Custom Search

Cyber Security:

UK Legislation

relating to computing

Law in Britain can be broadly divided into two categories:

Criminal law is concerned with punishing behaviour that is considered unacceptable (murder, serious injury, fraud and so on). The majority of criminal cases are brought by the State against individuals and companies and require a high standard of proof to secure a conviction (‘beyond reasonable doubt’). Criminal cases can punish guilty parties with either fines or imprisonment, depending on the nature and severity of the offence.

Civil law is concerned with disputes and these are usually brought before the court by individuals. Civil cases concern (among other things) property law, contracts and noise. There is a lower standard of proof (‘on the balance of probabilities’) than with criminal law and punishments are usually financial in nature.

Bills, Acts and Laws

Bill is a draft of the proposed law. This is debated in the elected House of Commons and if it is approved, the Bill is passed to a specialist committee made up from Parliamentarians for revision. Their changes are discussed further in the House of Commons and it is possibly revised further.

After a formal vote, the Bill passes from the House of Commons to the House of Lords for further scrutiny and possible amendments. The Lords will vote on the Bill before returning it to the House of Commons which considers their amendments.

If the two houses agree, the Bill is given Royal Assent and becomes an Act.

Some Acts take immediate effect, but often there is a delay between enactment and implementation as there may need to be processes put in place in order to achieve compliance.

So a Bill does not become law until it becomes an Act.

So, an Act of Parliament is a law that has been approved by the British Parliament.

Britain has a second type of law that has not been passed through Parliament known as 'Common Law' - but this is longstanding and not likely to relate to ccyber-security!

The Law must change to keep up with threats

It is worth remembering that cyber security is a fast moving area and therefore, legislation is constantly being revised based on new threats and court cases. In particular, the outcomes of trials can result in changes to the interpretation of existing laws as well as prompting creation of new laws.

Additionally, because cyber threats are global, they can be affected by legislation from other jurisdictions - and other countries can request a citizen of one country is extradited to face trial.

For example: In 2002, the British hacker Gary McKinnon was accused of ‘the biggest military computer hack of all time’ against US Department of Defence and NASA computer systems, resulting in a demand for his extradition to the United States.

McKinnon fought extradition for 10 years, including an appeal to the House of Lords and the European Court of Human Rights, until the British Government blocked extradition in late 2012. He was not prosecuted in the UK due to the logistics of moving evidence and witnesses from the United States, the passage of time and the difficulties of bringing a case in England and Wales.

Laws relating to cyber-threats

Data Protection Act 2018

Investigatory Powers Act 2016

Computer Misuse Act 1990

Fraud Act 2006

Business Practice Regulations

EU Legislation on Cyber Security