Computer Misuse Act 1993
2020 REVISED EDITION
This revised edition incorporates all amendments up to and including 1 December 2021 and comes into operation on 31 December 2021
An Act to make provision for securing computer material against unauthorised access or modification, for preventing abuse of the national digital identity service, and for matters related thereto.
[3/2013; 9/2018]
[Act 16 of 2023 wef 08/02/2024]
[30 August 1993]
PART 1
PRELIMINARY
Short title
1.  This Act is the Computer Misuse Act 1993.
[3/2013; 9/2018]
Interpretation
2.—(1)  In this Act, unless the context otherwise requires —
“computer” means an electronic, magnetic, optical, electrochemical, or other data processing device, or a group of such interconnected or related devices, performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device or group of such interconnected or related devices, but does not include —
(a)an automated typewriter or typesetter;
(b)a portable hand-held calculator;
(c)a similar device which is non-programmable or which does not contain any data storage facility; or
(d)such other device as the Minister may, by notification in the Gazette, prescribe;
“computer output” or “output” means a statement or representation (whether in written, printed, pictorial, graphical or other form) purporting to be a statement or representation of fact —
(a)produced by a computer; or
(b)accurately translated from a statement or representation so produced;
“computer service” includes computer time, data processing and the storage or retrieval of data;
“damage” means, except for the purposes of section 17, any impairment to a computer or the integrity or availability of data, a program or system, or information, that —
(a)causes loss aggregating at least $10,000 in value, or such other amount as the Minister may, by notification in the Gazette, prescribe except that any loss incurred or accrued more than one year after the date of the offence in question must not be taken into account;
(b)modifies or impairs, or potentially modifies or impairs, the medical examination, diagnosis, treatment or care of one or more persons;
(c)causes or threatens physical injury or death to any person; or
(d)threatens public health or public safety;
“data” means representations of information or of concepts that are being prepared or have been prepared in a form suitable for use in a computer;
“electromagnetic, acoustic, mechanical or other device” means any device, apparatus or program that is used or is capable of being used to intercept any function of a computer;
“function” includes logic, control, arithmetic, deletion, storage and retrieval and communication or telecommunication to, from or within a computer;
“intercept”, in relation to a function of a computer, includes listening to or recording a function of a computer, or acquiring the substance, meaning or purport thereof;
“national digital identity service” has the meaning given by paragraph 1(1) of the Schedule;
[Act 16 of 2023 wef 08/02/2024]
“program or computer program” means data representing instructions or statements that, when executed in a computer, causes the computer to perform a function;
[22/2017]
[Act 16 of 2023 wef 08/02/2024]
“user”, in relation to the national digital identity service, has the meaning given by paragraph 1(1) of the Schedule.
[Act 16 of 2023 wef 08/02/2024]
(2)  For the purposes of this Act, a person secures access to any program or data held in a computer if by causing a computer to perform any function the person —
(a)alters or erases the program or data;
(b)copies or moves it to any storage medium other than that in which it is held or to a different location in the storage medium in which it is held;
(c)uses it; or
(d)causes it to be output from the computer in which it is held (whether by having it displayed or in any other manner),
and references to access to a program or data (and to an intent to secure such access) are to be read accordingly.
(3)  For the purposes of subsection (2)(c), a person uses a program if the function the person causes the computer to perform —
(a)causes the program to be executed; or
(b)is itself a function of the program.
(4)  For the purposes of subsection (2)(d), the form in which any program or data is output (and in particular whether or not it represents a form in which, in the case of a program, it is capable of being executed or, in the case of data, it is capable of being processed by a computer) is immaterial.
(5)  For the purposes of this Act, access of any kind by any person to any program or data held in a computer is unauthorised or done without authority if the person —
(a)is not himself or herself entitled to control access of the kind in question to the program or data; and
(b)does not have consent to access by him or her of the kind in question to the program or data from any person who is so entitled.
(6)  A reference in this Act to any program or data held in a computer includes a reference to any program or data held in any removable storage medium which is for the time being in the computer; and a computer is to be regarded as containing any program or data held in any such medium.
(7)  For the purposes of this Act, a modification of the contents of any computer takes place if, by the operation of any function of the computer concerned or any other computer —
(a)any program or data held in the computer concerned is altered or erased;
(b)any program or data is added to its contents; or
(c)any act occurs which impairs the normal operation of any computer,
and any act which contributes towards causing such a modification is taken as causing it.
(8)  Any modification mentioned in subsection (7) is unauthorised if the person whose act causes it —
(a)is not himself or herself entitled to determine whether the modification should be made; and
(b)does not have consent to the modification from any person who is so entitled.
(9)  A reference in this Act to a program includes a reference to part of a program.