Security legislation

security resources

Please also view all the legislation on our aggregated chart of principal influences on UK web applications.

United Kingdom

UK legislation with a bias towards England/Wales.

Civil Evidence Act 1995

Including use of email as evidence.
http://www.legislation.gov.uk/ukpga/1995/38/contents

Communications Act 2003

Details of offences relating to networks and services including dishonestly obtaining electronic communications services, possession or supply of apparatus etc. for contravening these and improper use of public electronic communications network and persistent misuse.
http://www.legislation.gov.uk/ukpga/2003/21/contents

The Companies Act 2006

Duty to exercise reasonable care, skill and diligence for directors.
http://www.legislation.gov.uk/ukpga/2006/46/contents

The Computer Misuse Act 1990

Prohibition of unauthorised access by both internal and external users.
http://www.legislation.gov.uk/ukpga/1990/18/contents

Criminal Justice and Immigration Act 2008

Including new powers for the ICO.
http://www.legislation.gov.uk/ukpga/2008/4/contents

The Data Protection Act 1998

Legislation about storing and handling personal data.
http://www.legislation.gov.uk/ukpga/1998/29/contents

Digital Economy Act 2010

measures against online infringement of copyright and the management of the .uk domain.
http://www.legislation.gov.uk/ukpga/2010/24/contents

Freedom of Information Act 2000

Rights of access to information held by public authorities.
http://www.legislation.gov.uk/ukpga/2000/36/contents

The Human Rights Act 1998

This Act includes the right of an individual to privacy of communications.
http://www.legislation.gov.uk/ukpga/1998/42/contents

Malware and Cyber Crime (report)

House of Lords Science and Technology Committee report, 2nd February 2012. Evidence on the impact of malware on individuals, the responsibilities of Government and the economy that has grown up around this industry.
http://www.publications.parliament.uk/pa/cm201012/cmselect/cmsctech/1537/1537.pdf

Personal Internet Security (report)

House of Lords Science and Technology Committee report, 10th August 2007. Proposals for changes to the legal system as it deals with Internet abuse and crime.
http://www.publications.parliament.uk/pa/ld200607/ldselect/ldsctech/165/16502.htm

Police and Justice Act 2006

Includes an update (in Part 5) to the Computer Misuse Act 1990.
http://www.legislation.gov.uk/ukpga/2006/48/contents

The Privacy and Electronic Communications (EC Directive) Regulations 2003

Including website privacy (e.g. tracking users), unsolicited direct marketing and all forms of electronic communications.
http://www.legislation.gov.uk/uksi/2003/2426/contents/made

The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011

Update for websites etc using cookies and similar technologies, and additional powers for the ICO.
http://www.legislation.gov.uk/uksi/2011/1208/contents/made

The Regulation of Investigatory Powers Act 2000

UK law concerning the interception, acquisition and surveillance of communications and access to encrypted data. Useful summary in Wikipedia http://en.wikipedia.org/wiki/Regulation_of_Investigatory_Powers_Act.
http://www.legislation.gov.uk/ukpga/2000/23/contents

The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000

Interception without consent by businesses.
http://www.legislation.gov.uk/uksi/2000/2699/contents/made

The Terrorism Act 2006

Concerning incitement to terrorist activities.
http://www.legislation.gov.uk/ukpga/2006/11/contents

European Union

EU legislation.

Directive 95/46/EC

Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:EN:HTML

Directive 97/7/EC

Directive on the protection of consumers in respect of distance contracts.
http://eur-lex.europa.eu/LexUriServ/site/en/consleg/1997/L/01997L0007-20050612-en.pdf

Directive 2002/58/EC

Directive on privacy and electronic communications concerning the processing of personal data and the protection of privacy in the electronic communications sector.
http://eur-lex.europa.eu/LexUriServ/site/en/oj/2002/l_201/l_20120020731en00370047.pdf
See also the EU Data Protection pages.

United States of America

US legislation which drives compliance of some international companies.

Sarbanes-Oxley Act of 2002

US legislation that established a set of requirements for financial systems, to deter fraud and increase corporate accountability. http://www.sec.gov/about/laws/soa2002.pdf

Other web application security resources

Web application security standards and codes of practice, organisations, and publications.

Contact Watson Hall

Watson Hall works with your business and information systems staff, partners and suppliers, including professional advisors such as accountants, auditors, insurers and solicitors. We guide, assist and build security and skills in organisations to reduce security risk.

Act now

Watson Hall works with your business and information systems staff, partners and suppliers, including professional advisors such as accountants, auditors, insurers and solicitors. We guide, assist and build security and skills in organisations to reduce security risk.

To discuss security matters in confidence and without obligation, telephone us on 020 7183 3710 or complete the enquiry form

© 2007-2014 Watson Hall Ltd, last reviewed 17 April 2012

These pages contain general information only. Nothing in these pages constitutes professional advice. Please read the website's terms of use, and consult a suitably qualified information security professional on any specific problem or matter.

© 2007-2014 Watson Hall Ltd, last reviewed 17 April 2012

Watson Hall Ltd is a company registered in England no 6004969 at North Bastle, Gatehouse, NE48 1NG, United Kingdom.

https://www.watsonhall.com/security/
Watson Hall Ltd - Legislation
Requested by: 54.196.215.114 on Thursday, 24 April 2014 at 02:16 hrs