obtained and processed fairly and lawfully.
2.  Held only for lawful purposes described in the register entry.
3.  Used only for those purposes and disclosed to those people described in the entry.
4.  Adequate, relevant and not excessive to the purpose for which they are held.
5.  Accurate and, where necessary, kept up-to-date.
6.  Held no longer than is necessary for the registered purpose.
7.  Accessible to those whose names are held, corrected or deleted.
8.  Surrounded by proper security.

It is a breach of the Data Protection Act if the user or company is negligent in its keeping of data covered by the Act. Exceptions might be, for example, where data refers to Management of personal, family, household affairs or recreational purposes. Also data held by security services. Some information relating to payroll is also exempt, however, data falling outside of specific categories is not, and the Act should be referred to more specifically for some clarification.

Data Security

Poor handling of magnetic media can result in data loss. Viruses can lead to data corruption and damage. For those still using Floppy disks – they are not very durable and are easily damaged. Data security might also include copyright issues, particularly where copyright protection is a factor.

Special care needs to be taken when handling disks.

Taking care of removable media

Write to the label before it is stuck to the disk.
Avoid touching the disk surface.
Protect disks from liquids.
Keep disks away from magnetic materials.
Guard disks from extreme hot / cold temperatures and direct sunlight.
Store floppies and CD's in their boxes and protective sleeves.

Alternative option to floppy disk backup

Zip drives, CD/DVD Rewriters and tapes are commonly used for data backup… a first level of backup however might be to a partition on your hard drive – one can fit a removable rack or use an external (removable) device, USB, hard-drive, where data needs to be safeguarded against fire or theft for example.

A removable rack or hard-drive caddy would perhaps accommodate a redundant hard disk if a new one were to be fitted, and this in turn can be stored in a separate building, a safe, or taken home if you need to catch up with your accounts. First generation 'Dual Layer' DVD Rewriters will accommodate media with an 8.4Gb capacity, more recently up to 50Gb and multiple layer Blu ray ten times greater!

Some organisations, such as Seagate for example, also offer external data services facilitating back-up and external data management for clients.

Disability Discrimination Act 1995

For a simple explanation of the rights and duties which the DDA 1995 introduced, select the following link for an overview (Disability Discrimination Act 1995).

Environment

Environmental issues facing UK and European organisations: • Computers contain materials which when disposed of, are hazardous to human health and the environment: • Monitors contain over 1.5Kg of lead in cathode ray tubes • Mercury is used in switches • Cadmium is used in cathode ray tubes, plastics and circuit boards.

The EC acted by putting together the Waste Electronic and Electrical Equipment Directive (WEEED), initially intended to be law in the UK and across the EC 13 August 2004, finally introduced on 2 January 2007. The directive aims to reduce the waste arising from electrical and electronic equipment, and to improve the environmental performance of those involved in the lifecycle of electrical and electronic equipment. The directive states that, for computers that are redundant and have no further use, 65% by weight must be recycled.

Landfill Regulations 2002
The Landfill (England and Wales) Regulations 2002 came into force on 15 June 2002. The aim of the regulation is to prevent, or reduce as far as is possible, the negative environmental effects of landfill. The Directive requires that hazardous wastes, including liquids and cathode ray tubes are pre-treated prior to landfill in special sites.

Environmental Protection Act 1990
Organisations also have a duty of care to ensure that waste materials are only consigned to registered carriers and properly stored and disposed of at appropriately licensed facilities. Directors, Managers and other employees who deal with environmental waste matters can all be held liable and face fines and imprisonment if laws are broken.

Useful: Advice and guidance on disposal of IT.

Fire

Reference to relevant authorities for up-to-date advice is appropriate, you might otherwise consider the criteria included here as a guide only.

Ensure that there are sufficient and appropriate exits, also that they are appropriately signed and posted, that they remain clear and that staff are made aware where these are.

Test fire detector devices annually and record this.

Do not obstruct fire extinguishers. Ensure staff are made aware where they are located and that they know how to use them. Maintain a record or inspection of fire extinguishers.

Define an assembly point and ensure all staff are made aware where this is and what is expected of them.

Hold fire drills and display instructions on the walls.

In the event of a fire raise the alarm and/or notify a senior member of staff.

Do not attempt to tackle a fire unless it is absolutely safe to do so.

Evacuate the building.

Leave in an orderly manner.

Do not take fire extinguishers with you unless essential to do so – in case needed.
Do not attempt to collect or return for belongings.
Do not re-enter the building until an all clear is given.

Locate the nearest telephone and call the emergency services on 999 stating clearly the name and address of your building.

Forensic Computing Unit

The National Health Service (NHS) Counter Fraud & Security Management Service (CFSMS) Forensic Computing Unit (See: Glossary FCU).

Health & Safety

The Health & Safety at Work (HASAW) Act 1974 states that both employer and employee must accept responsibility for health & safety in the work place.

Consider the following:

• Company Induction Procedure.
  • Health & Safety.
  • Personal Protective Equipment (PPE).
  • Emergency.
    • First Aid.
    • Facilities and Reporting of Accident Procedure.
  • Housekeeping.
  • Security.
• Company Policy Statement/ Safety Rules.
  • Point of Contact/ Safety Officer.
• Fire Precautions.
  • Alarm and Escape Procedure.
  • No Smoking Policy (Law as of 31 July 2007).
• Security.
  • Visitors Book.
  • Guidelines for Contractors.

Health & Safety (Display Screen Equipment) Regulations 1992.

Main criteria

• Individuals using display screen equipment identified and recorded.
• Workstations and local environment reviewed annually and where there is significant change.
• Appropriate training in place encompassing correctly setting up and maintaining workstations, emphasising users' obligation to participate in company training.
• Obligation to report defects in environment, equipment or personal health, which may affect their ability to work safely and in comfort.
• Users offered regular eye tests in compliance with the Health & Safety (Display Screen Equipment) Regulations 1992.
• Short breaks from the computer screen to be taken if used continually for an hour. Breaks taken should comprise any alternative work (administration etc.).

Management of Health & Safety at Work Regulations 1992

A statutory requirement exists under the Management of Health & Safety at Work Regulations 1992 for all work activities where employees may be potentially exposed to hazards to be assessed as to the degree of risk, and subsequently controlled.

Risk assessment will be carried out under the responsibility of the designated person together with any actions required to attain or maintain control. The assessments will be received on a regular basis and kept up to date.

All relevant employees will be trained regarding the hazards and precautions identified to minimise the risks presented.

Notes here are meant as a guide only and the above Act should be referred to more specifically.

OTHER IMPORTANT ISSUES

Repetitive Strain Injury (RSI (Tenosynovitis)) may not be as common as thought, nonetheless extreme or excessive use of a keyboard over any given period should be avoided paying attention to the following:

Seating – Appropriate seating… perhaps a secretary chair with a straight back would be suitable, sitting comfortably with a relaxed posture.

Keyboard – Posture forearms level, or sloping slightly downward.

Monitor – As for keyboard posture, your screen should be level, or you will perhaps be looking slightly downward approximately an arm length from the display. Screen flicker should be brought to the attention of a line manager or appropriate body such as the IT department. Up to date and regular eye tests may also be appropriate and companies will perhaps have policy in place to finance this… see extracts from Health & Safety Legislation (Display Screen Equipment) included above.

Lighting – Adequate lighting and blinds to protect from screen glare.

Ventilation – Air circulation is both important for individual comfort and for maintaining system temperature.

Software

Software is covered by the laws of copyright and using software outside the terms of its licence can constitute either a civil and/or a criminal breach of copyright law. The Digital Crime Unit was established in 1989 in response to increasing levels of software piracy in the United Kingdom. Its primary goal is to investigate breaches of criminal law in regard to copyright and trade mark infringement. If you have any information you consider appropriate for these pages, please email.

System Security

System security may need to be tailored to any given organisation, nonetheless new and/or small organisations might consider the following:

1.  Alarms.
2.  Password protection.
3.  Screen savers.
4.  Site security.
5.  Training.

Telecommunications Act

The act includes 'that an offence is committed by any person who dishonestly obtains a service provided by means of a telecommunications system with the intention of avoiding payment'.

Viruses

A virus is a self-replicating 'malicious' program… A term often used, misused to describe all types of threats, but nonetheless requires interaction from (is triggered by) the user, transferring itself into a systems memory, onto the hard-drive or disk.

The first virus is understood to have come from Lahore in 1987, transferring to the University of Pennsylvania. It was by all accounts relatively harmless, all the same would write itself to floppy disk overwriting data if a disk were full, rapidly spreading through the network, subsequently destroying a number of thesis…

…A separate report suggests however that the first virus may have been a program named 'Rother J', a computer virus evidently first sighted outside the single computer or lab where it was created. Thought created in 1981 by Richard Skrenta, it attached itself to the Apple DOS 3.3 operating system and spread via floppy disk – There perhaps needs to be distinction drawn between the Apple, Commodore, and the PC.

As we now know this was only the beginning, and virus writers continue to develop malicious programs that are a threat – The email of the species is more deadly than the mail. The World Wide Web has become as much of a risk and although advantages will clearly out-way any disadvantages, broadband connections are, by their very nature, more open to attack making the need for Internet Security a pre-requisite. More and more broadband service providers now also include security as part of their package deal.

Nonetheless electronic mail (email) can include attachments containing a virus which when opened might forward itself to all those in the contact list (address book). WORMs (Write Once Read Many) can potentially spread slowing the main servers that provide your service. Trojans (not needing any interaction from the user) are structured to exploit flaws within your PC software contributing to poor system stability, computer failure, the up-streaming/ conceivable theft of confidential data.

It may be helpful to learn some basics. One option might be to sign up with a local news service advising of any likely infection. Learn more about Virus Alerts at Virus Bulletin: www.virusbtn.com.

Take care not to transfer suspect files on disk other than to an environment protected with Internet Security software such as Norton's. One may all the same need to be aware that updates are required to safeguard against recent strains, conceivably also making certain that policy is in place to protect data in a multi-user environment.

An update to Anti-virus/Internet Security software to take account of the most recent software updates and variants may be referred to as a patch, are generally available free for a specified period to anyone who has registered a copy. Such updates can be downloaded from the Software Company's web site. Norton's provide both a free Security and Anti-virus check on-line in addition to a facility allowing you to pass viruses to them for analysis. Their address is: www.symantec.com.

Wi-Fi

While there may be some grey area in law regarding unsecured networks, there is also a clear distinction between free access in McDonalds and logging onto your neighbour's wireless network for some free surfing without their express permission.

Dishonestly using an electronics communications service with the intent to avoid paying is breaking the law - and it is a matter that the police are taking increasingly more seriously. Moreover, it is likely your door that the authorities will knock on if someone is downloading material, on your service, that they perhaps shouldn't be!

Top