You are here

Acts and things which affect us legally

Printer-friendly versionPrinter-friendly version

The following is a list of Acts and such-like things which affect us, with some links to more information. It's not guaranteed to be a complete list, and will of course require revision as new things appear.


    "The official home of UK legislation 1267-present."

  2. Scotland Act 1998

    This Act establishes the legislative competence of the Scottish Parliament.

  3. Human Rights Act 1998

    As a public authority we are required to act in such a way that we conform to the Articles of the European Convention on Human Rights as set out in the HRA, particularly Articles 8, 9 and 10, which refer to "right to respect for private and family life", "freedom of thought, conscience and religion" and "freedom of expression".

  4. Data Protection Act 2018 and GDPR

    The DPA and the GDPR control the way information about real live people is processed. In general terms, any such processing requires a GDPR article-6 basis. Certain classes of "sensitive" personal data are subject to tighter controls. Seek advice if you are responsible for processing information about real people.

    Note also the provisions of the Privacy and Electronic Communications (EC Directive) Regulations 2003 which regulate the use of email for direct marketing, which must be borne in mind when considering contacting groups by email.

    The DPA is being replaced by the EU's General Data Protection Regulation ("GDPR") in May 2018. We have a separate page linking to some useful GDPR resources.

  5. Freedom of Information (Scotland) Act 2002 and Freedom of Information Act 2000

    FoI(S)A gives anyone anywhere the right to ask us anything they want, and gives us 20 working days to reply. There are some exemptions. It should be assumed that every question asked falls under FoI(S)A, and must be answered (or an exemption claimed and notified). Take advice as necessary.

    Note that although most of the FoIA doesn't apply directly to us, it does amend the DPA in ways which potentially could.

  6. The Information Commissioner's Office, the Scottish Information Commissioner and The Investigatory Powers Tribunal

    The Information Commissioner and the Scottish Information Commissioner are responsible for the interpretation and enforcement of the DPA and FoI(S)A respectively in Scotland. They both publish useful guidance notes.

    The Investigatory Powers Tribunal "can investigate anything you believe has taken place against you, your property or communications, as long as it relates to a power held by the organisation you are complaining about, under the Regulation of Investigatory Powers Act."

  7. Computer Misuse Act 1990

    The CMA creates offenses of unauthorised access or intended access to computers or modification of computer material.

  8. Communications Act 2003

    Most of the CA doesn't apply to us. It does create offences of dishonestly obtaining electronic communications services or possessing apparatus for doing so, which have been held to be applicable to wireless networks.

  9. Regulation of Investigatory Powers Act 2000 and The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000

    The RIPA, inter alia, defines and controls the "interception" of communications on our network. Interception other than as allowed by the act and its subsidiary regulations is unlawful and may also be actionable in the civil courts.

    The interception by COs as part of the provision of the service is permitted under section 3(3) of the act. Any other interception for whatever purpose is controlled by the T(LBP)(IoC)R and may require the consent of the Head of School.

    There are powers under RIPA for various organisations to serve notice requiring the provision of communications data, or for the putting into "intelligible form" of encrypted material. The codes of practice on the operation of these powers are currently (August 2006) out for consultation.

  10. JANET Acceptable Use Policy and
  11. JANET Security Policy

    We connect to the other Scottish Universities and the rest of the world over JANET. This AUP and security policy govern what traffic is allowed.

    These are implemented locally by the University's Computing Regulations.

  12. JISC Legal: sundry links to acts and commentaries

    JISC Legal used to have a responsibility to consider legislation and produce guidance notes for the benefit of the Academic Community. Their repository was often a good place to look for information. An archive of their useful web site can be found here.

    See also the JANET factsheets series.

  13. Further and Higher Education (Scotland) Act 2005

    Section 26 of the FHE(S)A requires that Universities in Scotland respect academic freedom for those engaged in teaching and research, though not for taught students. Any publishing and take-down policies would need to take account of this. (The Human Rights Act would also apply, of course.)

    (The Education (No 2) Act 1986 imposes a duty on Universities in England and Wales to uphold freedom of speech; but the section of the act involved does not extend to Scotland.)

  14. Anti-terrorism, Crime and Security Act 2001

    The part of this that's most likely to affect us is that dealing with retention of communications data. UKERNA recommend following the LINX's best common practice paper on traceability.

  15. Terrorism Act 2006 and Section 3 Code of Practice

    "Organisations that provide web sites or other opportunities for individuals to publish on the Internet should be aware of a new notice-and-take-down requirement contained within the Terrorism Act 2006, which came into force [in April 2006], and ensure that they have procedures to handle any notices served on them under the Act."

    "Sections 3 and 4 of the Act enable a police constable to give written notice to an organisation that a particular statement they publish electronically is unlawful, because it relates to terrorism. For most JANET customers the notice must be given, either in person or by registered mail, to the secretary or equivalent officer of the organisation. If the organisation does not remove or amend the statement within two working days (only Saturdays, Sundays, Bank Holidays, Christmas Day and Good Friday are excluded) then it will be considered to have endorsed the statement and will thereafter be liable to prosecution for encouraging terrorism or disseminating terrorist publications. It is clearly important to be able to deal with these notices very promptly.

    "An organisation served with a notice is also required to take all reasonable steps to prevent future re-publication of the same or similar statements. Since the law is brand new, it is not clear how "all reasonable steps" will be interpreted, but it seems likely to require at least an investigation into who published the statement and removing that person's ability to publish in future."

    (Andrew Cormack (UKERNA), via Rodney Tillotson to the uk-security mail list.)

  16. The Health and Safety at Work etc Act 1974

    This act provides a framework for various safe-working practices which we are obliged to follow. Details are in the associated Regulations.

Last reviewed: 

System Status

Home dirs (AFS)
Other services
University services
Scheduled downtime

Choose a topic