Legislation and Ethics Scenarios for the Exam

This lesson practises applying legislation and ethical reasoning to real-world scenarios, as required by OCR J277 Section 1.6. The ability to identify which laws apply and discuss ethical implications is essential for the exam.

---

How Legislation Questions Appear in the Exam

OCR J277 Paper 1 tests legislation knowledge through scenarios. You need to:

1. Identify which law or laws apply
2. Explain which specific part of the law is relevant
3. Describe the consequences of breaking the law

The Four Key Laws

Law	What It Covers	Key Focus
Data Protection Act 2018 / GDPR	Handling personal data	Consent, storage, security, rights
Computer Misuse Act 1990	Unauthorised computer access	Hacking, malware, DDoS
Copyright, Designs and Patents Act 1988	Intellectual property	Software piracy, copying content
Freedom of Information Act 2000	Accessing public information	Transparency, exemptions

---

Scenario 1: Data Breach at a School

A school stores student records including names, addresses, medical conditions, and exam results in a database. An employee accidentally sends a spreadsheet containing all this data to the wrong email address.

Which law applies?

Data Protection Act 2018 / GDPR

Analysis:

Principle Violated	Explanation
Integrity and confidentiality	Personal data was not kept secure — it was sent to an unauthorised recipient
Accountability	The school must demonstrate it has procedures to prevent such incidents

Consequences:

• The school must report the breach to the ICO within 72 hours if it poses a risk to individuals.
• Affected individuals (students and parents) must be notified if the breach poses a high risk.
• The ICO may issue a fine or enforcement notice.
• The school may face reputational damage and loss of trust from parents.

What should the school do?

• Implement access controls so only authorised staff can view sensitive data.
• Use encryption when sending personal data.
• Provide data protection training for all staff.
• Have clear procedures for handling data breaches.

---

Scenario 2: Student Hacking

A student discovers their teacher's password and uses it to log into the school network. They change their own exam grades in the school's database.

Which laws apply?

Computer Misuse Act 1990 — Sections 1 and 3

Section	Offence	Application
Section 1	Unauthorised access to computer material	Using the teacher's password to log in without authorisation
Section 3	Unauthorised modification of computer material	Changing exam grades in the database

Consequences:

• Section 1: up to 2 years imprisonment and/or a fine
• Section 3: up to 10 years imprisonment and/or a fine
• School disciplinary action (suspension or exclusion)
• The changed grades would be invalidated

OCR Exam Tip: In hacking scenarios, always identify the specific section of the Computer Misuse Act that applies. If the person only accesses data, it is Section 1. If they modify or delete data, it is Section 3. If they access data to commit another crime (e.g. fraud), it is Section 2.

---

Scenario 3: Software Piracy

An employee at a small business downloads a pirated copy of expensive design software from the internet and installs it on several company computers.