When wireless networks can put you in the dock

gallery

They might warn you about some of the obvious risks - like viruses propagating unchecked across a badly secured network, or the leakage of confidential data following careless use of Wi-Fi hotspots.

However, there is another dimension to the dark side of wireless networks that your organisation may not have accounted for. The laws that govern use and storage of data have never been more numerous or more strictly enforced. The unseen and moveable nature of wireless access means that it's perfectly possible to wind up on the wrong side of one of these laws without being conscious of having done so. But ignorance of the law is no defence.

So what are you liable for?

"Your company is liable for anything that travels across your network and that includes wireless networks," warns Charlotte Walker-Osborn, a solicitor working for the Technology Group of legal firm Eversheds. "With wireless networks in particular, this is a can of worms just waiting to be opened."

It is not just what you do that can be a problem. Outsiders might use the network as an access point for hacking, or for distributing illegal pornography. In the latter case, provided no business sensitive or confidential information is disclosed, this may not necessarily lead to criminal liability for your company but the damage to your company's reputation could be severe.

The human angle

Most of the information stored on a PDA or on a laptop is likely to make reference to individuals and would therefore be classed as personal data under the Data Protection Act 1998. In which case, your business will need to ensure that its compliance with the Data Protection Act extends to this data. The most relevant section, although by no means the only one to be concerned with, is principle seven.

This section states that: "Appropriate technical and organisational measures must be taken against the unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data."

"This means that in the event of personal data being disclosed, your business would need to be able to show that such steps had been taken," says Walker-Osborn.

Linked to this is an obligation to comply with human rights legislation, especially the Human Rights Act 1998, Article 8 which sets out that: "Everyone has the right to respect for his private and family life, his home and his/her correspondence."

As such, it would be expected that a business should take care over the security of any and all documentation that contains sensitive information on individuals and particularly personnel files.

Watch out for confidentiality

There is potential for further liability for breach of confidentiality. Your company will have a duty naturally arising in law to preserve the confidentiality of your customers' and clients' confidential information when data is travelling across, or made accessible via, your network.

"You are also likely to have confidentiality agreements with your partners and customers, which would also be breached," says Walker-Osborn. "This could lead to having to pay money to the other company by way of damages and loss of business reputation."

There are also other contractual matters to think about. You are likely to have terms in your contracts with your existing internet or telecoms service provider that require you to ensure external users do not indulge in spamming or promulgating illicit content. If breached, these could lead to liability both in money terms but perhaps more seriously to the right for those companies to suspend the services they provide which would lead to significant business interruption. There are also likely to be many other obligations in your legal contracts with your customers obliging you to provide reasonable levels of security and the like. This will be less of an issue if you have carefully limited your risk and liability under those contracts.

Email to a friend

Print this page