© JANET(UK) 2011 Running a Public Communications Service Andrew Cormack Chief Regulatory Adviser, Janet

Slides:



Advertisements
Similar presentations
Preventing Infringement of Intellectual Property (IP) Rights in the Workplace Awareness raising to prevent infringement within [business name] September.
Advertisements

Institutional Telecomms and Computer Network Monitoring Andrew Charlesworth University of Bristol 10 June 2002.
Data Security Breach Code of Practice. Data Security Concerns Exponential growth in personal data holdings Increased outsourcing 3 rd countries cloud.
Copyright JNT Association JANET Briefing, 20 th Jan, Digital Economy Act 2010 Andrew Cormack Chief Regulatory Adviser, JANET(UK)
Kevin Sharp Customer Engagement Manager Janet, Public Access & The Cloud.
Red Flag Rules: What they are? & What you need to do
EMERGING TOPICS IN DATA, APPLICATION AND INFRASTRUCTURE PROTECTION Taher Elgamal ITU
Copyright JNT Association Striking a Balance: Privacy and Legal Issues in Network Management Andrew Cormack Chief Regulatory Adviser, UKERNA
The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.
Net Neutrality, What Else? Wim Nauwelaerts Partner Hunton & Williams.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Communications Briefing: Navigating the clouds Sam Parr and Ian Walden Wednesday 21 October 2009, – 2.00 pm.
MEDIA LAW Copenhagen University SESSION 10 Dirk VOORHOOF Ghent University (->contact)
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
Session 3 – Information Security Policies
Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Tina Kraigher and Milena Podjed-Fabjančič 18 April 2010 Processing of Telephone Traffic Data of Employees ( a Case Study )
Data Protection for Church of Scotland Congregations
COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.
General Purpose Packages
Online infringement of copyright - the Digital Economy Act June 2010 Robin Fry.
Nov/Dec 2003ElectraNet BSP-2 Workshop (khb) 1 EU Telecoms Regulatory Status Governing Legislation Package 2002  Directive 2002/19/EC Access to, and interconnection.
Designing Smart Cities Conference University of Strathclyde, Glasgow 31 st March 2015 “Regulating Smart Cities: Policing & Privacy” Paul Mackie Chief Executive.
Ioannis Iglezakis Directive on privacy and electronic communications.
Computer Legislation The need for computer laws Go to Contents.
Information Management in FSS: A Legal Perspective Paul Hinton Ian Mason Barlow Lyde & Gilbert LLP 17 September 2009.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Information Governance Policies. Business Support and Corporate Information Resources Team… Working to create a knowledge led organisation Information.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
FAQs about the new regulatory framework Lucy Rhodes
DIRECT WORKS FORUM 10 June 2008 Andy Ballard. COMMON LAW MANSLAUGHTER Effectively – Death by gross negligence Test – (a) was a (common law) duty of care.
Information Management in Telco: A Legal Perspective Sheila Tormey Barlow Lyde & Gilbert LLP Ronan Lupton Barrister at Law 17 September 2009.
Regulatory Transparency and Efficiency in the Communications Industry in Australia Jennifer Bryant Office of Regulation Review Australia.
TERENA Networking Conference 2005©The JNT Association, 2005 Network Performance Measurement: Privacy and Legal Issues Andrew Cormack, UKERNA
Spectrum authorisation under new EU package Roger Stewart Radiocommunications Agency Head of licensing policy unit.
Session 7 Compliance failure policy. 1 Contents Part 1: COLP and COFA duties Part 2: What do we have to comply with and why does it matter? Part 3: Compliance.
Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.
Ecommerce Applications 2007/8 E-Commerce Applications UK e-Commerce Regulations.
Intellectual Property. Confidential Information Duty not to disclose confidential information about a business that would cause harm to the business or.
Objectives  Legislation:  Understand that implementation of legislation will impact on procedures within an organisation.  Describe.
New EU General Data Protection Regulation Conference 2016 Managing a Data Breach Prevention-Detection-Mitigation By Gerard Joyce Dun Laoghaire Feb 24 th.
CMG Events 2016 Cybersecurity Briefing 24 February 2016 John Magee William Fry.
ICT Legislation  Copyright, Designs and Patents Act (1988);  Computer Misuse Act (1990);  Health and Safety at Work Act (1974);  EU Health and Safety.
DATA PROTECTION AND RUNNING A COMPLIANT PUB WATCH SCHEME Nigel Connor Head of Legal –JD Wetherspoon PLC.
Data protection—training materials [Name and details of speaker]
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
Montgomery College Acceptable Use Policy (AUP). 2 This Acceptable Use Policy (AUP) PowerPoint presentation was developed by the Office of the Information.
Commissioning Services: with the DPA in mind South Yorkshire Information and Data Sharing Group Sheffield 14 th August 2014 Lynne Shackley Lead Policy.
Understanding Privacy An Overview of our Responsibilities.
Understanding Privacy An Overview of our Responsibilities.
Rights and responsibilities of providers and individuals
Information Management in Government: A Legal Perspective
The future of data protection: General Data Protection Regulation
Data Protection Session
General Data Protection Regulations: what you really need to know
Radar Watchkeeping: Have you monitored your Communication department’s radar to avoid collisions with the new Regulation? 43rd EDPS-DPO meeting, 31 May.
GENERAL DATA PROTECTION REGULATION (GDPR)
Reporting personal data breaches to the ICO
The Strategic Content Alliance
Go to ‘View’ menu > ‘Header and Footer…’ to edit the footers on this slide (click ‘Apply’ to change only the currently selected slide, or ‘Apply to All’
From DPA to GDPR: the key elements
Data Protection and Running a Compliant Pub Watch SCHeme
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
IMPLICATIONS OF GDPR ROBERT BELL.
Data Protection for SDS Employers Alison Johnston Lead Policy Officer (Scotland) Information Commissioner’s Office.
Neopay Practical Guides #2 PSD2 (Should I be worried?)
PRESENTATION OF MONTENEGRO
Presentation transcript:

© JANET(UK) 2011 Running a Public Communications Service Andrew Cormack Chief Regulatory Adviser, Janet

© JANET(UK) 2011 What is a public comms. service? “public electronic communications service” means any electronic communications service that is provided so as to be available for use by members of the public; (Communications Act 2003, s.151) E.g. Open library terminal, open/commercial wifi hotspot, hotel, cybercafe, housing estate, business park,... NB: Most BCE doesn’t involve public traffic NB: Janet is not a public network service

© JANET(UK) 2011 Which laws are different? The following have additional rules for public services –EC Telecomms Directives (security & privacy) –UK Interception Law –UK/EU Data Retention –UK Copyright Infringement – maybe Future developments likely at EC and UK level

© JANET(UK) 2011 Responsibilities for the service Must comply with Ofcom guidance on security –Documented risk management process (e.g. ISO27001) –Take appropriate measures to deliver security Must report “significant” security breaches to Ofcom, e.g. –100K users disconnected for 12 hours, or –Failure reported to Government department or in the media

© JANET(UK) 2011 Responsibilities for privacy Must design service/systems to protect privacy Must report all privacy breaches to ICO –Consequences and mitigation action taken –And to user if PD or privacy “adversely affected” Traffic/flow data only used for prescribed purposes –Transmission; Billing and traffic management; Customer enquiries; Fraud prevention/detection; Other legal duties Not research –Must delete/anonymise as soon as no longer needed Unlawful interception by operator is a criminal offence

© JANET(UK) 2011 Responsibilities for users Must (if notified by Home Office) retain data about use –Time, duration, type, source, destination of communication –Can agree by contract who does this Best if done by the organisation that authenticates users Various other responsibilities being discussed –Dealing with copyright infringements (Digital Economy Act) –Dealing with infected user equipment –Network Neutrality (restrictions on traffic management)

© JANET(UK) 2011 How far do these extend? Which networks/equipment –Probably anything that might carry public traffic –Good idea to separate those Which organisations are responsible? –Service: Organisation, Janet and ISP –Privacy: Organisation, Janet and ISP –Users: Organisation or ISP

© JANET(UK) 2011 Don’t Forget: State Aid law Using public funds to distort a commercial market –Illegal: fine plus repayment with interest Public Internet access is a commercial market –State Aid law likely to apply Possible approaches (see Janet guidance) –Library terminal: provide “supported Internet access” –Wifi Hotspot: open tender, including use of backhaul –Hotel/cybercafe: charge market rate to trading subsidiary –Broadband gaps: BIS authorisation for individual projects

© JANET(UK) 2011 Policies etc. Janet Policies protect Janet reputation/operation –Need SecPol and AUP whenever Janet addresses used Access control, Manage security threats, Enforce AUP, etc. –Otherwise use Policy of ISP whose addresses are used –Always need disconnection right to protect service to others Other IP address issues –RIPE/WHOIS contact data => body with User responsibilities Copyright enforcement responsibility likely to follow this –Beware of IP address “authorisation” Internal services, licensed content, firewalls, etc.

© JANET(UK) 2011 To run a public network service... It/you must (+ bullets apply to Janet backhaul too) +Be designed according to Ofcom security principles +Report significant (availability) breaches to Ofcom +Report all privacy breaches to ICO +Only use traffic data for prescribed purposes –Only use interception (if at all) with great care –Be prepared to retain information about users –Be prepared to deal with copyright infringement reports +Deal with State Aid issues Probably want to separate this from your R&E service

© JANET(UK) 2011 Discussion Themes How to segregate? Authentication: when/where/how? ISP access Institutional Risk Assessment & Responsibilities Pricing Models Community Support

© JANET(UK) 2011 Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.