EMC Confidential

I dent i f i c at i on of Appl i c abl e Legi sl at i on

Computer Misuse Act 1990
The Computer Misuse Act 1990 makes it a criminal offence to access, or attempt to access computer
material without proper authority or to make unauthorised modification of computer material. Persons
convicted of an offence under the Computer Misuse Act are subject to a maximum of 5 years' imprisonment
or a fine or both.

In the context of Internet use, it is likely that the following examples would be considered illegal.

Accessing restricted material without proper authority.
Provision of any material, such as access codes or 'hacking' instructions which enables others to
gain unauthorised access to a computer system.
Knowingly receiving (or using) any material from an unauthorised user who has gained access to
systems.
Unauthorised modification of a computer system program or data stored on a system.
Any material which encourages or incites other persons to carry out unauthorised access or
modification of a computer system, program or data.

Human Rights Act 1998
The European Convention on Human Rights was signed by the members of the Council of Europe in 1950. It
became part of British law in 1998. The Human Rights Act 1998 makes it unlawful for public bodies to violate
the rights contained in the European Convention on Human Rights. The Act details the legal framework of
individuals' rights in 17 Articles which have all been incorporated into UK law by the Human Rights Act. For
example, these include (but are not limited to); the right to liberty and security, the right to fair trial, no
punishment without law, and prohibition of discrimination.

Freedom of Information Act 2000
The Freedom of Information Act deals with access to official information and gives individuals or
organisations the right to request information held by any public authority. The Act gives individuals the right
to request information held by public authorities, companies wholly owned by public authorities in England,
Wales and Northern Ireland and non-devolved public bodies in Scotland. The public authority must tell the
applicant whether it holds the information, and must normally supply it within 20 working days, in the format
requested, and follow a number of set procedures.

The Act is fully retrospective and applies to all information, not just information filed since the Act came into
force.

Scotland has its own Scottish Environmental Information Regulations and the Freedom of Information
(Scotland) Act 2002. These are regulated by the Scottish Information Commissioner's Office.

Terrorism Act 2000
The Terrorism Act 2000 is the primary piece of counter-terrorism legislation and contains the most vital
counter-terrorism measures. The Act came into force in response to the changing threat from international
terrorism, and replaced the previous temporary anti-terrorism legislation that dealt primarily with Northern
Ireland.

The Act has introduced a number of new offences, allowing police to arrest individuals suspected of:
inciting terrorist acts
seeking or providing training for terrorist purposes at home or overseas
providing instruction or training in the use of firearms, explosives or chemical, biological or nuclear
weapons
EMC Confidential
Anti terrorism Crime and Security Act 2001
The Anti-Terrorism, Crime and Security Act 2001 (ATCSA) was introduced in order to provide stronger
powers to allow the Police to investigate and prevent terrorist activity and other serious crime.

The measures outlined within the Act are intended to:
cut off terrorist funding
ensure that government departments and agencies can collect and share information required for
countering the terrorist threat
streamline relevant immigration procedures
ensure the security of the nuclear and aviation industries
improve security of dangerous substances that may be targeted/used by terrorists
extend police powers available to relevant forces
ensure that we can meet our European obligations in the area of police and judicial co-operation and
our international obligations to counter bribery and corruption

Proceeds of Crime Act 2002
Under the Proceeds of Crime Act 2002 it is a criminal offence for anyone to be involved in arrangements that
they suspect facilitate (in any way) someone else in acquiring, retaining, using or controlling the proceeds of
crime.

Under the Act, it is a criminal offence for anyone who works in a regulated financial firm not to report any
dealing that they suspect, or ought to suspect, involves the proceeds of crime. The report should be made to
the company's appropriate representative, who must report these cases to the National Criminal Intelligence
Service (NCIS). Where the firm has advance notice of the transaction, it is protected against an allegation of
assistance if it gets consent, or deemed consent, from NCIS before it carries out the transaction.

The Copyright Designs and Patents Act 1988
It is an offence under this Act to copy software or other Internet materials without authority. It is immaterial
whether such unauthorised copying is done with a view to personal convenience or for monetary gain.
Unlimited fines and up to two years' imprisonment may be imposed on offenders.

All software, including commercial products and Shareware, is protected by copyright law and is licensed for
legitimate use. Some software creators have designated their products as Freeware (for which use is
authorised without a licence fee being payable) and have made this available on the Internet. EMC does not
tolerate the use of unauthorised/unlicensed software and may require evidence from any user of software
obtained via the Internet that its use is lawful.

Data Protection Act 1998
This Act prohibits the holding, processing or disclosure of personal information data about others on
computer, unless the data user is properly registered and observes the data protection principles. In view of
the complexity of the legislation, all EMC users are prohibited from establishing, holding or processing any
personal data concerning other persons on any EMC computer and this includes both 'uploading and
downloading' of such data via the Internet.

Staff use is subject to the above Act and it is the duty of each user to ensure that their use complies with the
Data Protection Act.

Republic of Ireland: Data Protection Act 1988 and Data Protection (Amendment) Act
2003
Local enactment of EC Directive 95/46. Comparable to UK Data Protection Act 1998 (above).

EMC Confidential
Regulation of Investigatory Powers Act 2000
If a users actions lead to possible disciplinary action then an investigation may be required that may include
monitoring or other data examination. Where this is the case any action taken will be in line with the RIP Act.
This Act limits investigation activities and protects employees from inappropriate intrusion.

In addition, in Section 71 this act gives investigating authorities certain rights to force the disclosure of
encryption keys. These provisions are expanded upon in the Investigation of Protected Electronic
Information: Code of Practice 2007.

Race Relations and Sexual Discrimination Acts
Discrimination on the grounds of race, colour, nationality, ethnic or national origin or gender is unlawful under
the provisions of the above legislation. Any material published or received via the Internet (or by other
means), which discriminates or encourages discrimination is in contravention of the legislation.

Official Secrets Acts
The provisions of this legislation often apply in connection with contracts with the Government or government
agencies. Any publication of material via the Internet (or by any other means), which is in contravention of
obligations under the Official Secrets Acts is a criminal offence which is punishable by imprisonment or a fine
or both.

Criminal Justice and Public Order Act 1994
This miscellany of legislation includes a consolidation of provisions for the protection of minors by making it a
criminal offence to possess pornographic or obscene material of or involving minors, or material considered
to be excessively violent. In the context of the Internet it would apply to the transmission, receipt and storage
of text, audio and graphic images.

Laws of Defamation
Any publication of a statement, comment or innuendo about another individual or organisation, which cannot
be justified at law may render the author liable to an action for defamation. In the context of Internet use,
EMC will not permit the publication of defamatory material and any author transmitting or any person passing
on defamatory material will be required to indemnify EMC against all actions, proceedings, claims and costs
resulting there from.

Obscene Publications Act 1959
The publication (whether for gain or not) of material intended to be read, heard or looked at which is such as
to tend to deprave and corrupt persons having access to the publication is a criminal offence which carries a
maximum sentence of three years imprisonment.

Telecommunications Act 1984
A person who sends a message or other matter that is grossly offensive, indecent, obscene or menacing in
character via the public telecommunication system or sends a false message for the purpose of causing
annoyance, inconvenience or needless anxiety to another shall be guilty of a criminal offence. The Internet
makes use of the "public telecommunication system". A breach of this Act will result in a substantial fine
and/or imprisonment.

International Law
Users of the Internet should be aware that any material, which they create and transmit is accessible World-
Wide and that such material must not therefore contravene any international laws or treaties. Specific
examples include the importation of specified material from countries for which an embargo is in force and
EMC Confidential
the possibilities that material lawfully provided in the United Kingdom but accessed in another country may
constitute an offence within that recipient country.

Waste Electrical and Electronic Equipment (WEEE) Directive 2002/96/EC and
2003/108/EC
The WEEE Regulations aim to reduce the amount of this waste going to landfill, and increase recovery and
recycling rates. The WEEE Regulations apply to electrical and electronic equipment (EEE) in the following
categories with a voltage of up to 1000 volts AC or up to 1500 volts DC:

1. Large household appliances
2. Small household appliances
3. IT and telecommunications equipment
4. Consumer equipment
5. Lighting equipment
6. Electrical and electronic tools
7. Toys, leisure and sports equipment
8. Medical devices
9. Monitoring and control equipment
10. Automatic dispensers

All businesses that use electrical and electronic equipment (EEE) must comply with the WEEE Regulations.
EMC Shall store, collect, treat, recycle and dispose of WEEE separately from your other waste.

Restriction of the Use of Certain Hazardous Substances in Electrical and Electronic
Equipment Regulations 2006 (RoHS)
The rapid development of new technology has created a high volume of hazardous electrical and electronic
waste. The RoHS Regulations restrict the use of certain hazardous substances in new equipment. This
makes it easier to recycle equipment and protects human health and the environment.

This regulation applies to manufacturers, sellers, distributors and recyclers of electrical and electronic
equipment (EEE) containing:
lead
mercury
cadmium
hexavalent chromium
polybrominated biphenyls (PBBs)
polybrominated diphenyl ethers (PBDEs)

The directive is design to protect human health and the environment by restricting the use of certain
hazardous substances in new equipment, and complement the Waste Electrical and Electronic Equipment
(WEEE) Directive (2002/96/EC).

The Foreign Corrupt Practices Act
The Foreign Corrupt Practices Act ("FCPA") prohibits the payment of bribes, directly or indirectly, to foreign
officials, which includes government officials, political party officials, and candidates for political office. Any
payment, or an offer, authorization or promise to pay, or the giving of anything of value to such a person is
improper under the FCPA if it is designed to influence the act or decision of that person (including a decision
not to act) and/or is given for the purpose of influencing such a person to assist (directly or indirectly) in
obtaining or retaining business for EMC or on its behalf.
The FCPA is applicable to Non-US subsidiaries of US corporations.
The Bribery Act 2010
The UK Bribery Act 2010 ("Bribery Act") prohibits that any individual directly or indirectly, pays, offers,
promises or authorises the giving of any money or anything of value to any government official or privately
EMC Confidential
employed individual anywhere in the world: (i) for the purpose of intending to influence any act or decision of
such person or inducing such person to do or omit to do any act in violation of the lawful duty of such person;
or (ii) for the purpose of intending to induce such person to use his, her or its influence to affect or influence
any act or decision in order to assist (EMC) in obtaining, retaining business or directing business or securing
any improper business advantage. EMC has implemented a program to provide appropriate training on
anticorruption compliance to its directors and employees. In addition, EMC will inform relevant business
partners of their duties in relation to EMC and the anticorruption laws.