What is unauthorised access?
Unauthorised access to computer material can occur, for example, when a person gains access to a computer through a telecommunications network, or when an employee accesses information on their employer’s computer which they are not entitled to access. The basic offence is contained in s1 of the Computer Misuse Act 1990, but it is worth noting that elements of employment law can apply to employees who access their employer’s information and data without permission (in addition to the criminal consequences of committing the offence). Denco Ltd v Joinson  held that an employee was guilty of gross misconduct after using an unauthorised password to gain access to information on a computer which he knew he was not entitled to see. Having said that, there are provisions under the Employment Rights Act 1996 to protect, in certain circumstances, employees who act as whistle-blowers, but that is outside the scope of this article.
The offence of unauthorised access
Under s1 of the Computer Misuse Act 1990 a person is guilty of an offence if:
he causes a computer to perform any function with intent to secure access to any program or data held in any computer
the access he intends to secure is unauthorised, and
he knows at the time when he causes the computer to perform the function that this is the case.
The intent need not be directed at any particular program or data or computer. Although s17 of the Act provides interpretation guidelines it does not define ‘computer’, ‘program’ or data’. A broad definition of securing access is given under s17(2). Any data or programs on any removable storage medium which is in the computer at the material time is considered to be held on the computer (s17(6)).
The offence occurs if a person intends to gain unauthorised access and knows that this is the case. Whether this is actually achieved is irrelevant. Reckless or careless access is also insufficient. Additionally, the offence is made out even if only one computer is used, that is, it is not necessary for a person to be using one computer to gain access to programs or data held on another computer (see Attorney-General’s Reference (No. 1 of 1991) .
Unauthorised access by employees
Employees can be guilty of the s1 offence if they are using their own computers at work to access any program or data which they are not authorised to access. Under s17(5) of the Act access by a person is unauthorised if
he is not himself entitled to control access of the kind in question to the program or data; and
he does not have consent to access by him of the kind in question to the program or data from any person who is so entitled.
For more information on:
- Authorised access, unauthorised purpose
- Law Commission report
- Changes to the offence of unauthorised access