%20(4).jpeg "Laws Regulating Computing and The Use of Internet and Digital Tools")
Laws Regulating Computing and The Use of Internet and Digital Tools
The following are some of the acts that relate to computing and regulate the use of internet and digital tools:
i. Computer Misuse Act ii. Data Protection Act iii. Patent Act iv. Health Safety Act
1. Computer Misuse Act
The Computer Misuse Act is a law that was enacted to deal with unauthorized computer access such as hacking. This act has been the chief means of regulating the unauthorized access to computer material generally.
The Act has been criminalizes several acts, including accessing data without authorization (i.e. hacking) and installing malware (e.g. computer viruses, spyware, or ransomware) on a person's computer.
In relation to computing and to prevent the aforementioned unethical acts in relation to the operation of computers, The Computer Misuse Act 1990 that was enacted by the UK parliament created three distinct criminal offenses.
They are:
1. Unauthorized access to computers, including the illicit copying of software held in any computer. This carries a penalty of up to six months’ imprisonment or up to a £5000 fine and will be dealt with by a magistrate. This covers hobby hacking and, potentially, penetration testing.
2.Unauthorized access with intent to commit or facilitate commission of further offenses (such as fraud or theft), which covers more serious cases of hacking with a criminal intent. This has a penalty of up to five years’ imprisonment and an unlimited fine.
3. Unauthorized modification of computer material, which includes the intentional and unauthorized destruction of software or data; the circulation of “infected” materials online (“viruses”); and the unauthorized addition of a password to a data file (“crypto viruses”). This offense also carries a penalty of up to five years’ imprisonment and an unlimited fine.
Prior to the Act coming into effect, hacking as a crime was difficult to categorise and difficult to prove with traditional criminal law not sufficiently able to cover the offenses. The emergence of the act among many other things has ensure and promote ethical use of computers among users and privacy among users.
Even with the Act, some ambiguity remains however. Despite intentionally ‘loose’ terminology around what constituents a ‘Computer’ and ‘Data’ for example, hacking and other cyber offenses are still tough to prosecute- particularly considering the quickly evolving landscape of cyber threats.
2. Data Protection Act
The importance of personal data to individuals, organizations and corporate entities in today's world cannot be over-emphasised. This has necessitated the need for global data privacy and protection legislation to regulate the use and processing of data. For instance, The Nigeria Data Protection Regulation (NDPR) in January 2019 to regulate the handling and processing of personal data as well as impose penalties for breach of its provisions.
The Data Protection Act is meant to regulated the use and protection of personal data of users of computers or ICT, and outlined the responsibilities a business had to protect that data. This also included expressions of opinion about that person and any intention the data controller or another individual may have in regards to them.
It also affords a computer user more control over digital marketing communications they receive, meaning they must opt-in to receive emails, SMS text messages etc from an organization if they've never had contact with it before.
In essence, personal data is defined as information related to an individual that can be used either in isolation or in tandem with other data sources, to reveal that individual's identity. If there is such pre-existing data held by a data controller, then personal data also encompasses information that may come under this entity's possession.
It is important to state that personal data handling is governed by a number of principles without which personal data cannot be said to have been lawfully processed.
These principles are: a) Lawfulness, fairness and transparency b) Purpose Limitation c) Data minimization d) Accuracy e) Storage Limitation f) Integrity and Confidentiality g) Accountability
a) Lawfulness, fairness and transparency: By this principle, personal data must be processed legally, fairly and transparently. This underlines that every processing activity must always accord with extant laws. This principle has three sides to wit: lawfulness; fairness, and transparency, which will be discussed briefly below:
b) Lawfulness: This is to the effect that personal data processing by controllers and processors must conform with applicable laws and must not be in violation of such laws. Also, such processing must identify and align with one of the legal bases for processing personal data.
c) Fairness: This requires data controllers to process personal data in a way as to gain the trust of the data subject. It relates to the ability of the controller to strike a balance between its own interest and that of the data subject in ways that guarantee the data subject's trust and does not infringe on his fundamental right and freedom.
d) Transparency: This principle stands for openness. That is to say, data subjects must be well informed about the kind of data collected about them by a controller, the mode of collection, the use to which such data is put, the likelihood of transfer to third parties, steps to be taken in the event of a breach, etc. A major way of ensuring transparency in practice is through privacy notices. Also, allowing data subjects to know and access the data collected about them is one of the core tenets of the transparency principle.
e) Purpose Limitation: This is to the effect that data controllers are to ensure that personal data processing is limited to the purpose of collection and/or processing. In other words, controllers must not process data for purposes other than for which such data was obtained from the data subject.
f) Data minimization: This principle is to the effect that the data collected by a controller must be minimized for the purpose of collection. In other words, a controller is obliged to limit the amount of data collected from the subject to the minimum amount required for collection.
g) Accuracy: This principle underlines the need for controllers to obtain and only process correct and accurate data about the data subject. Under this principle, not only are data controllers updated to keep correct information about data subjects, they must update the data in their care where there is a change in the status of the data subject. For example, when ABC, a spinster, joins a law firm and gets married 6 months into her employment, it behoves the data controller (the employer) to ensure her name is correctly processed as ABC and updated to Mrs to reflect the change in her marital status.
h) Storage Limitation: By storage limitation, personal data must not be stored for longer than is necessary for the purpose of collection. In other words, personal data must be discarded with once it has outlived its purpose. However, it is pertinent to point out that this may be subject to the dictates of different data retention laws for the controllers to comply with. In the absence of data retention legislation, controllers should specify a reasonable retention period in their privacy notices so as to prevent unnecessary handling of personal data after processing has been extinguished.
I) Integrity and Confidentiality: This principle is to the effect that data controllers must adopt measures that facilitate the protection and unauthorized disclosure of personal data in their care. This could include developing measures to prevent systems from hackers, setting up firewalls, storing data securely with access to specifically authorized individuals, employing data encryption technologies, developing organizational policy for handling Personal Data, ensuring capacity building for staff, etc.
j) Accountability: By this principle, data controllers entrusted with a data subject's personal data are obligated to show accountability for any acts and omissions in respect of data processing and in accordance with the principles contained in the NDPR. This principle imposes a sense of responsibility on the data controller, who must process data in such ways as to gain the data subject's trust, give periodic audits or accounts of processing activities to supervisory authorities, and ensure compliance with extant laws.
Thus, in relation to computing, The new Data Protection Act, has been able to account for the value of people's personal data today, offering people stronger rights over what others can do with their data, and requiring companies to gain people's consent to use their information.
3.The Patent Act
The patent act provides protection for inventors and companies for their novel and non-obvious inventions related to the use of computers. This includes software, hardware, and business methods that involve the use of computers. A patent granted by the patent office gives the holder the exclusive right to prevent others from making, using, selling, and importing the patented invention for a certain period of time, usually 20 years from the date of filing.
In order to be granted a patent, an invention must meet certain criteria such as novelty, non-obviousness, and usefulness. The patent application process begins by filing a patent application with the appropriate patent office, such as the United States Patent and Trademark Office (USPTO) or the European Patent Office (EPO). The application must include a detailed description of the invention and a drawing if necessary.
Obtaining a patent for a computing invention can be a complex and expensive process, and it may require the help of a patent attorney. It's worth noting that not all types of computer-related inventions are eligible for patent protection. For example, abstract ideas, mathematical formulas, and laws of nature are not considered patentable subject matter.
It's also worth noting that while a patent can provide exclusive rights to prevent others from using an invention, it also requires that the invention be made public, so that others can improve upon it and build new technologies on top of it.
4. The Health And Safety Act
The Health and Safety Act is a legislation that regulates the safety and health of workers in the country. The act applies to all workplaces, and it requires employers to provide a safe and healthy working environment for their employees.
In relation to computing, the act may apply to the use of computer equipment and technology in the workplace. Employers are required to provide a safe and healthy work environment, and this includes the proper setup and maintenance of computer equipment. This includes providing ergonomic equipment and furniture, such as adjustable chairs and desks, to reduce the risk of musculoskeletal disorders associated with prolonged computer use. Employers are also required to provide regular eye checkups for employee that works on computer for long hours.
Additionally, employers are required to provide training and information to employees on the safe use of computer equipment and the potential hazards associated with prolonged computer use. Employers also have an obligation to conduct regular risk assessments to identify and address any potential hazards associated with computer use in the workplace.
