posted 3 years ago
UK legislation for public Wi-Fi includes the Data Protection Act, European Directive for Data Retention Regulations 2009, the Code of Practice (Anti-Terrorism, Crime and Security Act 2001), Regulation of Investigatory Powers Act 2000 and Digital Economy Act 2010, for which the venues are liable. If a customer sustains loss as a result of accessing your insecure public Wi-Fi service then you will not be protected from liability, if you are not complying with PCI DSS. If some criminal or illegal activity occurs via the public wifi, and you are not able to identify the person committing the crime, then the service provider could be held responsible.
To meet the requirement of the Data Retention Regulations (Part 3) the records of the following information must be stored:
- The user ID allocated.
- The user ID and telephone number allocated to the communication entering the public telephone network.
- The name and address of the subscriber or registered user to whom an Internet Protocol (IP) address, the user ID or telephone number was allocated at the time of the communication.
- The date and time of the log-in to and log-off from the internet access service, based on a specified time zone