Acceptable-use policies key for compliance, CPS says

Companies should require customers and staff to promise to abide by acceptable use of information systems and not to breach the Computer Misuse Act (CMA).

Companies should require customers and staff to promise to abide by acceptable use of information systems and not to breach the Computer Misuse Act (CMA).

This emerged from new guidelines from the Crown Prosecution Service that anticipate anti-hacking provisions coming into force in the Police and Justice Act 2006.

The guidelines do not ban the legitimate use of hacking tools and activities to emulate unauthorised access to computer systems and data.

The CPS said there is a "legitimate industry that generates 'articles' to test and/or audit hardware and software. Some articles will therefore have dual use, and prosecutors need to ascertain that the suspect has a criminal intent."

It asks prosecutors to consider, before deciding to prosecute, whether the victim had robust and up-to-date contracts, terms and conditions or acceptable-use polices whether staff, customers and others were made aware of the CMA and what was lawful and whether they had to formally acknowledge their intention not to contravene the CMA.

To secure a prosecution, the CPS said the offender had to know that their access was unauthorised. "Mere recklessness is not sufficient. This covers not only hackers, but also employees who deliberately exceed their authority and access parts of a system officially denied to them," it said.

Penalties for unlawful access to systems and data or for distributed denial of service attacks include up to two years in jail and/or a fine, but making and using hacking tools with criminal intent attract 10 years and five years respectively.




Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close