Please also view all the legislation on our aggregated chart of principal influences on UK web applications.
UK legislation with a bias towards England/Wales.
Civil Evidence Act 1995
Including use of email as evidence.
Communications Act 2003
Details of offences relating to networks and services including dishonestly obtaining electronic communications services, possession or supply of apparatus etc. for contravening these and improper use of public electronic communications network and persistent misuse.
The Companies Act 2006
Duty to exercise reasonable care, skill and diligence for directors.
The Computer Misuse Act 1990
Prohibition of unauthorised access by both internal and external users.
Criminal Justice and Immigration Act 2008
Including new powers for the ICO.
The Data Retention and Investigatory Powers (DRIP) Bill 2014
Emergency legislation on access to telecommunications data.
The Data Protection Act 1998
Legislation about storing and handling personal data.
Digital Economy Act 2010
measures against online infringement of copyright and the management of the .uk domain.
Freedom of Information Act 2000
Rights of access to information held by public authorities.
The Human Rights Act 1998
This Act includes the right of an individual to privacy of communications.
Malware and Cyber Crime (report)
House of Lords Science and Technology Committee report, 2nd February 2012. Evidence on the impact of malware on individuals, the responsibilities of Government and the economy that has grown up around this industry.
Personal Internet Security (report)
House of Lords Science and Technology Committee report, 10th August 2007. Proposals for changes to the legal system as it deals with Internet abuse and crime.
Police and Justice Act 2006
Includes an update (in Part 5) to the Computer Misuse Act 1990.
The Privacy and Electronic Communications (EC Directive) Regulations 2003
Including website privacy (e.g. tracking users), unsolicited direct marketing and all forms of electronic communications.
The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011
Update for websites etc using cookies and similar technologies, and additional powers for the ICO.
The Regulation of Investigatory Powers Act 2000
UK law concerning the interception, acquisition and surveillance of communications and access to encrypted data. Useful summary in Wikipedia http://en.wikipedia.org/wiki/Regulation_of_Investigatory_Powers_Act.
The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000
Interception without consent by businesses.
The Terrorism Act 2006
Concerning incitement to terrorist activities.
Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
Directive on the protection of consumers in respect of distance contracts.
Directive on privacy and electronic communications concerning the processing of personal data and the protection of privacy in the electronic communications sector.
See also the EU Data Protection pages.
United States of America
US legislation which drives compliance of some international companies.
Sarbanes-Oxley Act of 2002
US legislation that established a set of requirements for financial systems, to deter fraud and increase corporate accountability.
Other web application security resources
Web application security
standards and codes of practice,
Contact Watson Hall
Watson Hall works with your business and information systems staff, partners and suppliers, including professional advisors such as accountants, auditors, insurers and solicitors. We guide, assist and build security and skills in organisations to reduce security and compliance risk.