Hacking Offences – Unauthorised Access or Modification of Restricted Data
Hacking or the unauthorised access of data (e.g. accessing passwords or overriding security feature) is a criminal offence. The following form part of a suite of seven computer-related offences under Victorian law:
- Unauthorised access, modification or impairment with intent to commit a serious offence;
- Unauthorised access or modification to cause impairment;
- Unauthorised Impairment of electronic communication;
- Possession of data with intent to commit a serious criminal offence;
- Producing, supplying or obtaining data with intent to to commit a serious criminal offence;
- Unauthorised access, or modification to, restricted data; and
- Unauthorised impairment to data held in a computer disk, credit card or other device.
In this article, we focus on the offence known as ’Unauthorised Access (or Modification) of Restricted Data’ (Unauthorised Access). This charge may be laid in situations where a person accesses another person’s bank account without permission or if a person views sensitive information contained on a restricted database (such as medical records or personal data such as name, address or birthdate).
Elements of the Unauthorised Access Offence
In order to prove an ‘Unauthorised Access’ charge, the Police are required to prove the following elements beyond reasonable doubt:
- That you accessed or modified data;
- That data was considered to be restricted (held on a restricted access computer);
- You had knowledge the access was restricted; and
- You intended to access or modify the data.
‘Access’ means to run a program to gain entry to copying or moving data or a portion of the data or the display of data. ‘Restricted data’ means data held on a computer with restricted access control. ‘Unauthorised’ means that you were not entitled to access that data. However, you are not considered to be unauthorised merely because you had an ulterior purpose for the access.
The maximum penalty for an Unauthorised Access offence is 2 years imprisonment. However, if the charge is successfully established the judge will take into account a variety of considerations in any sentencing decisions.
You have several defences available to you if you have been charged with an Unauthorised Access offence. Firstly, you could argue mistaken identity, or that it was not you that committed the offence. For example, if the offence was committed by someone else who had access to the laptop alleged to have been used to commit the offence. You will also have a defence if the data alleged to have been accessed does not meet the definition of restricted.
A further defence is available if you had authorisation or were entitled to access the data. This includes express or implied consent or authorisation for the access. For example, if you had access to the data as an employee or sub-contractor or agent and did not intentionally access or modify the data. You will also have a defence of reasonable mistake or a factual dispute relating to the charge.
We suggest that you should contact an experienced legal practitioner as soon as possible if you are to be interviewed in relation to this offence so that you can be provided with appropriate advice based on the circumstances relevant to your matter.
 Crimes Act 1958 (Vic) s 247B.
 Crimes Act 1958 (Vic) s 247C.
 Crimes Act 1958 (Vic) s 247D.
 Crimes Act 1958 (Vic) s247E.
 Crimes Act 1958 (Vic) s247F.
 Crimes Act 1958 (Vic) s247G.
 Crimes Act 1958 (Vic) s247H.
 Crimes Act 1958 (Vic) s 247G.
 Crimes Act 1958 (Vic) s247A.
 Crimes Act 1958 (Vic) s247G(3).
 Crimes Act 1958 (Vic)s 247G(3).
 Crimes Act 1958 (Vic) s 247G.
Have a question about this subject?
Views expressed in this article are not necessarily endorsed by Leanne Warren and Associates.