Being Aware of Legal Obligations

Awareness of legal aspects of using computer based information systems is important so that users do not inadvertently contravene legal requirements. This topic describes the main areas of concern and suggests ways in which users can increase their awareness of legal issues. Familiarity with relevant legal requirements to your duties and functions should be a requirement of your organisation's Information Security Policy.

To view the related Policy click      

  • An absence of published guidelines relating to the legal aspects of using information systems may result in staff failing to comply with the law - leading to prosecution.

  • Become familiar with the legal requirements with which you will be expected to comply. The following are applicable within the UK (non UK based organisations should comply with the corresponding legislation for that country):-
  1. The Data Protection Act 1998
  2. The Electronic Communications Act 2000
  3. The Regulation of Investigative Powers Act 2000
  4. The Misuse of Computers Act 1990
  5. The Copyright, Designs and Patents Act 1988, including moral rights
  6. The Copyright and Rights in Databases Regulations 1997
  7. The Defamation Act 1996
  8. The Human Rights Act 1998.


  • Summarise the requirements of each Act to ensure compliance. Agree this document as an 'Organisation Code of Conduct' with the Board, as it is they who are legally responsible for compliance.
  • Changes in the law may result in your organisation unintentionally committing an offence.

  • Monitoring changes in the law, and getting legal advice on how those changes affect your organisation should be carried out via your legal department or representative.
  • Changes in employment law and how these could impact the organisation's Information Security should be the responsibility of your HR department or representative.
  • Information from government and legal Web sites can keep your knowledge of this complex subject up-to-date.
  • The Terms and Conditions of Employment may not have stipulated that the Organisation Code of Conduct must be observed. This could result in the inability to bring disciplinary action against staff found to be in contravention.

  • Develop the Organisation Code of Conduct with assistance and input from specialists from HR and legal disciplines.
  • It is important to ensure that all staff recognise the need to observe both legal requirements and also corporate policy. The following areas must also be covered :-
  1. Privacy in the Workplace
  2. Internet - Acceptable Use.
Previous PageTop of this pageNext Page

Information Security Policies from US$595


Use of the guidance contained within RUSecure™ is subject to the End User Licence Agreement
This site created with EasyHTMLHelp(tm) for MS Word


Next PageUpPrevious Page