The Computer Misuse Act 1990
The Act is relevant to electronic records in that it creates three offences of unlawfully gaining access to computer programmes.
The Act
The offences are:
- unauthorised access to computer material
- unauthorised access with intent to commit or facilitate commission of further offences
- unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer, etcetera
The Act also makes it an offence to make, adapt, supply or obtain articles for use in unlawfully gaining access to computer material or impairing the operation of a computer.
Access is defined in the Act as:
- altering or erasing the computer programme or data
- copying or moving the programme or data
- using the programme or data
- outputting the programme or data from the computer in which it is held (whether by having it displayed or in any other manner)
Unlawful access is committed if the individual intentionally gains access; knowing he is not entitled to do so; and aware he does not have consent to gain access.
Records management considerations
It is important that all staff members are aware of and comply with all security measures put in place to protect all of the organisation’s records.
The organisation should have policies and procedures in place to facilitate compliance alongside disciplinary measures for failure to comply.