Why is computer misuse act important

Where there is sufficient evidence to meet the evidential test under the Code for Crown Prosecutors, the following Public Interest factors should be carefully considered:. CMA suspects can be disproportionately represented by individuals who are under 18 and may be more neurologically diverse than other types of offenders.

Further guidance can be found on these matters can be found in the legal guidance on Youth Offenders and Suspects with Mental Health Conditions. When considering charging for CMA offences, in line with paragraph 2. CMA offences are often committed as a precursor to another offence such as fraud or blackmail. In these circumstances a prosecutor may decide to charge the offence for which the sentence is likely to be higher in order to reflect the nature of the offending.

For example phishing false financial e-mails , pharming cloned false websites for fraud and Trojan installation viruses could be prosecuted under the Fraud Act. An offence of making or supplying articles for use in fraud, contrary to Section 7, is punishable by a maximum of 10 years' imprisonment.

An offence of possession of articles for use in fraud contrary to section 6 is punishable by a maximum of 5 years' imprisonment. Unlawful interception of a public telecommunication system, a private telecommunication system, or a public postal service,. The common-law offence of misconduct in public office, for example, where a police officer misuses the PNC.

Section Creates offences relating to the obstruction of inspections of personal data by the Information Commissioner. Section Creates an offence for persons who are currently or have previously been the Information Commissioner, a member of the Information Commissioner's staff or an agent of the Information Commissioner from disclosing information obtained in the course of, or for the purposes of, the discharging of the Information Commissioners functions unless made with lawful authority.

Section Creates an offence for a person to intentionally or recklessly make a false statement in response to an information notice. Section Creates an offence where the Information Commissioner has given an information notice or an assessment notice requiring access to information, a document, equipment or other material, it is an offence to destroy or otherwise dispose of, conceal, block or where relevant falsify it, with the intention of preventing the Commissioner from viewing or being provided with or directed to it.

Section Creates an offence of the deliberate or reckless obtaining, disclosing, procuring and retention of personal data without the consent of the data controller. Section Creates a new offence of knowingly or recklessly re-identifying information that has been de-identified without the consent of the controller who de-identified the data.

This responds to concerns about the security of de-identified data held in online files. For example, recommendations in the Review of Data Security, Consent and Opt-Outs by the National Data Guardian for Health and Care called for the Government to introduce stronger sanctions to protect de-identified patient data.

Section Creates an offence of the alteration of personal data to prevent disclosure following the exercise of a subject access right. The relevant subject access rights are set out in subsection 2. Section Creates an offence for an employer to require employees or contractors, or for a person to require another person who provides goods, facilities or services, to provide certain records obtained via subject access requests as a condition of their employment or contract. It is also an offence for a provider of goods, facilities or services to the public to request such records from another as a condition for providing a service.

In England and Wales, proceedings for an offence under this Act may be instituted only a by the Information Commissioner, or b by or with the consent of the Director of Public Prosecutions. There are no official guidelines for sentencing for offences under CMA. The below are examples of precedent sentences. The offender, who was aged between 16 and 18 over the course of the offending, admitted offences under sections 1 and 3, and a further offence of concealing criminal property.

He had devised a distributed denial of service program which he used on some occasions himself and on other occasions supplied the program for payment for others to use. In total, 1. The defendant received in the order of , total payment for the DDoS program supplied. Psychological and psychiatric reports indicated the offender was autistic.

Having reviewed these, the judge imposed a sentence of detention in a young offender institution for two years, given the scale of the offending.

The Court of Appeal upheld the custodial sentence but reduced it to 21 months. Charles Brown, 39, was convicted of one count of possession of articles for use in fraud, contrary to section 6 1 of the Fraud Act and two counts of securing unauthorised access to computer material with intent, contrary to section 2 1 of the CMA. The CMA counts related to access to bank accounts.

The basis of the fraud count was possession on the appellant's computer of the stolen bank and credit card details. The appellant's modus operandi involved changing details online and the subsequent impersonation of the account holders in order to obtain a new card and PIN.

The trial judge sentenced him to a total of three years' imprisonment. The Court of Appeal set aside the sentence, noting that while potential loss is an aggravating feature it is not the determining means by which the fraud should be valued and imposed a total of two years' imprisonment. Lewys Martin, aged under 21 at the time of the offences, pleaded guilty to offences contrary to section 1, 2, 3 and 3A CMA relating to DOS attacks against the Oxford and Cambridge University websites, the Kent Police website and offences targeting two private individuals including unauthorised use of a person's Paypal account.

His sentence of two years was upheld on appeal, the court noting the prevalence of computer crime, the fact that organisations were compelled to spend substantial sums combating it and the potential impact on individuals meant that sentences for such offences should involve a real element of deterrence.

Gareth Crosskey, aged 19, pleaded guilty to offences under ss. He persuaded Facebook staff to provide the password to the account. He contacted magazines offering to reveal information about her and contacted her stepfather to say he had access to her private emails and invited discussion as to what would prevent him from doing further damage.

Southwark Crown Court sentenced him to 6 and 12 months' custody, concurrent, for the sections1 and 3 offences, respectively. On appeal, the court referred to the "seriously aggravating features" of the offence, namely the element of harm to the actress and her step father. The court rejected the argument that the sentence should have been suspended. However, having regard to the mitigating factors, namely the appellant being a young man of previous good character, the offending taking place over a short period of time and the appellants' expression of remorse, the sentence was reduced to four and eight months, concurrent, in a young offender institution.

Glen Mangham, aged 26, pleaded guilty to three offences under sections 1 and 3, having accessed Facebook's computers and modified the functionality of various programs. Southwark Crown Court sentenced him to eight months' custody, concurrent, on each count and a Serious Crime Prevention Order was imposed.

On appeal, the court identified a number of aggravating factors which would "bear on sentences in this type of case":. The Computer Misuse Act was designed to retain some flexibility in the face of a swiftly developing digital landscape. As discussed, the Computer Misuse Act has also been amended several times to uphold its relevance and effectivity in deterring cybercrime.

According to an analysis of figures from HM Courts and Tribunals Service in by tech news website the Register, there were prosecutions under the Computer Misuse Act between and However, out of the total of 45 convictions in , only nine resulted in immediate prison sentences.

In , it was also equally likely for offenders under the Computer Misuse Act to receive an official caution rather than prosecution. Critics of the Act say that these figures show an attitude towards computer misuse that is too forgiving, and do not sufficiently deter people from breaking the law in this way, citing rising rates of cybercrime. Another concern with the Computer Misuse Act is that, since its introduction thirty years ago, an extensive cyber security research industry has developed.

The Act is said to fail to sufficiently differentiate the activities of this cyber security industry from those of hackers seeking to commit crimes. The Computer Misuse Act can be read in full here.

Swipe to read more. Author: Politics. What is the Computer Misuse Act? Blog The latest industry news, articles and events. The Computer Misuse Act and Cyber Crime The Computer Misuse Act is a UK law that protects personal data held by organisations from unauthorised access to computer systems and modification of files without consent.

Introduction of the Act Introduced in , the Computer Misuse Act is imposed against cybercriminals facing accusations such as hacking and data breaches. Computer Misuse Act penalties The following are offences under the Computer Misuse Act and cover a range of offences which include hacking, computer fraud, blackmail and viruses.

Unauthorised access to computer material. Commonly referred to as hacking. This refers to hacking a computer system to steal or destroy data such as planting a virus. This refers to the modification or deletion of data and covers the introduction of malware or spyware onto a computer device electronic vandalism and theft of information. Contact our criminal team.