This snapshot taken on 04/03/2010, shows web content selected for preservation by The National Archives. External links, forms and search boxes may not work in archived websites.
We're creating a single website for everything to do with BIS but, while we do that, you'll find information in three places. > Find what you're looking for
Laws surrounding information security are complex. These pages are designed to provide guidance and information; they are not intended to replace legal advice.
It is important to remember that information security operates within a legal framework - most obviously the Data Protection Act 1998 and the Computer Misuse Act 1990. Very little legislation exists specifically for information technology; what there is relates to:
Other issues that could affect you and your organisation include copyright, intellectual property rights, defamation, harassment and corporate liability. Technology is advancing all the time which means that legislation can fall behind and become a little ambiguous. If you think you have a genuine legal problem, your best course of action is to seek professional legal help.
Legislation that applies to the electronic monitoring of staff includes:
Additionally, the Office of the Information Commissioner is in the process of drafting guidelines for inappropriate usage, to include advice on the prevention and management of incidents. If you would like to read more about issues surrounding the monitoring of staff, please refer to our HR Monitoring of Staff page.
The Privacy and Electronic Communications (EC Directive) Regulations 2003 came into force on 11 December 2003, replacing the Telecommunications (Data Protection and Privacy) Regulations 1999 and the Telecommunications (Data Protection and Privacy) (Amendment) Regulations 2000.
These regulations cover a number of issues relating to privacy in respect of electronic communications, including topics such as telemarketing and the use of 'cookies'.
Cookies are small files that are placed on a user's system while they are visiting a web site. They normally contain information about the user and a value for identification purposes in the event of the user making subsequent visits to that site.
A typical example is when you access an online shopping web site and it automatically welcomes you with your login name, even though you haven't actually gone through the login process. On a previous visit to the site, a cookie would have been created to identify you when you next accessed the site.
The Privacy and Electronic Communications (EC Directive) Regulations 2003 state that cookies should not be used unless the user is:
The Data Protection Act 1998 also includes rules about the 'processing' of personal information. These are designed to meet current concerns about direct marketing, and to reflect any future trends in marketing technology.
As such, they cover different forms of electronic communication, including the telephone, fax, e-mail, text (SMS) messages, picture and video messages and automated calling systems. For guidelines on practical implementation of the Data Protection Act you may wish to view our Practical Data Protection page.
