Data Protection Legislation and Copyright Issues

The data legislation is being improved with the time and may include many more laws for the protection of data in future but the underlying basic principle (legislation) are same for all new laws.


The data protection legislation defines the laws that ensure data protection. Many countries have defined the data protection legislation and in some advanced western countries; this law is enforced properly as well. The data protection legislation of different countries is based on same basic principles. In this section, we will discuss these basic principles so that you can get some idea of why data protection act is needed. The detailed Data Protection Acts will not be given here as it is beyond the scope of this course.

The principles of Data Protection Acts are as follows:

  • The purpose of keeping and distrusting personal data must be clearly defined by organization obtaining that data.
  • The individual about whom data is kept, must be informed about the identity of the organization / individual. The processing is necessary to fulfill of the contract between two parties. The processing is required by law or is necessary to carry out interest of the individual.

Important Privacy Acts

The 1980 Privacy Protection Act, which prohibits agents of federal government from making unannounced, searches of press office if no one there is suspected of a crime.

The 1984 Cable Communication Policy Act, which restricts cable companies in the collection and sharing of information about their customers. It was the first piece of legislation to regulate the use of information, which is processed on computer. The “Data Protection Act 1984” is intended to protect the individual from unauthorized use and disclosure of personal information held on a computer system. It consists of the following eight principles:

  • The information to be contained in personal data shall be obtained and the data shall be processed, fairly and lawfully.
  • Personal data shall be held only for one or more specified and lawful purposes.
  • Personal data held for any purpose shall not be used or disclosed in any manner incompatible with that purpose or those purposes.
  • Personal data held for any purpose shall be adequate, relevant and not excessive in relation to that purpose or those purpose.
  • Personal data shall be accurate and, where necessary, kept up to date.
  • Personal data held for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
  • An individual shall be entitled, at reasonable intervals and without undue delay or expense, to be informed by any data user whether he holds personal data of which that individual is the subject, to have access to any such data, and where appropriate, to have such data corrected or erased.
  • Appropriate security measures shall be taken against unauthorized access to, or alteration, disclosure, accidental loss, or destruction of personal data.

The 1987 Computer Security Act, which makes actions that affect the computer security files and telecommunication illegal.

The 1988 Video Privacy Protection Act 1988, which prevents retailers form disclosing a person’s video rental records without a court order; privacy supporters want the same rule for medical and insurance files. Another step in that direction is the Computer Matching and Privacy Protection Act of 1988, which prevents the government from comparing certain records in an attempt of find a match. However, most comparisons are still unregulated.

The Computer Misuse Act 1990 to make provision for securing computer material against unauthorized access or modification; and for connected purposes. The Computer Misuse Act 1990 was passed to deal with the problem of hacking of computer – it was seen as mischievous behavior, rather than as something, which could cause serious loss or problems to companies, organizations and individuals. However, with development in technology the issue has become more serious and hence legislation was introduced to recognize three key offences:

  • Unauthorized access to computer material.
  • Unauthorized access with intent to commit or facilitate commission of further offences.
  • Unauthorized modification of computer material.

The 1998 Data Protection Act came into force early in 1999 and covers how information about living identifiable persons is used. It is much broader in scope than the earlier 1984 act, but does contain some provision for a transitional period for compliance with the new requirements. The 1998 Act applies to:

  • Computerized personal data;
  • Personal data held in structured manual files.

It applies to anything at all done to personal data (“processing”), including collection, use, disclosure, destruction and merely holding personal data.

The Copyright Act

The principal law governing software piracy is the “Copyright Act 1976”. Some amendments were made in this in 1983 and now software piracy is believed to be a punishable crime involving huge amounts of penalties. It is justified because software is believed of be an “intellectual property” that has been developed and brought into market after a lot effort and cost. So, its future financial interests must be made sure by the concerned legal authorities.


6.4 important privacy acts


6.5 copy right act