Applications of ICT in Libraries/Safe and Legal Use of ICT

This page is designed for the use of students undertaking the Diploma (Diploma ICTL) or the Advanced Diploma (Advanced Diploma ICTL) in Applications of ICT in Libraries.

CHANGES TO THE QUALIFICATION-----------------------------------

The Diploma and Advanced Diploma have been superceded by the Professional Development Award in Applications of ICT in Libraries at levels 7 and 8 (English and Welsh levels 4 and 5). They consist of much the same content as the Diploma and Advanced Diploma but the PDAs include two new Digital Culture units.

These qualifications were developed by the Scottish Library and Information Council (SLIC) and are validated by the Scottish Qualifications Authority (SQA)

Supporting Clients in the Safe and Legal Use of ICT is a Mandatory unit in the level 7 programmes.

Information regarding the background to the courses, content and certification opportunities can be obtained by following the Diploma (Diploma ICTL) or the Advanced Diploma (Advanced Diploma ICTL) links.

Safe practice relating to the use of ICT for communicationEdit

Using ICT for communicationEdit

This section relates to supporting clients in using ICT safely for communication purposes, within the constraints of current legislation. Clients should already possess basic ICT skills, such as simple word processing and the ability to navigate the Internet using a web browser. You should also establish the client’s communication needs, e.g. do they need e-mail for personal or work-related correspondence, in order to assist in the selection of a suitable e-mail service.

The use of e-mail exploded some years ago, encouraged by the fall in prices of home PCs and the introduction of free Internet access in libraries and schools. Since then despite the rise of social media email use has continued to increase and is predicted to continue. Email is an essential method of communication both socially, commercially and professionally.

There are many advantages:

  • the speed of delivery
  • the ability to send to multiple recipients
  • the flexibility of using web-based e-mail accounts for sending e-mails for various locations
  • the ability to attach other types of files, such as images.
  • the low cost involved in sending mail in bulk.

Electronic mailEdit

You should have an in-depth knowledge of electronic mail including:

  • local e-mail software, systems and protocols
  • the structure of e-mail addresses
  • tracking e-mail messages - delivered, read etc.
  • using importance flags
  • changing setting for preferred presentation

Yo may be asked to set up e-mail accounts for clients …

Setting up e-mail accountsEdit

A web-based e-mail account is one where the user accesses his or her e-mail by means of a web-browser, such as Internet Explorer or Firefox, rather than by using a specialist e-mail client program, such as Outlook, Outlook Express or Thunderbird.

You should be able to set up web based e-mail accounts and to show clients how to do this. This includes opening and closing the account.

Free e-mail servicesEdit

Popular free e-mail services include the following:

For some tips on email providers and the pros and cons associated with each one have a look at this link


If you are not already familiar with the process, log on to one of the e-mail services above and follow the instructions to create an account for yourself, e.g.: As you do this, note down any points which you would wish to make to clients when demonstrating how to set up an email account.

You will use this account or one of your own existing ones in subsequent activities.

Sending and receiving e-mailsEdit

Using e-mail is a big step for the uninitiated and assumptions should not be made about how quickly clients can absorb technical details and instructions.

If you are in any doubt, you can find out how to send and receive mail from the help pages of the relevant e-mail services. You’ll usually find a link to this on the opening page of any web based e-mail service.


Select one of the web-based e-mail services listed above and show a client how to carry out the following tasks:

1. create a new e-mail

2. add content to an e-mail

3. send an e-mail to a recipient

4. check for new e-mails sent to them

5. open received e-mails

6. reply to e-mails received

7. forward a received e-mail to another recipient.

If you send e-mails to one of the accounts you created earlier, you’ll be able to check that they’ve been received correctly and demonstrate this to the client.

Once your clients have mastered the basics of e-mail, they’ll probably want to move on to more complex tasks. Let’s start by looking at sending, receiving and saving attached files …

Using attached filesEdit

One of the particularly useful things about e-mail is the ability to attach files and thus send, say, copies of photographs to the recipient. This is particularly useful for older clients staying in touch with their family when they stay at a distance. Any sort of file can be attached and sent with an e-mail. Another common file type attached to e-mails is a word processed document

You should be able to show clients how to attach files. The client may create the file in the library, e.g.: by typing a Word document or scanning in a photograph. Clients may also wish to attach previously created files brought to the library on floppy disks, CDs or USB flash drives. Not all library authorities allow the use of removable data, so you should check this for your own library service.

One area where clients may run into difficulties involves the size of attached files

Size of attached filesEdit

You should make the clients aware of possible limits to the size of files attached to e-mails. There are two points. Firstly some web-based free e-mail services do not allow particularly large attachments. The second point is that, if the recipient is on a dial-up connection, large attachments may be almost impossible to download. This is a particular problem with photographs which can often be several megabytes in size.

You should explain the idea of possibly resizing photographs and definitely compressing them. A rough guide might be that unless there is a special reason, attached photographs should be no more than say 100K in size.

To resize a photograph, the client needs access to image processing software. A free example may be found in Irfan View On the other hand many e-mail programs offer automatic compression of photographs.


Using one of the e-mail programs listed above, demonstrate to a client how to send both a word-processed document and a photograph as attached files. If you send e-mails to one of the accounts you created earlier, you’ll be able to check that they’ve been received correctly and demonstrate this to the client.

Using zipped filesEdit

With e-mail attachments such as large graphics or word processed documents a reduction in size is achieved by compressing or “zipping” the file.

If you are using certain operating systems, for example most versions of Linux and Windows ME/2000, file zipping is built in to the operating system. If you are using an earlier version of your operating system, you may need to install a third-party program such as WinZip. You can download an evaluation copy from


Using one of the e-mail programs listed above, demonstrate to a client how to compress or “zip” documents and attach them to an e-mail. If you send e-mails to one of the accounts you created earlier, you’ll be able to check that they’ve been received correctly and demonstrate this to the client. You should also show the client how to decompress or “unzip” files and save or print them.

Another area your clients will need to know about is virus checking

Virus checkingEdit

Viruses in e-mail attachments may cause serious problems for users. Local authorities have anti-virus software in place but you should be aware that this can be a serious problem for home users. Clients can inadvertently pick up viruses and then transfer them between machines when they use files on public access PCs. Automatic checking should be in place but you should still advise clients not to open unrecognised e-mail messages or attachments.

Anti virus facilities, and the degree to which they can be automated, vary between e-mail service providers. You can find out how to configure anti-virus facilities from the help pages of the relevant e-mail services, which you can access from the opening pages.

It might be worth noting that several providers limit sending or receiving of certain attachments (such as .exe, .bat or .com which are all Windows executables) - this can be useful in preventing the spread of viruses but it might hinder you should you wish to send such files legitimately over the system.

Implementing virus checkingEdit

Now try some activities relating to implementing anti-virus software.


Go to the Lycos web-mail site at and find out which type of virus protection is implemented.

Alternatively, try searching for any email providers anti virus protection. e.g. type gmail virus protection into Google.

In order to show clients how to check that the virus checking is turned on in their web-based e-mail service, you must be familiar with this facility in the commonly used services.


Log on to any of the new e-mail accounts you created in the first exercise and make sure that automatic virus checking is turned on, as far as permitted by the e-mail service provider.

Anti-virus softwareEdit

It is also worth informing clients about general antivirus software, which will protect against viruses from any source not just e-mails e.g. files brought in by a client on a floppy disk. AVG is a free anti-virus program which can be downloaded from

Evaluation versions of subscription anti-virus programs can often be found on computer magazine cover CDs or they can be downloaded from:

Once clients start to build up a collection of sent and received e-mails, they may need to learn how to manage them so that they can be located easily when required, so let’s have a look at Managing e-mails …

Managing e-mailsEdit

The key to effective management of e-mails is always to have an almost empty in-box. In other words, when you receive e-mails you should be able to deal with them promptly and either delete them afterwards or store them in other folders which you have prepared in your e-mail program.

You have to show your clients how to do this with their web-based e-mail account. We suggest that you spend a little time with the client, getting an idea of the likely categories for their e-mails, setting up one folder for them and then allowing the client to do this for themselves for the other categories.

Google mail (Gmail) utilises Labels rather than folders. Labels work in a similar way but can take some getting used to especially as emails can be given more than one label.

  Before proceeding, think of a typical client and jot down a list of folder names which might accommodate the majority of their e-mails.

E-mail foldersEdit

We can think of the following:

  • Family members
  • Friends
  • On-line shopping
  • Holidays

You may also have thought of others.


Using one of your web-based e-mail accounts, set up folders for the four categories we have listed above. Note down any specific points you would want to alert a client to when demonstrating this procedure to them.

As well as trying to prevent viruses, clients will also need to take steps to protect themselves against other online threats and nuisances. Let’s take a look at Combating spam …

Combating SpamEdit

All e-mail accounts are bombarded to a greater or lesser extent by unsolicited e-mails sent out by hoaxers or commercial interests. These e-mails are known as “spam”. In some cases clients will find the spam e-mail subject as well as the content offensive. Most software systems and web based providers offer processes which can block a large percentage of unsolicited mail. You should make clients aware that accessing some websites and responding to messages where they are required to type in their e-mail address may aggravate the problem by signing them up to more junk mail. This is a particular problem with unsolicited e-mails which have a link purporting to remove you from the mailing list but in fact confirms that the account is active and will result in more spam.

The spam filtering systems used by web based e-mail providers suffer from the same flaw that all spam filtering exhibits – sometimes, genuine wanted e-mail gets classified as spam and does not appear in the in-box. You can find out how to manage combat spam from the help pages of the relevant e-mail services. You’ll usually find a link to this on the opening page of the service.

A good suggestion is to have two email accounts, one for personal emailing and another for use when purchasing online. Online shopping is a common way for spammers to find email addresses to pester!


Log on to each of the new e-mail accounts you created in the first exercise and make sure that the spam filters are turned on.

E-mail etiquetteEdit

The term “netiquette” is used to describe the rules that govern polite use of the Internet when interacting with other users. Clearly, a large part of this centres round the use of e-mails.

  Before proceeding, jot down any points you can think of relating to courteous and effective use of e-mail.


Simple points of e-mail netiquette are:

  • properly describing the purpose of the e-mail in the subject field
  • using spell checking
  • avoid using solely capital letters. Using capital letters in an e-mail is seen as the equivalent of shouting at someone.


Look at the exhaustive set of e-mail etiquette rules at and make a list of the most obvious ones which you can then demonstrate to clients using e-mail in the library.

Clients may also want so send e-mail to news groups, so we’ll look briefly at Using news groups

Using news groupsEdit

When using news groups there is a protocol in replying to the various discussions/threads:

  • make sure that you are using the correct news group
  • make sure that you really mean to reply to the whole group and not just send a personal message to an individual member
  • always reply to the correct thread
  • sending the same message to several groups (cross posting) is frowned upon.

Clients should be warned that they should always think very carefully before posting a message to a public newsgroup. There are group archives (e.g.: which store every message ever posted, so a message can have a potential lifespan of many years and could be seen by millions of people! Once a message is posted there is no way of retracting it.

Sometimes clients will want to send an e-mail to several people at the same time, so we’ll look next at Sending e-mail to multiple recipients…

E-mailing multiple recipientsEdit

One of the time-saving features of using e-mail is to be able to send the same information to several people with little more effort that sending to only one recipient. This, of course, is the reason for the existence of spam.

You should be able to show clients how send e-mail to multiple recipients, including replying to all, adding additional recipients and forwarding files. They should know how to send e-mails to multiple recipients without displaying the e-mail addresses of all recipients, a facility often known as blind carbon copies (Bcc:). This last point is important netiquette as it is very impolite to broadcast the e-mail addresses of others without their permission.

You can find out how to send e-mail to multiple recipients from the help pages of the relevant e-mail services. You’ll find a link to this on the opening page of the service.

A more efficient way of emailing multiple recipients is to create groups. The benefit of using groups is that once created you just type the group name and the email will go to everyone in the group AND you will never miss anyone (as long as you created the group correctly in the first plaace!)


Log on to one of the new e-mail accounts you created in the first exercise and send an e-mail message to multiple recipients, i.e.: send the message to Account No 2, copy it to Account 3 and blind copy it to Account 4. Log on to the three recipient accounts and check that the messages have been received correctly.

Sometimes clients will reach the stage where an e-mail account is no longer required, so we’ll take a look now at Closing an e-mail account

Closing an e-mail accountEdit

You should warn clients that most web-based free e-mail accounts expire if not accessed by the user for a specified period of time, sometimes as short as 30 days. In this way the e-mail account will close itself. However, it is netiquette that e-mail accounts should be closed when they are no longer required. This avoids the problem of people sending e-mails to what appears to be a valid address, when no-one is checking the account.

You can find out how to close an e-mail account from the help pages of the relevant e-mail services. You’ll find a link to this on the opening page of the service.


Log on to each of the four e-mail accounts you created in the first exercise and close each of them. (Assuming you no longer want to use them).

Clients will often want to use Internet facilities other than e-mail, so we’ll look next at Using chat rooms

Using chat roomsEdit

Chat rooms are virtual social spaces on the Internet, where users can communicate with each other. Chat rooms are extremely popular because of their unedited and instantaneous nature. Some chat rooms are used simply for entertainment purposes, perhaps based around a topic such as discussing a daily television soap opera. Others may be used for more serious discussions.

As with most of the Internet, younger clients are often very savvy with the technology and are keen on using chat rooms to communicate with others of the same age and with similar interests. It is easy to see the attraction for young people of being able to access this ‘secret’ world of anonymous communication where their parents cannot see what they are doing and in principle no holds are barred regarding ‘bad’ language.

You should be able to inform clients about Acceptable practice in chat rooms

Chat rooms have largely been superceded by other social networking services (Facebook, Twitter and Google hangouts etc) but they are still a feature of many peoples online lives.

Acceptable practice in chat roomsEdit

There has been increasing concern about the use of chat rooms for “grooming”. “Grooming” is the term given to interaction between an adult and a child with an end view of sexualising that relationship. “Grooming” is illegal. You need to advise younger clients as to how they can keep themselves safe by keeping personal information to themselves and never agreeing to meet alone in person anyone they have a chat room-friendship with. They should report any unwanted attention to their parents and / or the chatroom owners.

You must make adult users of chat rooms aware of what is acceptable when they are using computers in the library – this may be more restrictive than when using home PCs.


Find out your library authority’s policy and procedures regarding acceptable use of chat rooms and safeguarding young clients.

More about chat roomsEdit

You can find useful information on this, and other topics at:

You can find Chat services at:

Social networking websites and Chat rooms share similar concerns about safety and vulnerable groups. Social networking websites are very popular because they bring together friends and friends of friends who share a common interest. The illusion that it is a community of friends sometimes means that natural caution is abandoned and private details are shared. In many local authorities and organizations access to social networking websites are blocked by firewalls. These website can offer valuable professional tools and there are some examples of these in Unit 4.

Examples of social networking websites include

  • Bebo
  • Facebook
  • Flickr
  • LinkedIn
  • MySpace
  • Tumblr
  • Twitter
  • WindowsLive

The ICTL units Digital Culture: Online Communication and Digital Culture: Online Collaboration cover social networking in far greater depth.


Log on to the Lycos chat service listed above and see if you can find a chat room where readers discuss books they have read. Check the Help pages for full details of how to use the service. OR try using a search engine and type "book reading chat room" one example is

Clients may experience difficulties in carrying out certain tasks due to security restrictions placed on servers, so let’s take a look at Secure servers

Secure serversEdit

Local authorities normally have secure servers to protect the local authority and public from potentially hostile breaches. This means that desktops are often “locked-down” and you cannot make changes to the settings on PCs in your library. This can be frustrating – especially when simple changes to the resolution of display, for example, would be useful for visually impaired clients.

Secure servers also have restrictions on adding new software or on downloading executable files.

It may also be worth pointing out to library clients the importance of checking the security of the sites they use when making purchases online. Vendors should always use secure servers for the parts of their systems where customers will be typing in personal and financial details, such as credit card numbers. There are two ways a client can check whether their details are secure:

⋅They should look for a closed padlock symbol, normally in the address window of the web site.

⋅They should check that the web address starts HTTPS. The S is the bit which tells them the server is secure.


Check your authority’s policy on secure servers and prepare a brief explanatory note for clients.

Clients may wish to convert paper-based materials, such as photographs, to digital images so they can be sent as e-mail attachments, so let’s have a look at Scanning images and saving to disk…

Scanning and saving imagesEdit

Scanning of images and saving these to disk has increased with the proliferation of inexpensive scanning devices. Many clients will wish to send copies of photographs to their family via e-mail.

You should be able to demonstrate to a client how to scan an image – either of text or pictures - and save it to disk.

(Note that the scanned files will often be large and may need to be reduced in size if they are to be attachments to e-mails.)

Since there is such a range of types of scanner and associated software, we cannot realistically give instructions for use here.


Practice using your locally-available scanner and software to scan and save both text and images. Find out how to reduce the resulting file by compressing it so that it will be acceptable as an e-mail attachment. Note down any points which you will want to make your clients aware of.

Using ICT to support clients with special needs or specific language requirementsEdit

Bear in mind the Equality Act which encompasses the Disability Discrimination Act (DDA


This section relates to the ways in which ICT can support clients with special needs or those with specific language requirements. For example, this client group might include those visually impaired, those whose first language is not English, those disabled, those with literacy difficulties, and those with dyslexia or learning disabilities.

Many of the clients in this group will be mature and capable with the same information needs as everyone else and could benefit from some of the assistive technologies to enable them to access the wide range of resources.

Sensitivity is required in assessing the ability and aptitude of the client. It is important to remember that disabilities may not affect the reading level of clients or their interests. It may be useful to use pictograms instead of text in signage for some clients in this group.

Websites for those with special needs or specific language requirementsEdit

When dealing with clients having special needs or specific language requirements, special care should be given to the appropriateness of recommended websites. As well as the criteria applied to assessing the appropriateness of websites in general, you should exercise care to ensure that clients are directed towards accessible sites with appropriate content and format. For example, visually impaired people may be unable to access websites which are incompatible with software which they rely on.

Clients with Impaired Vision

Clients with impaired vision may be able to use a normal monitor screen if the settings are adjusted to give large font size and high contrast. However, others will need to use a software package which will read out the text on the web page – a screen reader.

Some web sites will not work well with a screen reader.

  Before proceeding, can you think of features on a website page which would cause difficulties for a client with impaired vision using a screen reader?

Problems for clients with impaired visionEdit

The main problems are caused by screens which have no text. If it is not possible to read meaningfully only the text on the website page, then the screen reader will not be successful.

So the following are the problem areas:

  • Web pages which overly rely on graphics
  • Web pages which have graphics or photographs with no alternative text explanation
  • Web pages with text which is presented within a graphic
  • Web pages which use explanatory animations

The worst offenders can be sites that start in Flash with no text option, so that the user gets no information from the screen reader and doesn’t know if the site is open or not.

Screen readersEdit

Some problems have been reported in using screen readers with early version of Adobe Acrobat, but these have been overcome in later versions. You can find more information about this at: (type screen readers in the search window)

A good example of a screen reader which is well liked by users is JAWS for Windows. You can find more information about it at:

Many libraries use Supernova, which incorporates a screen reader called HAL. Supernova also incorporates a very good monitor screen magnification element - so it can help partially sighted clients. You can get further information (and download an evaluation copy) from:

The Royal National Institute for the Blind (RNIB) site gives a useful list of access software at:


To get a better feel for screen reader software and especially to assist those clients with visual impairment, visit the RNIB site mentioned above and follow the links to some of the sites listed. Download evaluation copies of a few of the software packages and try them out.

Colour blindnessEdit

Colour blindness is another factor which can affect a client’s ability to use a website. There are software packages which:

a) permit a person who is not colour blind to view a web page as it would appear to a colour blind person. This can be a useful check for library staff before recommending a website.

b) Use image processing techniques to make web pages clearer for those with colour blindness.


Go to and try the procedure on some webpages which you commonly use. How readable would they be to a client with colour blindness?

An alternative colour blindness simulator just for images is

The SLIC website ( provides information on accessibility issues.

Clients with specific language requirementsEdit

When assisting clients with specific language requirements, it is worth turning to the Google search engine. This provides a useful set of language tools for finding information and/or websites in specific languages and for translating between a range of languages.


Use the Google language tools to:

a) translate a favourite web page into another language;

b) translate a foreign-language web page into English.

Another site which offers translation facilities for text and web pages is:

c) Try the two tasks above using Babelfish as well. Which site do you think gives the best translations?

d) It's important to note that the translation might be a little rough around the edges. Try translating a simple phrase to another language, and then back into English. You might notice quite a change in the meaning of the phrase!

Evaluating websites against best practice guidanceEdit

Websites which can help assess the suitability of website material include:

Look at the World Wide Web 3 Consortium pages and find out exactly what Best Practice in terms of web accessibility means.


Follow the link to WAVE given above and use the tool to check the accessibility of a few of your favourite websites.

Assistive technologiesEdit

Technology can help to balance the difficulties encountered by some client groups. For example, those with motor impairment can access PCs with the aid of a large track ball mouse, touch screens, adapted keyboards and special software.

You can find a number of companies which specialise in supplying assistive technology equipment. An example is Inclusive Technology at: They have an online catalogue which groups the various items in broad headings.


Browse the Inclusive Technology catalogue. This will give you a good overview of what is available in hardware assistance.


Find out what is available within your own library and library service which would support clients requiring assistive technology. Make a note on each item for future use.

Assistive technologies for clients whose first language is not EnglishEdit

You should also be able to use software or keyboard adaptations for people whose first language is not English. It is important for you to know about both what is available locally and organisations to whom clients can be referred.

Adaptive furniture can be of great use to help clients. You can see an on-line catalogue on the website of Synapse Adaptive here:

They cover many adaptive technologies but if you look for hardware and then ergonomics, you will find a number of desk and chair items.

Changing software and keyboard settingsEdit

Although assistive technologies are widely available, sometimes all that is required to improve access for a client is to change the keyboard or software settings. This can allow the enlargement of text, icons and the speed of a mouse click to the client’s comfort.

Windows offers a huge range of accessibility features, including adjusting Display Options, adjusting Mouse Options, adjusting Keyboard Options, adjusting Internet Options, adjusting Sounds and Audio Options, adjusting Taskbar and Menu Options, adjusting User Accounts Options, adjusting Speech Options, Utility Manager, On-Screen Keyboard, Narrator and Magnifier.

The Microsoft website has details of these at:

Windows has an accessibility wizard which can take the client through the various PC settings.


If you are using Windows 8 visit for help. Try the features.

If you have access to Windows XP you can use the Accessibility Wizard to explore the Accessibility features. You can start it by clicking on: Start > All Programs > Accessories > Accessibility > Accessibility Wizard OR Start > Run type accwiz in the Open window.

If you are using an earlier version of Windows, or another Operating System, check your local help files to find out what options are available.


From the information sources above, or additionally from the AbilityNet MyWay site at: make a note of the accessibility features you are likely to require to show to clients. Jot down the steps you have to carry out to implement them.

Voice synthesis and voice recognitionEdit

Voice synthesis software can be used as an alternative to keying in and outputting in text format. There are two types of software required for this.

Voice recognition software allows a client via microphone to give spoken commands to the computer, to allow PC use without a keyboard.

Voice output from the PC is achieved by software which reads out what is displayed on the screen. This is of great use to clients with vision problems.


Find out which of these types of systems are available in your own library service.

Voice synthesis and voice recognition productsEdit

There are a number of products available for both voice synthesis and voice recognition, including Dragon Naturally Speaking, CoolSpeach and Microsoft Speech Server. You can find further information about one of the best known products at the following web site:

There are of course many others

Some operating system versions have voice synthesis built in. Again the AbilityNet MyWay site at: has information on this topic

Of course many people now use mobile devices to access information and people using iPods or devices running on the Android operating system have a built in Voice Commands (iPod voice Control, Android Voice Actions) functionality.


Select a voice recognition package and a voice synthesis package available to your library service. In each case set up the package and get practice at using it. Jot down sufficient notes so that you can demonstrate it to a client in the future.

Legislation relating to the use of ICT for storage, manipulation and access of informationEdit


This section relates to legislation concerning the use of ICT for storage, manipulation and access of information. Government legislation has a significant impact on ICT in libraries and staff require a sound working knowledge to ensure that clients can use ICT safely and legally.

General Data Protection RegulationEdit

Visit the Moodle section on GDPR for up to date informationEdit

Data Protection ActEdit

This section has been superseded by the General Data Protection Regulation (GDPR). The Freedom Of Information section below is still valid though

The Data Protection Act 1998 applies across the UK and gives legal rights to individuals in respect of their personal data held by others. Libraries must ensure that the ways they process personal data of clients and staff, whether manually recorded or computerised, comply with the provisions of the Act. This is particularly relevant to client data stored in an automatic library management system. Such ICT based systems facilitate analysis of client data which would not be possible with manual systems.

The following information is extracted from the Data Protection Act Fact Sheet, which can be downloaded from the Information Commissioner’s website at:

The Data Protection Act 1998 seeks to strike a balance between the rights of individuals and the sometimes competing interests of those with legitimate reasons for using personal information. We will look at the following useful sections:

  • The eight principles of good practice
  • The six conditions for fair data processing
  • Sensitive data
  • Rights under the Act
  • Criminal offences created by the Act
  • Unsolicited electronic communications
  • The role of the Information Commissioner’s Office

The eight principles of good practiceEdit

Anyone processing personal information must comply with eight enforceable principles of good information handling practice. These say that data must be:

    • 1. fairly and lawfully processed
    • 2. processed for limited purposes
    • 3. adequate, relevant and not excessive
    • 4. accurate and up to date
    • 5. not kept longer than necessary
    • 6. processed in accordance with the individual’s rights
    • 7. secure
    • 8. not transferred to countries outside European Economic area unless country has adequate protection for the individual

The six conditions for fair data processingEdit

At least one of the following conditions must be met for personal information to be considered fairly processed:

    • 1. the individual has consented to the processing
    • 2. processing is necessary for the performance of a contract with the individual
    • 3. processing is required under a legal obligation (other than one imposed by the contract)
    • 4. processing is necessary to protect the vital interests of the individual
    • 5. processing is necessary to carry out public functions, e.g. administration of justice
    • 6. processing is necessary in order to pursue the legitimate interests of the data controller or third parties (unless it could unjustifiably prejudice the interests of the individual)

Sensitive dataEdit

Specific provision is made under the Act for processing sensitive personal information. This includes racial or ethnic origin, political opinions, religious or other beliefs, trade union membership, physical or mental health condition, sex life, criminal proceedings or convictions.

For personal information to be considered fairly processed, at least one of several extra conditions must be met. These include:

  • Having the explicit consent of the individual
  • Being required by law to process the information for employment purposes
  • Needing to process the information in order to protect the vital interests of the individual or another person
  • Dealing with the administration of justice or legal proceedings

Rights under the ActEdit

There are seven rights under the Data Protection Act.

  • 1. The right to subject access: This allows people to find out what information is held about them on computer and within some manual records.
  • 2. The right to prevent processing: Anyone can ask a data controller not to process information relating to him or her that causes substantial unwarranted damage or distress to them or anyone else.
  • 3. The right to prevent processing for direct marketing: Anyone can ask a data controller not to process information relating to him or her for direct marketing purposes.
  • 4. Rights in relation to automated decision-taking: Individuals have a right to object to decisions made only by automatic means e.g. there is no human involvement.
  • 5. The right to compensation: An individual can claim compensation from a data controller for damage and distress caused by any breach of the act. Compensation for distress alone can only be claimed in limited circumstances.
  • 6. The right to rectification, blocking, erasure and destruction: Individuals can apply to the court to order a data controller to rectify, block or destroy personal details if they are inaccurate or contain expressions of opinion based on inaccurate information.
  • 7. The right to ask the Commissioner to assess whether the Act has been contravened: If someone believes their personal information has not been processed in accordance with the DPA, they can ask the Commissioner to make an assessment. If the Act is found to have been breached and the matter cannot be settled informally, then an enforcement notice may be served on the data controller in question.

Criminal offences created by the ActEdit

A number of criminal offences are created by the Act and include:

Notification offences: This is where processing is being undertaken by a data controller who has not notified the Commissioner either of the processing being undertaken or of any changes that have been made to that processing.

Procuring and selling offences: It is an offence to knowingly or recklessly obtain, disclose or procure the disclosure of personal information without the consent of the data controller. There are some exceptions to this – for example, where such obtaining or disclosure was necessary for crime prevention/detection. If a person has obtained personal information illegally it is an offence to offer or to sell personal information.

Unsolicited electronic communicationsEdit

The Privacy and Electronic Communications (EC Directive) Regulations 2003 cover, amongst other things, unsolicited electronic marketing communications.

  • Unsolicited marketing calls should not be made to individual subscribers who have opted out either directly or by registering with the central stoplist, the Telephone Preference Service (TPS), or to corporate subscribers (e.g. companies) who have objected either directly or by registering on the Corporate TPS.

  • Unsolicited marketing faxes should not be sent to individuals without their prior consent or to any subscriber who has objected, either directly or by registering on the Fax Preference Service (FPS).

  • Unsolicited marketing emails or SMS should not be sent to any individual subscriber who has not consented unless the email address or phone number was collected in the context of a commercial relationship.

  • Wholly automated marketing calls, i.e. where a recorded message is played and the recipient does not speak to a human being, can only be made where the subscriber concerned (whether individual or corporate) has consented.

The role of the Information Commissioner’s OfficeEdit

The ICO has specific responsibilities for the promotion and enforcement of the DPA. Under the Data Protection Act, the Information Commissioner may:

  • serve information notices requiring data controllers to supply him with the information he needs to assess compliance.
  • where there has been a breach, serve an enforcement notice (which requires data controllers to take specified steps or to stop taking steps in order to comply with the law). Appeals to these notices may be made to the Information Tribunal.

Other Useful DPA websitesEdit

There are several websites which give more details and explanations. We have listed some below:

Useful information on this topic can also be found on the CILIP website.


Search the CILIP website at: for ‘data protection act’. Make a note of any aspects of data protection which are particularly relevant to your own work.

Another aspect of data protection is that related to Government initiatives on privacy and data sharing led by the Ministry of Justice, which aim to increase the data which can be shared by public bodies. You can find information on the website of the Ministry of Justice at:

Copyright legislationEdit

Copyright legislation is UK-wide and a number of Statutory Instruments have been put in place to ensure that European Copyright Directives are enacted in the UK. The key Act is the Copyright, Designs and Patents Act 1988 which determines what is illegal and what is permissible. '

The purpose of copyright is to ensure that the creator (person who holds the intellectual property right) or owner of the copyright can:

  • derive any financial benefit relating to their material
  • have control over the way in which their material is used.

Regular revisions of copyright legislation take place so information professionals must keep their knowledge up to date.

Copyright law is very complex but it is important that you have a sound knowledge of what is permissible and the role of library staff in enforcing copyright.

The Intellectual Property Office website at: has a good summary of copyright issues. The information on the following pages is extracted from there and summarises the principal points.

Ownership and duration of copyrightEdit

The author is the first owner of copyright in a literary, dramatic, musical or artistic work. In the case of films, the principal director and the film producer are joint authors and first owners of copyright. The main exception is where a work or film is made in the course of employment, in which case the employer owns the copyright. The copyright in sound recordings, broadcasts and published editions generally belongs to the record producer, broadcaster or publisher.

Copyright protection in the UK is automatic and there is no registration system - so there are no forms to fill in and no fees to pay.

Copyright is a form of intellectual property and, like physical property, can be bought and sold, inherited or otherwise transferred. A transfer of ownership may cover all or only some of the rights to which a copyright owner is entitled. First or subsequent copyright owners can choose to license others to use their works whilst retaining ownership themselves.

Copyright in a literary, dramatic, musical or artistic work (including a photograph) lasts until 70 years after the death of the author. The duration of copyright in a film is 70 years after the death of the last to survive of the principal director, the authors of the screenplay and dialogue, and the composer of any music specially created for the film. Sound recordings are generally protected for 50 years from the year of publication. Broadcasts are protected for 50 years and published editions are protected for 25 years.

The following are useful websites providing information on copyright:

Copyright and the InternetEdit

With the proliferation of electronic communications via the Internet, there has been a massive opportunity created for the infringement of copyright.

The Internet provides text and illustrations in electronic format, making it easy for the unscrupulous user to cut and paste web material into their own documents. You will already be familiar with copyright law restrictions on copying material from books and journals. Similar provisions apply to material from the Internet. It is important to make clients aware that they should check the legality of making multiple copies of textual material from Internet sites.

The greatest areas of commercial concern have been copyright infringements involving music files and still and moving images. It is clear to see that a digital file can be very easily and at virtually no cost copied and distributed anywhere in the World via the Internet. The creator of the original work is excluded from the process and thus receives no financial reward. Not surprisingly the media companies have been in the vanguard of creating means of prevention. A number of defensive methods have been created to counter copyright infringement in the digital domain.

Digital Rights Management (DRM)Edit

This is a large area but the greatest and most visible use is (and will be even more so in the future) the prevention of copying of films (movies) from DVDs. This requires mechanisms to be active in one or both of the DVD disk itself and the DVD player or computer used. Examples are:

  • the need to keep a Satellite Television receiver box connected to the public telephone network
  • certain high definition film disks can only be played back on a computer which is connected to the Internet
  • the very latest large screen television displays will need a special module to display the coming high definition DVD films. Absence of the module disables the output from the DVD player. The existence of the module guarantees that the incoming digital signal is not being copied.
  • the regional coding of DVDs which does not allow a DVD disk purchased in the USA to be played on a European region DVD player.

You can find additional information at: and at:

Digital watermarkingEdit

This is a computer encryption which is inserted into the image. It is of particular use with images which are placed on websites and thus easily copied. It is invisible to the casual user but provides a tracking mechanism for owners. It is a digital code, which can be unique to the image or shared across the owner’s other images. You can find additional information at: and

Digital fingerprints are unique labels inserted into different copies of the same content (e.g.: an e-book, video or music file) prior to distribution. Each digital fingerprint is assigned to a specific recipient, and thus provides the capability to trace the culprits who use their content for unintended purposes. Fingerprints should be closely associated with the content and difficult to remove.


Visit and download the test version of Steganos Security Suite. Install the program and try using it to hide watermarks (or other messages) in GIF pictures.

Intellectual Property Rights (IPR)Edit

The growth of Internet use and ease with which files and ideas can be transferred across continents has led to tighter regulation of and concern for intellectual property rights. Intellectual property refers to the rights of the thought process and intellectual creativity which developed the work. Information professionals should be aware of the Intellectual Property Rights issues. You should be aware that intellectual property is the legally enforceable right of the owner.

Most countries have laws regulating the copying of inventions, identifying symbols and creative expressions. The UK laws cover four main types of intangible property: patents, trademarks, copyrights and trade secrets, referred to collectively as “intellectual property.”

Intellectual property has many of the same characteristics as tangible property. It is an asset which can be bought, sold, licensed, exchanged or given away. The intellectual property owner has the right to prevent unauthorised use or sale of the property.

Clients should be aware that they should not use library computers (or any others) to do anything which infringes someone else’s intellectual property rights, e.g.: by copying content from someone else’s website into their own document, or illegally copying music files.

You can find lots of additional information at The Intellectual Property Office

Freedom of Information legislation and information access issuesEdit

Freedom of Information legislationEdit

Freedom of Information legislation was introduced across the United Kingdom at the beginning of 2005. The Freedom of Information (FOI) legislation is different for Scotland from that in the rest of the UK, but the information given here is generally applicable throughout the UK. However you should always check the precise details against the relevant website for your own country.

You can find a comprehensive description of the act and its implications at the website of the Information Commissioner at: and for Scotland at the websites of the Scottish Information Commissioner at:

The FOI legislation provides a right of access to the information of public bodies by individuals. Information can be in print, electronic, video or audio format.

Working in a library you need to be aware of the procedures so that you can assist a client to make an information request on the basis of FOI legislation. You should also be aware of the position regarding your own local authority and its requirements to disclose information.


A client approaches you with a request involving the FOI legislation. He wishes to find out how much money is spent by the local authority on traffic calming measures.Go to the website appropriate to your geographical location and make notes on the process of requesting information which will be useful for clients in the future.

Freedom of Information ActEdit

The following details on the FOI legislation is based on information from the Information Commissioner’s website:

The Freedom of Information Act enables people to gain access to information held by public authorities in two ways:

Publication Schemes

Every public authority must make some information available as a matter routine through a publication scheme. Information that is included in such a scheme must be made available to the public. A publication scheme is both a public commitment to make certain information available and a guide to how that information can be obtained.

General right of access

Any person has the right to make a request for information held by a public authority. The authority must usually respond to this request within 20 working days. This right came into force on the 1 January 2005.


The Act recognises that there are grounds for withholding information and provides a number of exemptions from the right to know, some of which are subject to a public interest test. The Act also sets out procedures for dealing with requests, such as time limits for compliance and fees that must be charged.

Making complaints

The Information Commissioner is the independent regulator of the Act, with responsibilities to promote the legislation and enforce compliance with its provisions. This includes making decisions as to whether a public authority has dealt with requests properly.

Acceptable Use PoliciesEdit

For legal reasons each library must have an Acceptable Use Policy (AUP) covering client access to ICT equipment and the Internet. Each authority will have an individual AUP policy reflecting the local circumstances. Each client using the library facilities is required to indicate acceptance of the policy. It is important that the AUP is reviewed on a regular basis to ensure that it complies with current legislation.

The AUP must state that Internet access is monitored using manual and electronic resources and that records of Internet access are kept. The AUP should also specify the actions and penalties which could result from contravention of the AUP. This includes providing the police with information where it is suspected that a criminal act has taken place.

If you select the People's Network Internet Acceptable Use Toolkit there are several examples of local authority AUPs.


Search the internet to find examples of local authority AUPs.


Obtain a copy of the AUP for your own library. Read it over and make a set of notes to enable you to explain the various points to a client new to the library computer facilities.

Content filteringEdit

Internet filtering systems used in libraries are designed to prevent clients accessing unsuitable material. When the filtering system is turned on, users cannot open or link to web sites that the filtering system recognises as unsuitable.

The filtering system is a software package which can be installed on a PC or a server (to regulate multiple machines). The software can use one or both of two principles.

  • 1. When a site is requested, it will check the URL of the site against a list of proscribed sites. If the site is on the list, the software will block access. The list is updated at periodic intervals by the software supplier.
  • 2. When a site is requested, the software will check over the site and attempt to recognise key words which would indicate an unsuitable site and then block access.

  Before proceeding, think of a disadvantage for each of the above methods.

Approaches to content filteringEdit

Although a useful tool, Internet filtering systems are not foolproof.

The first method depends on the list of proscribed sites being complete. It would be impossibly expensive for every website on the Internet to be rated using a human observer. There will also be a delay in a new unsuitable site appearing and being added to the list.

The second method suffers from the difficulty of placing keywords into context. An example being, it has difficulty in distinguishing between the names of body parts used in a pornographical or medical context. Another example is that access may be blocked to sites containing innocuous words, one component of which may be of a sexual or profane nature e.g. Essex (though more complex filters are now sometimes able to recognise such cases). Also, this method checks only for unaccepatble text, not unacceptable images or speech.

Any blocking system can be potentially over-ridden by users with technical knowledge, or by using one of the many proxy sites which allow you to circumnavigate blocks by browsing through a proxy server.

reporting websites is another way of controlling what is available, see

The Family Online Safety Institute (formerly The Internet Content Rating Association (ICRA))Edit

FOSI provide a set of categories and levels within each category:

  • The presence or absence of nudity
  • The presence or absence of sexual content
  • The depiction of violence
  • The language used
  • The presence or absence of user-generated content and whether this is moderated
  • The depiction of other potentially harmful content such as gambling, drugs and alcohol

The user’s browser has to be configured to use the system. Clearly there are obvious weaknesses here in that website developers are not required to use the ratings, and they may be misused. However, similar to the age ratings' associated with films and computer games, this may in the long run be the best possibility for filtering.

Since there are weaknesses in each approach, filtering can not replace vigilance or simple common sense from library staff.

For more information visit


Find out the filtering policies in place in your local authority and what your own responsibility is.

Walled GardensEdit

The walled garden approach is often used for young clients. Here, instead of trying to block access to possible unsuitable sites and allowing access to all other sites, the “walled garden” only offers access to pre-selected websites. This is a much simpler approach. Instead of trying to cope with rating or searching through the 25,270,000,000 websites catalogued by Google today, a small number of hand picked sites are allowed to be browsed. Of course the quality of this service relies upon the nature of the vetting before access is allowed.

The disadvantage is of course the exclusion of many potentially useful sites. There have also been issues with e-mail and search engines allowing a hole to be made in the wall.

Social networking websites, such as and, can also be regarded as walled gardens. This is because the owner can control the range of people who view their messages and updates. Another aspect of walled gardens is the barriers which prevent the free flow of information and this is also true of social networking sites with their custom language and proprietary nature. This means that information can’t be transferred or access from one platform to another.

Suppliers of filtering softwareEdit

The following sites are suppliers of filtering software, mainly aimed at young clients, which also provide lots of useful information on internet safety:

Trial versions of several of these can be downloaded from the relevant website.


Download an evaluation copy of CyberPatrol and try it out.

Internet safety with younger clientsEdit

Clearly the previous section covering content filtering is particularly applicable to young clients. It may be appropriate to reserve particular machines for particular user groups with regard to the type of material which may be accessed. This can also be managed by user ID login procedures.


Find out what is the situation in your own library with regard to the reserving of particular PC’s for restricted access to Internet materials.

Undoubtedly, the younger clients will have the most restricted access. There are serious risks to younger clients with the possibility of someone being hurt, exploited or abused as a result of personal information being posted online or falling victim to “grooming” (covered in Outcome One of this unit).

There are many useful websites which promote safe use of the Internet to younger clients, their parents and teachers. Here are three we would recommend you look at:

Illegal materialEdit

Much material exists on the Internet which it is a criminal offence to access. The catchphrase is ‘If it is illegal off-line - it is illegal on-line’. Three types of Internet content are generally regarded as illegal in the UK:

  • images of child abuse hosted anywhere in the world
  • criminally obscene images hosted in the UK
  • criminally racist content hosted in the UK

Even though filtering and acceptable use policies are in place in local authorities, breaches can very easily happen. It is important that you are aware of the local procedures for dealing with such situations.


Here are two scenarios involving a client accessing illegal materials. Consult your library service’s Acceptable Use Policy and/or staff manual and make notes of what action you would take in each case.

1. An adult client is observed systematically accessing criminally racist content on a public access PC.

2. An adult client accidentally accesses images of child abuse whilst carrying out a genuine information search on another topic.

Sources of further informationEdit

Go to Children Exploitation and Online Protection

This website points to helpful websites for young people and parents containing information about staying safe online at: .

The Internet Watch Foundation at: is a site allowing the reporting of websites which host illegal content. It is widely supported and has lots of links and information on the subject of illegal content.

Using ICT in Professional Practice · Net Navigator