"The UK Statute Law Database (SLD) is the official revised edition of the primary legislation of the United Kingdom made available online. SLD was released to the public on 20 December 2006."
As a public authority we are required to act in such a way that we conform to the Articles of the European Convention on Human Rights as set out in the HRA, particularly Articles 8, 9 and 10, which refer to "right to respect for private and family life", "freedom of thought, conscience and religion" and "freedom of expression".
The DPA controls the way information about real live people is processed. In general terms, any such processing must be done in accordance with the Data Protection Principles. Certain classes of "sensitive" personal data are subject to tighter controls. Seek advice if you are responsible for processing information about real people.
Note also the provisions of the Privacy and Electronic Communications (EC Directive) Regulations 2003 which regulate the use of email for direct marketing, which should at least be borne in mind when considering contacting groups by email.
FoI(S)A gives anyone anywhere the right to ask us anything they want, and gives us 20 working days to reply. There are some exemptions. It should be assumed that every question asked falls under FoI(S)A, and must be answered (or an exemption claimed and notified). Take advice as necessary.
Note that although most of the FoIA doesn't apply directly to us, it does amend the DPA in ways which potentially could.
The Information Commissioner and the Scottish Information Commissioner are responsible for the interpretation and enforcement of the DPA and FoI(S)A respectively in Scotland. They both publish useful guidance notes.
The Investigatory Powers Tribunal "can investigate anything you believe has taken place against you, your property or communications, as long as it relates to a power held by the organisation you are complaining about, under the Regulation of Investigatory Powers Act."
The CMA creates offenses of unauthorised access or intended access to computers or modification of computer material.
Most of the CA doesn't apply to us. It does create offences of dishonestly obtaining electronic communications services or possessing apparatus for doing so, which have been held to be applicable to wireless networks.
The RIPA, inter alia, defines and controls the "interception" of communications on our network. Interception other than as allowed by the act and its subsidiary regulations is unlawful and may also be actionable in the civil courts.
The interception by COs as part of the provision of the service is permitted under section 3(3) of the act. Any other interception for whatever purpose is controlled by the T(LBP)(IoC)R and may require the consent of the Head of School.
There are powers under RIPA for various organisations to serve notice requiring the provision of communications data, or for the putting into "intelligible form" of encrypted material. The codes of practice on the operation of these powers are currently (August 2006) out for consultation.
These are implemented locally by the University's Computing Regulations.
JISC Legal has a responsibility to consider legislation and produce guidance notes for the benefit of the Academic Community. Their repository is often a good place to look for information.
See also the JANET factsheets series.
The London InterNet eXchange "connects the networks of Content Delivery and Internet Service Providers so that traffic may flow more efficiently between them." As part of the service to its members it produces "best common practice" documents advising them on legislation and industry standards. Although these are often not directly applicable to us, as part of a "private" network, nevertheless the general advice in the Academic networking community is to follow these BCPs where relevant.
Section 26 of the FHE(S)A requires that Universities in Scotland respect academic freedom for those engaged in teaching and research, though not for taught students. Any publishing and take-down policies would need to take account of this. (The Human Rights Act would also apply, of course.)
(The Education (No 2) Act 1986 imposes a duty on Universities in England and Wales to uphold freedom of speech; but the section of the act involved does not extend to Scotland.)
The part of this that's most likely to affect us is that dealing with retention of communications data. UKERNA recommend following the LINX's best common practice paper on traceability.
"Organisations that provide web sites or other opportunities for individuals to publish on the Internet should be aware of a new notice-and-take-down requirement contained within the Terrorism Act 2006, which came into force [in April 2006], and ensure that they have procedures to handle any notices served on them under the Act."
"Sections 3 and 4 of the Act enable a police constable to give written notice to an organisation that a particular statement they publish electronically is unlawful, because it relates to terrorism. For most JANET customers the notice must be given, either in person or by registered mail, to the secretary or equivalent officer of the organisation. If the organisation does not remove or amend the statement within two working days (only Saturdays, Sundays, Bank Holidays, Christmas Day and Good Friday are excluded) then it will be considered to have endorsed the statement and will thereafter be liable to prosecution for encouraging terrorism or disseminating terrorist publications. It is clearly important to be able to deal with these notices very promptly.
"An organisation served with a notice is also required to take all reasonable steps to prevent future re-publication of the same or similar statements. Since the law is brand new, it is not clear how "all reasonable steps" will be interpreted, but it seems likely to require at least an investigation into who published the statement and removing that person's ability to publish in future."
(Andrew Cormack (UKERNA), via Rodney Tillotson to the uk-security mail list.)
Home Office Circular 8/2006 is intended to "assist the reader in understanding the Terrorism Act 2006, and the changes that this makes to the existing legislative framework."
Informatics Forum, 10 Crichton Street, Edinburgh, EH8 9AB, Scotland, UK
Tel: +44 131 651 5661, Fax: +44 131 651 1426, E-mail: email@example.com
Please contact our webadmin with any comments or corrections. Logging and Cookies
Unless explicitly stated otherwise, all material is copyright © The University of Edinburgh