The Data Protection Act only applies to the processing of personal data on identifiable living individuals, meaning all data held must be in regards to a living human. The Information Commissioners Office (2009) 2 state 11 questions to help assist what personal data actually is, and what parts of the legislation applies to it:
(1) Does the project apply new or additional information technologies that have substantial potential for privacy intrusion?
(2) Does the project involve new identifiers, re-use of existing identifiers, or intrusive identification, identity authentication or identity management processes?
(3) Might the project have the effect of denying anonymity and pseudonymity, or converting transactions that could previously be conducted anonymously or pseudonymously into identified transactions?
(4) Does the project involve multiple organisations, whether they are government agencies (e.g. in 'joined-up government' initiatives) or private sector organisations (e.g. as outsourced service providers or as 'business partners')?
(5) Does the project involve new or significantly changed handling of personal data that is of particular concern to individuals?
(6) Does the project involve new or significantly changed handling of a considerable amount of personal data about each individual in the database?
(7) Does the project involve new or significantly changed handling of personal data about a large number of individuals?
(8) Does the project involve new or significantly changed consolidation, inter-linking, cross referencing or matching of personal data from multiple sources?
(9) Does the project relate to data processing which is in any way exempt from legislative privacy protections?
(10) Does the project's justification include significant contributions to public security measures?
(11) Does the project involve systematic disclosure of personal data to, or access by, third parties that are not subject to comparable privacy regulation?
Therefore the Data Protection Act affects software engineering in many ways. From the start of any project were data collection may need to be made, through development stages as any data processed must not breach the act, to the finished product, were again, all data held must meet the requirements of the 1998 Data Protection act.
Freedom of Information Act
The Freedom of Information Act is another type of Act of Parliament within the UK. It has introduced the It is the implementation of freedom of information legislation on a national level. This means that both individuals and organizations have the right to request any information held on them by a public authority in England, Northern Ireland and Wales such as e-mails, meeting minutes, research or reports.
The Information Commissioners office (2009) 3 have produced a "Factsheet" to help assist users understand the Freedom of Information Act, and also of where you can request information from. Some example of these organisations and company's include:
â€¢ Central government and government departments
â€¢ Local Authorities / Councils
â€¢ Hospitals, doctors' surgeries, dentists, pharmacists and opticians
â€¢ State schools, colleges and universities
â€¢ Police forces and prison services
The UK isn't the only country to have a Freedom of Information Act, the USA, Europe and other countries across the world have similar acts allowing individuals or organizations to request information on themselves from public authorities if they have valid reasoning. An example of someone requesting information from a non UK Act, is when a Professor of Journalism at Columbia University, USA (Penn Kimball) requested information held on him. Powers, T. (1983) 4 of the New York Times, talks about Kimball's requests he made after he was turned down for a Government appointment and therefore used the 1975 Freedom of Information Act to see his US Department files. The information that he received back was that in his youth he had been classified as a "Dangerous Radical" and a "Security Risk", therefore did not meet the requirements needed for his Government Appointment.
UK Disability Discrimination Act
The UK Disability Discrimination Act came into force in 1995. Since then it has been modified several times with the most recent version being the 2005 Act.
The Disability Discrimination Act (2005) 5 gives disabled people different rights in different areas that may affect them. These can be within education, employment, when accessing goods, facilities and services, including larger private clubs and land-based transport services, buying or renting land or property and functions of public bodies, for example issuing of licences.
Within the accessing goods, facilities and services section, any ICT environment must meet requirements of the act to allow disabled users to use them. For example a website which sells a product or allows a user to book a flight etc. Items which may be used to make these sites accessible are "Large Text" formats, Spoken Words, Different colour formats etc.
After looking at a report produced by Tiresias(2009) 6 regarding making ICT Accessible, its clear that the highest percentage of disabled users of websites suffer from hearing and sight problems:
User group with problems using ICT
Percentage of population in Europe
Cannot walk without aid
Cannot use fingers
Cannot use one arm
Hard of hearing
After reading a report produced by the Disability Rights Commission. (2004) 7 on Web Access and Inclusion for Disabled People, it became clear that over 80% of sites were "Next to Impossible" for the disabled users to actually use. From this they issued warnings to organisations as a whole, informing them they may face legal action if they did not comply with the DDA, and that they were also liable for "Unlimited Compensation Payments" by disabled users.
The following extracts have been taken out of The Disability Discrimination Act (2005)Â 5 (Code of Practice Section) which gives examples of were disabilities may be affected when providing a service:
2.2 (p7): "â€¦ unlawful for a service provider to discriminate against a disabled person by refusing to provide any service which it provides to members of the public."
4.7 (p39): " â€¦ a service provider has to take reasonable steps to change a practice which makes it unreasonably difficult for disabled people to make use of its services."
2.13 - 2.17 (p11-13): "What services are affected by the Disability Discrimination Act? An airline company provides a flight reservation and booking service to the public on its website. This is a provision of a service and is subject to the act."
5.23 (p71): "For people with visual impairments, the range of auxiliary aids or services which it might be reasonable to provide â€¦ include ... accessible websites."
5.26 (p68): "For people with hearing disabilities, the range of auxiliary aids or services which it might be reasonable to provide â€¦ include ... accessible websites"
Health and Safety
Health and Safety also plays a big part in Legislation that affects Software Engineers. Any software that is created, managed or modified must meet Health and Safety standards to stop risks from occurring.
An example of health and safety in the workplace that occurs on a daily basis involving the computing environment are injuries that may occur from using Computer Systems, such as RSI (Repetitive Strain Injury) from heavy use of keyboards and mice. Another example is the DSE (Display Screen Equipment) European Directive which takes into consideration people's health whilst using displays that show alphanumeric or graphical data whilst in the working environment. The Directive was laid before the EU Parliament on the 16th November 1992 and came into force on the 1st of January 1993:
"The main health risks associated with DSE are musculoskeletal disorders, stress and visual fatigue. While the risks to individual users are often low, they can still be significant if good practice is not followed. DSE workers are also so numerous that the amount of ill-health associated with such work is significant, and tackling it is important. HSC/E recognises that securing compliance with these Regulations has potential to make a significant contribution towards hitting the targets for ill health reduction in the Priority Programme on Musculoskeletal Disorders (MSD)."
HSC. (2004). The Health & Safety (Display Screen Equipment) Regulations 1992. Available: http://www.hse.gov.uk/foi/internalops/fod/oc/200-299/202_1.pdf. Last accessed 1st March 2010
Therefore it is important that considerations are made into how systems may operate and how users may operate a system, to make sure that it is compliant with the DSE European Directive. If an employee of a company experienced ill health and it was proven to be related to poor health and safety in the workplace, they would be able to seek expert advice to progress a compensation claim against the company.
Another example that could occur is when Software causes Health and Safety issues were end users could die. For Example, Richard G Epstein's fictional Ethical Book on "The Killer Robot" Were an operator dies from corrupt software;
"Bart Matthews, Robot Operator. A faulty computer program caused a Robbie CX30 robot to strike him dead"
Taylor, N . (2003). The Killer Robot . Available: http://www.macs.hw.ac.uk/~nkt/praxis/epstein/papers/ckr-cast.sht. Last accessed 1st March 2010.