Download presentation
Presentation is loading. Please wait.
Published byNorah Patrick Modified over 8 years ago
1
7062785 Information Management in Telco: A Legal Perspective Sheila Tormey Barlow Lyde & Gilbert LLP Ronan Lupton Barrister at Law 17 September 2009
2
Information Management Information is a key asset of every business Technology has revolutionised our ability to access, create, store, search and communicate information Information Management is in its infancy and lagging behind technological development “the stone age was marked by man's clever use of crude tools; the information age, to date, has been marked by man's crude use of clever tools”
3
20062007 20082009 2010 2011 500 1,000 1,500 2,000 2,500 3,000 3,500 0 20122013 20142015 4,000 4,500 8,000 10,000 6,000 Storing up trouble…
7
Inside of an IT storage system
8
Why is this a problem? The acquisition of and failure to discard, possessions that are useless or of limited value due to a fear of losing things perceived to be important. = “PATHOLOGICAL HOARDING DISORDER”
9
Law and Information Management IPRs DPA Others e.g DDA, Confidence etc
10
Data Protection Act Data Protection Act 1998 EC Directive – EEA wide application Policed in the UK by the ICO Protects ‘personal data’ – electronic mainly (but also paper in some cases) ‘data controllers’ must ‘process’ in accordance with the DPA ‘data subjects’ get a number of rights under the DPA Establishes “Principles” to abide by
11
The Data Protection Principles Adequate, relevant and not excessive Accurate and up to date Rights for Data Subjects under the Act Specific purpose Not kept longer than necessary Technical and organisational measures EEA “fairly and lawfully processed”
12
Consequences of breaching DPA Reputational damage Fines Criminal offences ICO increasing policing and enforcement and taking a harder line
13
5 Key Legal Impacts 1.Security/confidentiality obligations 2.What information can/must be stored 3.Exploitation of information 4.Who has a right to access information 5.Dealing with 3 rd parties
14
1. Security/Confidentiality Common law confidentiality Contractual – agreed standards Data Protection Act – Principle 7 Applicable IT standards “keeping up to date” - adequate technical and organisational (= security) measures – e.g. BS 10012 Practical measures and security standards
15
2. What Can/Must Be Stored 800+ specified retention periods fixed by statute/common law VAT records 6 years Contractual claims 6 years (12 years if a deed) Data Protection Act Processing fairly and lawfully Adequate and not excessive Accurate and up to date Not for longer than necessary IPRs
16
3. Exploitation of Information Copyright Arising automatically in original works Lasts for a set number of years Generally owned by creator – (including ‘employer’) Database rights Arises where "substantial investment" in obtaining, verifying or presenting the contents of the database Owned by the maker Data Protection “fairly and lawfully”
17
4. Who has a right to access? Confidentiality – who can it be given to? DPA Fairly and lawfully processed EEA Subject Access Request Litigation – duty to provide even if detrimental Regulatory investigation
18
5. Dealings with 3 rd Parties See 1. to 4. above: Security Storage Exploitation Access DPA issues need to be dealt with explicitly in contracts Liability/Indemnity/Insurance Right to audit/access and have information returned Information management policies
19
Telco Top Ten Data Retention Enforcement Directive – DRED Challenge of dealing with different retention periods across multiple jurisdictions Data or paper trails, post accessing by a Law Enforcement Agency – LEA Cost control and recovery *(Where applicable) DP Subject Access Requests Timelines, deletion policy and corporate controls WEEE and RoHS Supply and Export Controls, EPA and EU Reporting “Good citizen requirement” Copyright and illicit content controls – “mere conduit” status erosion, litigation, telco innocence, where to next?
20
Top Ten Cont’d Network Privacy / Traffic Management DDoS Implications – Fraud and IP Addressing Nomadic Service Requirements Address locations and Emergency Access e.g., VoIP Jurisdictional controls, no one size fits all Interception – Next Generation, to include IP interception Billing – Achilles Heel of most telco’s Corporate Compliance Security and outsourcing
21
Information is your greatest asset, but also your biggest risk... Not just the Data Protection Act 1998 There is no “magic bullet” solution A multi-faceted approach is needed: Contractual and legal protections IT security and solutions Practical policies and procedures
22
Policies Make it an employee issue not a corporate problem: Written documents that explains practical day-to-day procedures and rules for use of the data (including communications, storage, passwords, access, home working etc etc) Provided to all employees who have to sign and comply with them (part of employment / outsourcing contract) Will reduce the real risk of a leak occurring Will increase chances of compliance with law and regulation Will reduce liability Significantly improves PR damage
23
Spot the difference if lost….. and A B
24
Questions?
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.