Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright JNT Association 2006 1 1 Striking a Balance: Privacy and Legal Issues in Network Management Andrew Cormack Chief Regulatory Adviser, UKERNA

Published byAlexandria Kirksey Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright JNT Association 2006 1 1 Striking a Balance: Privacy and Legal Issues in Network Management Andrew Cormack Chief Regulatory Adviser, UKERNA"— Presentation transcript:

1 Copyright JNT Association 2006 1 1 Striking a Balance: Privacy and Legal Issues in Network Management Andrew Cormack Chief Regulatory Adviser, UKERNA A.Cormack@ukerna.ac.uk

2 Copyright JNT Association 2006 2 2 2 Networks are full of Dilemmas Investigating faults or misuse –Prevent future misuse, or limit current disruption/privacy breach Investigating crimes –Protect victim, or protect investigator? Monitoring AUP Compliance –Protect organisation/community, or individual privacy? Content filtering –Protect individual’s morals, or his/her privacy? Free speech –Protect against offence, or permit expression of opinions? Marketing –Provide good customer service, or intrude on their private life?

3 Copyright JNT Association 2006 3 3 3 How to resolve these? Know what objective is Find a reasoned, reasonable balance –Harm if we do vs harm if we don’t –This will vary between organisations Act (if at all) in least intrusive way to achieve objective Ensure powers to act aren’t abused –Serious breach of trust if they are Tell users what we will do –And what the rules are Behave professionally –UKERNA’s System Administrator’s Charter may help

4 Copyright JNT Association 2006 4 4 4 What is reasonable? “ Reasonable” varies –Depending on circumstances and culture –Schools probably different from universities Can you justify your decision to your users? –If so, it’s probably reasonable! NB Powers subject to controls and sanctions are more likely to be seen as “Reasonable”

5 Copyright JNT Association 2006 5 5 5 Why does it matter? (1) Users’ reactions –They don’t like being surprised –Or feeling you are just snooping on them Organisation’s reputation –How do prospective students, parents, funders feel? –Are you happy with your press cuttings? Contracts with others (e.g. service providers)

6 Copyright JNT Association 2006 6 6 6 Why does it matter? (2) Reactions of your victims –Civil law may allow them to seek reparation –Or prohibit you from doing it again Reaction of society –Criminal law may lock up you (more likely your managers if you are working under instruction), fine the organisation, etc. Need to manage all these risks –“manage” does not always mean “eliminate”

7 Copyright JNT Association 2006 7 7 7 What does law control? NB These are “controlled”, not “prohibited” Use of Personal Data (DPA 1998) –Note that IP and e-mail addresses are personal Reading/recording information off networks (RIPA 2000) Reading files (HRA 1998) Publishing obscene, racist, terrorist, copyright, defamatory, etc. material –But you are protected until you are told about them –Note that only the rare ones are criminal, most are civil

8 Copyright JNT Association 2006 8 8 8 And what does it require? Ensure actions have a clear purpose Ensure actions are necessary and proportionate Have controls to prevent accidental/deliberate abuse of powers Inform users of what you are doing –Unless notification would defeat the purpose –But use this excuse sparingly! See slide 3

9 Copyright JNT Association 2006 9 9 9 So… Document your rules, procedures and controls –If you aren’t happy with them yourself, make them better –System/network managers are prime suspects Agree rules and procedures with your organisation –If they aren’t happy with them, make them better –If you have their backing, you have little (personally) to fear Explain rules/procedures to (selected) users –If they aren’t happy with them, make them better –Or explain them better! Now you have nothing to be ashamed of!

10 Copyright JNT Association 2006 10

11 Copyright JNT Association 2006 11 What’s new in the law (2006)?

12 Copyright JNT Association 2006 12 Recent Cases War-driving (Communications Act 2003, s. 125) –“Dishonestly obtaining communications services” - £500 fine No requirement that service be protected, or use cause loss! But must be a deliberate act –So what is dishonest? Does it depend on SSID and location? DoS attacks (Computer Misuse Act 1990, s. 3) –Flooding a mailhub with e-mail: authorised? –Youth Court says yes; Appeal Court says no, so s.3 applies Test: “Would owner have agreed, if asked? No!” – Hmmm Police and Justice Bill will make it an explicit offence –Two months curfew Illegal interception (RIPA 2000) –Re-configuring mail server to copy all mails to someone else –£20,000 fine + costs + suspended prison sentence

13 Copyright JNT Association 2006 13 New Laws Terrorism Act 2006 –Notice and take-down of terrorist material Notice sent to senior executive of organisation –Two working days to respond Or organisation is held to approve the material RIPA 2000 (Pt 2 Ch 1) Code of Practice –Covers disclosure notices for traffic data –Documents existing practice

14 Copyright JNT Association 2006 14 Topics of Discussion 1 Blocking Illegal-to-Possess Content –Pressure on ISPs to prevent access to content on IWF list by next year –Currently, indecent images of children Hacking Tools (Police & Justice Bill) –Criminalise supplying tools for CMA offences With intent or likelihood that they will be so used –Authorised use is still fine under CMA 1990

15 Copyright JNT Association 2006 15 Topics of Discussion 2 Extreme Pornography (proposed legislation) –Will become illegal to possess Currently only publishing is illegal (OPA 1957) –“Good reason” defence to be included Access to encrypted material (RIPA 2000) –Existing power (Pt 3) to be switched on –Order to decrypt material seized by police Rarely, may be required to disclose a key –2-5 years in prison if you refuse to do so If court believes you could have disclosed/decrypted

16 Copyright JNT Association 2006 16 Topics of Discussion 3 DoS attacks (Police & Justice Bill) –CMA1990 s3 to become “unauthorised interference” Data Preservation after major incidents –ACPO working group to develop better process DPA1998 s.55 (DCA consultation) –2 years in prison for deliberate unauthorised disclosure of personal data (“What Price Privacy?” report by Information Commissioner) Currently only a fine – a “business expense” to some

Download ppt "Copyright JNT Association 2006 1 1 Striking a Balance: Privacy and Legal Issues in Network Management Andrew Cormack Chief Regulatory Adviser, UKERNA"

Similar presentations

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health
TECHNO-TONOMY Privacy & Autonomy in a Networked World Learning Module 2: Legislating Privacy: Your Rights.

TECHNO-TONOMY Privacy & Autonomy in a Networked World Learning Module 2: Legislating Privacy: Your Rights.
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Institutional Telecomms and Computer Network Monitoring Andrew Charlesworth University of Bristol 10 June 2002.

Institutional Telecomms and Computer Network Monitoring Andrew Charlesworth University of Bristol 10 June 2002.
Using Information at the University University Secretarys Office

Using Information at the University University Secretarys Office
IMPS Information Management and Policy Services Information Services Directorate A briefing for all University staff November 2004 New Information Legislation.

IMPS Information Management and Policy Services Information Services Directorate A briefing for all University staff November 2004 New Information Legislation.
LEGAL 101 – Two Favourite Concepts: 1.Without Prejudice and 2.Client Legal Privilege THINK.CHANGE.DO.

LEGAL 101 – Two Favourite Concepts: 1.Without Prejudice and 2.Client Legal Privilege THINK.CHANGE.DO.
By Andy Scott, Michael Murray and Adam Kanopa

By Andy Scott, Michael Murray and Adam Kanopa
Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: What You Need to Know.

Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: What You Need to Know.
General OH&S Induction Training Course 1 WHAT’S SO IMPORTANT ABOUT OCCUPATIONAL HEALTH & SAFETY? IN THE YEAR 2003, MORE PEOPLE WERE KILLED IN WORK RELATED.

General OH&S Induction Training Course 1 WHAT’S SO IMPORTANT ABOUT OCCUPATIONAL HEALTH & SAFETY? IN THE YEAR 2003, MORE PEOPLE WERE KILLED IN WORK RELATED.
Research and the Data Protection and Freedom of Information Acts.

Research and the Data Protection and Freedom of Information Acts.
Copyright JNT Association 2010-1JANET Briefing, 20 th Jan, 20111 Digital Economy Act 2010 Andrew Cormack Chief Regulatory Adviser, JANET(UK)

Copyright JNT Association JANET Briefing, 20 th Jan, Digital Economy Act 2010 Andrew Cormack Chief Regulatory Adviser, JANET(UK)
© JANET(UK) 2011 Running a Public Communications Service Andrew Cormack Chief Regulatory Adviser, Janet

© JANET(UK) 2011 Running a Public Communications Service Andrew Cormack Chief Regulatory Adviser, Janet
In confidence Chair: Storm Westmaas Principal Legal Adviser, the Standards Board for England Speakers: Bernadette Livesey Chief Law and Administration.

In confidence Chair: Storm Westmaas Principal Legal Adviser, the Standards Board for England Speakers: Bernadette Livesey Chief Law and Administration.
Care and support planning Care Act 2014. Outline of content  Introduction Introduction  Production of the plan Production of the plan  Planning for.

Care and support planning Care Act Outline of content  Introduction Introduction  Production of the plan Production of the plan  Planning for.
The Problem Solvers TM www.singleton.com Privacy Rights: Minors and Parents Michael J. Hewitt Marcel Daigle Singleton Urquhart LLP.

The Problem Solvers TM Privacy Rights: Minors and Parents Michael J. Hewitt Marcel Daigle Singleton Urquhart LLP.
Getting data sharing right for every child

Getting data sharing right for every child
Police And Criminal Evidence Act 1984 (PACE)

Police And Criminal Evidence Act 1984 (PACE)
PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.

PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Similar presentations

Ads by Google