Copyright JNT Association 2006 1 1 Striking a Balance: Privacy and Legal Issues in Network Management Andrew Cormack Chief Regulatory Adviser, UKERNA

Slides:

Advertisements

Similar presentations

H = P = A = HIPAA DEFINED HIPAA … A Federal Law Created in 1996 Health

Advertisements

TECHNO-TONOMY Privacy & Autonomy in a Networked World Learning Module 2: Legislating Privacy: Your Rights.

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

Institutional Telecomms and Computer Network Monitoring Andrew Charlesworth University of Bristol 10 June 2002.

Using Information at the University University Secretarys Office

IMPS Information Management and Policy Services Information Services Directorate A briefing for all University staff November 2004 New Information Legislation.

LEGAL 101 – Two Favourite Concepts: 1.Without Prejudice and 2.Client Legal Privilege THINK.CHANGE.DO.

By Andy Scott, Michael Murray and Adam Kanopa

Slide 1 Wednesday, 3 July 2013 Sir George Monoux College Data Protection: What You Need to Know.

General OH&S Induction Training Course 1 WHAT’S SO IMPORTANT ABOUT OCCUPATIONAL HEALTH & SAFETY? IN THE YEAR 2003, MORE PEOPLE WERE KILLED IN WORK RELATED.

Research and the Data Protection and Freedom of Information Acts.

Copyright JNT Association JANET Briefing, 20 th Jan, Digital Economy Act 2010 Andrew Cormack Chief Regulatory Adviser, JANET(UK)

© JANET(UK) 2011 Running a Public Communications Service Andrew Cormack Chief Regulatory Adviser, Janet

In confidence Chair: Storm Westmaas Principal Legal Adviser, the Standards Board for England Speakers: Bernadette Livesey Chief Law and Administration.

Care and support planning Care Act Outline of content  Introduction Introduction  Production of the plan Production of the plan  Planning for.

The Problem Solvers TM Privacy Rights: Minors and Parents Michael J. Hewitt Marcel Daigle Singleton Urquhart LLP.

Getting data sharing right for every child

Police And Criminal Evidence Act 1984 (PACE)

PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

INTERNET and CODE OF CONDUCT

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Overview

Data Protection Act. Lesson Objectives To understand the data protection act.

The Legal Framework Can you work out which slide each bullet point should go on?!

General Purpose Packages

Chapter 17.3 Regulating the Internet. Internet Speech ► Free speech is a key democratic right. The Internet promotes free speech by giving all users a.

PRIVACY. In pairs Work out a definition of the word PRIVACY that you think makes sense You’ve got about 7 minutes...

RSC London 11 May 2011 e-Safety Your Legal Duties 1.

Use Policies Deputy Attorney General Robert Morgester

1 Freedom of Information (Scotland) Act 2002 A strategic view.

Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.

13.6 Legal Aspects Corporate IT Security Policy. Objectives Understand the need for a corporate information technology security policy and its role within.

Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.

NOT PROTECTIVELY MARKED Child Sex Offender Disclosure Scheme Detective Sergeant Louise Wall National Coordinator for the Child Sex Offender Disclosure.

The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;

BTEC ICT Legal Issues Data Protection Act (1998) Computer Misuse Act (1990) Freedom of Information Act (2000)

The health and safety act was introduced to protect the welfare of people of the workplace. Before being introduced in 1974 it was estimated that 8.

Pre-Trial Procedures Search and Seizure.  The law seeks to balance individual’s right to privacy and need for police to conduct a thorough investigation.

TERENA Networking Conference 2005©The JNT Association, 2005 Network Performance Measurement: Privacy and Legal Issues Andrew Cormack, UKERNA

The Computer Misuse Act of1990 The Copyright, Designs & Patents Act of

What is a crime? Criminal law 1. What are we going to learn about? In this part you will learn about: the principles of criminal liability, crimes and.

s Protected by Fourth Amendment Right of Privacy By: Xavier Mulligan.

Data protection and compliance in context 19 November 2007 Stewart Room Partner.

Copyright … Strode’s College Laws students are free to make use of ‘Pdf Print files’ for study purposes (they should print them off and take them to class).

An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.

Human Rights Act, Privacy in the context of auditing Phil Huggins Chief Technologist, IRM PLC

ICT and the Law Mr Conti. Did you see anything wrong with that? Most people wouldn’t want that sort of information posted in a public place. Why? Because.

PRESENTATION NAME Arrest and Detention. Arrest and Detention Arrest and Detention Depending on the amount of physical evidence collected, the police may.

Can you share? Yes you can!! Angus Council Adult Protection Maureen H Falconer, Senior Policy Officer Information Commissioner’s Office.

Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.

Getting data sharing right for every child Maureen H Falconer Senior Policy Officer Information Commissioner’s Office.

Sharing Personal Data ‘What you need to know’ Corporate Information Governance Team Strategic Intelligence.

9.1 Audience Appreciation

Powers to stop and Search of Premises POLICE POWERS STOP & SEARCH and SEARCH OF PREMISES.

Sexting in Schools – How do we need to respond. Images or videos generated by children under the age of 18, or of children under the age of 18 that are.

Key Knowledge Confidentiality Year 4 Medical Ethics and Law Thread Course The Ethox Centre, University of Oxford.

Canada’s Justice System Chapter 2 Review. No one, no matter how important or powerful, is above the law - not the government; not the Prime Minister;

Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.

Freedom of Information Act ‘What you need to know’ Corporate Information Governance Team Strategic Intelligence.

Disclaimer This presentation is intended only for use by Tulane University faculty, staff, and students. No copy or use of this presentation should occur.

Section 4 Policies and legislation AQA ICT A2 Level © Nelson Thornes Section 4: Policies and Legislation Legislation – practical implications.

Higher Computing Science

Data protection issues in regulatory investigations

Restrictions, including those restrictions permitted by the European Convention on Human Rights Police powers of stop and search.

Unit 7 – Organisational Systems Security

Pre-Trial Procedures Search and Seizure.

Responding to Disclosures of Abuse and Duty to Report

Presentation transcript:

Copyright JNT Association Striking a Balance: Privacy and Legal Issues in Network Management Andrew Cormack Chief Regulatory Adviser, UKERNA

Copyright JNT Association Networks are full of Dilemmas Investigating faults or misuse –Prevent future misuse, or limit current disruption/privacy breach Investigating crimes –Protect victim, or protect investigator? Monitoring AUP Compliance –Protect organisation/community, or individual privacy? Content filtering –Protect individual’s morals, or his/her privacy? Free speech –Protect against offence, or permit expression of opinions? Marketing –Provide good customer service, or intrude on their private life?

Copyright JNT Association How to resolve these? Know what objective is Find a reasoned, reasonable balance –Harm if we do vs harm if we don’t –This will vary between organisations Act (if at all) in least intrusive way to achieve objective Ensure powers to act aren’t abused –Serious breach of trust if they are Tell users what we will do –And what the rules are Behave professionally –UKERNA’s System Administrator’s Charter may help

Copyright JNT Association What is reasonable? “ Reasonable” varies –Depending on circumstances and culture –Schools probably different from universities Can you justify your decision to your users? –If so, it’s probably reasonable! NB Powers subject to controls and sanctions are more likely to be seen as “Reasonable”

Copyright JNT Association Why does it matter? (1) Users’ reactions –They don’t like being surprised –Or feeling you are just snooping on them Organisation’s reputation –How do prospective students, parents, funders feel? –Are you happy with your press cuttings? Contracts with others (e.g. service providers)

Copyright JNT Association Why does it matter? (2) Reactions of your victims –Civil law may allow them to seek reparation –Or prohibit you from doing it again Reaction of society –Criminal law may lock up you (more likely your managers if you are working under instruction), fine the organisation, etc. Need to manage all these risks –“manage” does not always mean “eliminate”

Copyright JNT Association What does law control? NB These are “controlled”, not “prohibited” Use of Personal Data (DPA 1998) –Note that IP and addresses are personal Reading/recording information off networks (RIPA 2000) Reading files (HRA 1998) Publishing obscene, racist, terrorist, copyright, defamatory, etc. material –But you are protected until you are told about them –Note that only the rare ones are criminal, most are civil

Copyright JNT Association And what does it require? Ensure actions have a clear purpose Ensure actions are necessary and proportionate Have controls to prevent accidental/deliberate abuse of powers Inform users of what you are doing –Unless notification would defeat the purpose –But use this excuse sparingly! See slide 3

Copyright JNT Association So… Document your rules, procedures and controls –If you aren’t happy with them yourself, make them better –System/network managers are prime suspects Agree rules and procedures with your organisation –If they aren’t happy with them, make them better –If you have their backing, you have little (personally) to fear Explain rules/procedures to (selected) users –If they aren’t happy with them, make them better –Or explain them better! Now you have nothing to be ashamed of!

Copyright JNT Association

Copyright JNT Association What’s new in the law (2006)?

Copyright JNT Association Recent Cases War-driving (Communications Act 2003, s. 125) –“Dishonestly obtaining communications services” - £500 fine No requirement that service be protected, or use cause loss! But must be a deliberate act –So what is dishonest? Does it depend on SSID and location? DoS attacks (Computer Misuse Act 1990, s. 3) –Flooding a mailhub with authorised? –Youth Court says yes; Appeal Court says no, so s.3 applies Test: “Would owner have agreed, if asked? No!” – Hmmm Police and Justice Bill will make it an explicit offence –Two months curfew Illegal interception (RIPA 2000) –Re-configuring mail server to copy all mails to someone else –£20,000 fine + costs + suspended prison sentence

Copyright JNT Association New Laws Terrorism Act 2006 –Notice and take-down of terrorist material Notice sent to senior executive of organisation –Two working days to respond Or organisation is held to approve the material RIPA 2000 (Pt 2 Ch 1) Code of Practice –Covers disclosure notices for traffic data –Documents existing practice

Copyright JNT Association Topics of Discussion 1 Blocking Illegal-to-Possess Content –Pressure on ISPs to prevent access to content on IWF list by next year –Currently, indecent images of children Hacking Tools (Police & Justice Bill) –Criminalise supplying tools for CMA offences With intent or likelihood that they will be so used –Authorised use is still fine under CMA 1990

Copyright JNT Association Topics of Discussion 2 Extreme Pornography (proposed legislation) –Will become illegal to possess Currently only publishing is illegal (OPA 1957) –“Good reason” defence to be included Access to encrypted material (RIPA 2000) –Existing power (Pt 3) to be switched on –Order to decrypt material seized by police Rarely, may be required to disclose a key –2-5 years in prison if you refuse to do so If court believes you could have disclosed/decrypted

Copyright JNT Association Topics of Discussion 3 DoS attacks (Police & Justice Bill) –CMA1990 s3 to become “unauthorised interference” Data Preservation after major incidents –ACPO working group to develop better process DPA1998 s.55 (DCA consultation) –2 years in prison for deliberate unauthorised disclosure of personal data (“What Price Privacy?” report by Information Commissioner) Currently only a fine – a “business expense” to some