Home
Security assessments and audit
Security design and review
Policies, standards and procedures
Approach
Case studies
Check lists
Top 10s
Company information
Principal staff
Website map
Terms of use
Privacy notice
Legislation
Standards and codes of practice
Organisations
Publications
Addresses
Enquiry form
Security legislation
security resources
Please also view all the legislation on our aggregated chart of principal influences on UK web applications.
United Kingdom
UK legislation with a bias towards England/Wales.
Civil Evidence Act 1995
Including use of email as evidence.
http://www.opsi.gov.uk/ACTS/acts1995/Ukpga_19950038_en_1.htm
Communications Act 2003
Details of offences relating to networks and services including dishonestly obtaining electronic communications services, possession or supply of apparatus etc. for contravening these and improper use of public electronic communications network and persistent misuse.
http://www.opsi.gov.uk/acts/acts2003/20030021.htm
The Companies Act 2006
Duty to exercise reasonable care, skill and diligence for directors.
http://www.opsi.gov.uk/acts/acts2006/20060046.htm
The Computer Misuse Act 1990
Prohibition of unauthorised access by both internal and external users.
http://www.opsi.gov.uk/acts/acts1990/Ukpga_19900018_en_1.htm
Criminal Justice and Immigration Act 2008
Including new powers for the ICO.
http://www.opsi.gov.uk/acts/acts2008/ukpga_20080004_en_1
The Data Protection Act 1998
Legislation about storing and handling personal data.
http://www.opsi.gov.uk/acts/acts1998/19980029.htm
Freedom of Information Act 2000
Rights of access to information held by public authorities.
http://www.opsi.gov.uk/ACTS/acts2000/20000036.htm
The Human Rights Act 1998
This Act includes the right of an individual to privacy of communications.
http://www.opsi.gov.uk/acts/acts1998/19980042.htm
Personal Internet Security (report)
House of Lords Science and Technology Committee report, 10th August 2007. Proposals for changes to the legal system as it deals with Internet abuse and crime.
http://www.publications.parliament.uk/pa/ld200607/ldselect/ldsctech/165/16502.htm
Police and Justice Act 2006
Includes an update (in Part 5) to the Computer Misuse Act 1990.
http://www.opsi.gov.uk/acts/acts2006/20060048.htm
The Privacy and Electronic Communications (EC Directive) Regulations 2003
Including website privacy (e.g. tracking users), unsolicited direct marketing and all forms of electronic communications.
http://www.opsi.gov.uk/si/si2003/20032426.htm
The Regulation of Investigatory Powers Act 2000
UK law concerning the interception, acquisition and surveillance of communications and access to encrypted data. Useful summary in Wikipedia http://en.wikipedia.org/wiki/Regulation_of_Investigatory_Powers_Act.
http://www.opsi.gov.uk/Acts/acts2000/20000023.htm
The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000
Interception without consent by businesses.
http://www.opsi.gov.uk/si/si2000/20002699.htm
The Terrorism Act 2006
Concerning incitement to terrorist activities.
http://www.opsi.gov.uk/acts/acts2006/20060011.htm
European Union
EU legislation.
Directive 95/46/EC
Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:EN:HTML
Directive 97/7/EC
Directive on the protection of consumers in respect of distance contracts.
http://eur-lex.europa.eu/LexUriServ/site/en/consleg/1997/L/01997L0007-20050612-en.pdf
Directive 2002/58/EC
Directive on privacy and electronic communications concerning the processing of personal data and the protection of privacy in the electronic communications sector.
http://eur-lex.europa.eu/LexUriServ/site/en/oj/2002/l_201/l_20120020731en00370047.pdf
See also the EU Data Protection pages.
United States of America
US legislation which drives compliance of some international companies.
Sarbanes-Oxley Act of 2002
US legislation that established a set of requirements for financial systems, to deter fraud and increase corporate accountability. http://www.sec.gov/about/laws/soa2002.pdf
Other web application security resources
Web application security standards and codes of practice, organisations, and publications.
Contact Watson Hall
Watson Hall works with your business and information systems staff, partners and suppliers, including professional advisors such as accountants, auditors, insurers and solicitors. We guide, assist and build security and skills in organisations to reduce security risk.
Act now
Watson Hall works with your business and information systems staff, partners and suppliers, including professional advisors such as accountants, auditors, insurers and solicitors. We guide, assist and build security and skills in organisations to reduce security risk.
These pages contain general information only. Nothing in these pages constitutes professional advice. Please read the website's terms of use, and consult a suitably qualified information security professional on any specific problem or matter.