INCREASED reliance on technology has made us vulnerable in new ways. Just ask someone whose computer has crashed and whose information was not “backed up” or the business that has suffered at the hands of hackers.

The level of protection that we put in place and the time and money spent to prevent loss, corruption or unauthorised access to information stored in an electronic format — for example firewalls, remote or virtual back up of information or backing up the back up — underscores the importance that we place on information which is collected and stored electronically.

The Cybercrimes Act, (“the Act”) entered into force on March 16, 2010. Prior to the passage of the Act there was some, albeit limited, recourse available to persons who were “relieved” of the physical devices on which valuable information was stored. The same could not be said in the case where that same information was copied for possible unauthorised use. The reason for this is that, traditionally, the law did not give the same regard to the loss of information, per se, as it did to the loss of the physical medium on which the information was stored.

Prior to the passage of the Act, victims of computer hackers, who successfully gained access and “stole” information for the furtherance of unlawful acts, had to become contortionists and fit very unnaturally within the definition of “stealing” under Section 3 of the Larceny Act 1942. The main problem with the application of the Larceny Act is that it did not contemplate the commission of the offence unless the owner was permanently deprived of the particular thing being stolen. In the 1978 English case of Oxford v Moss, the victim of the crime was not permanently deprived of an upcoming examination paper which was taken from a lecturer’s desk and photocopied by a student but was subsequently returned.

Permanent deprivation goes against the very nature and operation of computers. Computer technology relies upon copies and the making and transmission of copies. There is no “original” document to lose and be permanently deprived of. This spelt a major hurdle to overcome for the service provider whose ex-employee hacks into the network and makes copies of sensitive information, including client databases, which he subsequently sells to a competitor.

Not only does the Larceny Act require the complainant to prove that he has been permanently deprived of a particular thing, but also that the accused “took and carried away a thing capable of being stolen”. Under common law, this meant that the object of the theft had to be tangible.

The task of prosecuting hackers/crackers who steal information has become greatly simplified with the passage of the Cybercrimes Act. Under Section 3 of the Cybercrimes Act, charges may be laid against persons who hack into a computer, regardless of whether the access is malicious. The more aggravated form of the offence is in Section 4, which speaks to unauthorised access with intent to commit or facilitate the commission of an offence.

Another weapon frequently used by cyber criminals is the dissemination of worms or viruses. The intent behind this offence is not to gain access for the purpose of use of information but to actually corrupt or permanently deprive the owner of the use of the information. Such unauthorised modification of data is now an offence under Section 5 of the Act.

The other offences created by the Act include authorised interception of a computer function or service; unauthorised obstruction of the operation of a computer; and unlawfully making available devices or data for the commission of an offence.

In defining “computer” to include devices which contain computers, such as smart-phones and blackberry devices and providing for a maximum penalty which includes imprisonment and payment of a fine up to $3,000,000 in addition to compensation payable to the victim, the Act is relevant in today’s age where businesses may be severely crippled if data is lost or compromised.

Reliance on the Act may be viewed as an added measure to protect one’s information. Businesses are still urged to ensure that their business information is contractually protected — whether in dealing with staff, service providers, customers or suppliers — and that adequate confidentiality, disclosure and use provisions are included in the contract that governs their relationship.

Tricia-Gaye Watson is an Associate at Myers Fletcher & Gordon and a member of the Firm’s Commercial Department. Tricia may be contacted at tricia-gaye.watson@mfg.com.jm or through www.mfg.com.jm.