PECR: Security of Communications Services (Regulation 5)
Security of Public Electronic Communications Services [Reg 5]
Rule: Providers of public electronic communications services must take appropriate measures to safeguard security.
Requirements
| Requirement | Details | Citation |
|---|---|---|
| Appropriate measures | Must take appropriate technical and organisational measures | Reg 5(1) |
| Safeguard security | Of services and personal data | Reg 5(1) |
| Proportionate to risk | Having regard to state of art and cost | Reg 5(1) |
| Network security | Must ensure security of the network | Reg 5(1A) |
| Inform users | Of particular risks to security | Reg 5(2) |
| Inform of remedies | Tell users how to protect themselves | Reg 5(2) |
Source Text
5.—(1) Subject to paragraph (2), a provider of a public electronic communications service must take appropriate technical and organisational measures to safeguard the security of that service having regard to— (a) the state of technological development; (b) the cost of implementing any measures; and (c) the nature of the data to be protected.
(1A) A provider of a public electronic communications service must also take appropriate measures to safeguard the security of the public electronic communications network.
(2) If necessary, measures taken by a provider of a public electronic communications service under paragraph (1) may be taken in conjunction with the provider of the public electronic communications network with respect to the security of that network.
(3) Where there remains a significant risk to the security of the public electronic communications service, a provider of a public electronic communications service must— (a) inform subscribers of that risk; (b) if the risk lies outside the scope of the measures to be taken by the service provider, inform subscribers of any possible remedies, including an indication of the likely costs involved.