Last updated: 
1 week 4 days ago
Blog Manager
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

EU Network and Information Security legislation

Friday, October 12, 2012 - 09:32

I’ve submitted a Janet response to a European consultation on a future EU Network and Information Security legislative initiative. The consultation itself seems to suffer from “if you only have a hammer” syndrome: if you’re a legislator then it must be tempting to think that all problems (lack of reporting of “cybercrimes”, insecure end-user computers, etc.) can be solved by legislating. Our response suggests that it may be more productive to deal with the why and how – show organisations and individuals the benefits of being secure, and explain how they can do it.

The good news is that in a number of areas there is now evidence of that working: I’ve pointed out end-user services such as GetSafeOnLine and Germany’s anti-botnet service. It was also recently reported that most of the reports of privacy breaches to the UK’s Information Commissioner are now voluntary: organisations that don’t have a legal duty to report breaches are nonetheless seeking the Commissioner's help when they happen. Reporting, whether of breaches or attacks, seems much more likely to work where reporters see direct  benefits in terms of improved information and guidance on securing their own systems, as in ENISA’s new report on major outages in European telecommunications services.