The past few weeks’ media focus on the emergency data legislation being pushed through Parliament may appear irrelevant to many CTOs and public sector IT departments, who believe this legislation is only of concern to the general public, but in reality this is an area of their organisation that they should examine more closely.
- Any organisation offering Wi-Fi or other Internet services at its business locations must be compliant with several regulations stipulating that the end users of their network must be identifiable.
- The “commercial venues” in question range from hospitals and cafes, to conference facilities and shops, regardless of whether the internet access provided is free-of-charge or not.
- Any organisation unable to log and retain data which identifies its specific end users is breaking several laws which date back to well before the Edward Snowden saga and the emergency data laws currently being pushed through Parliament.
- Managed Connections is one of the UK’s leading providers of cloud-managed wireless networks and is already trusted by organisations that include several county police forces.
- Their solution to ensure an organisation is legally compliant could in fact turn the management of their wireless network from a cost centre into a valuable source of revenue.
You may think that the emergency data laws being pushed through Parliament over the past few weeks only concern the state and the individual. True. But did you know that your company or public sector organisation may already be breaking the law by allowing access to an unsecured or incorrectly managed Wi-Fi network?
Under UK legislation that includes the Data Retention Regulations 2009 (2006/24/EC) and the January 2004 Code of Practice (for Voluntary Retention of Communications Data) implemented under the Anti-Terrorism, Crime and Security Act 2001, certain types of data must be stored when allowing individuals access to the Internet through your Internet network. Both “traffic” and “location” data must be stored. This includes such information as an end user’s IP address, the time and data of access and the type of service accessed (e.g. an IMAP email server or an application such as Skype).
According to the Home Office, such data must be stored for a minimum of 12 months and, under the Regulation of Investigatory Powers Act (RIPA) 2000, an organisation must be able to access and then provide this data upon receipt of a court order. Other applicable legislation includes the Digital Economy Bill (2010) and the Data Protection Act 1998.
Aside from legal compliance per se, not knowing exactly who is accessing your wireless network, or for what general purpose, is worrying in the current climate surrounding such illicit Internet activities as the downloading of child pornography. The first that many organisations would know about the matter is when a court order demands that their organisation present information to identify an individual that they suspect has used their Wi-Fi network for such a criminal purpose.
The majority of organisations are inadvertently breaking the law by offering access to a Wi-Fi network without the proper logging and storage of this data. Since its foundation in 2009, Managed Connections has worked with a wide range of organisations that have sought a simple solution to the many rules governing the provision of an accessible Internet network. All of these organisations were automatically legally compliant at the point they switched to Managed Connection’s cloud-based wireless network management software, which allows for remote updates and the reconfiguration of a network’s access points to ensure it is always compliant with current UK legislation. All of the data required by law is logged, stored and easily accessible via the cloud-based management suite at any time.
Managed Connection’s cloud-based network management software does not only ensure that you are legally compliant, but also provides you with valuable insights into your network users.