Legal/Data Privacy

national smartcard project logo

Introductory Report WP8-13v2.0

Friday, 7 May 2004

Introduction to the Legal and Data Protection section of the National Smart Card Project

Word WP8-13 Introductory Report v2.0 Release (542.50kb)

1. Introduction

This paper introduces a series of reports prepared by the Legal and Data Protection section of the National Smart Card Project.
1.1 The Reports consist of the following:

  •  WP8-01 Financial Services Regulation Report
  •  WP8-02 Card Governance Report
  • WP8-03 Security Issues Report (incorporating electronic signatures, PKI and certification issues)
  • WP8-04 Information Law Report (incorporating Data Protection Toolkit)
  •  WP8-05 Public Procurement Regulations Report
  • WP8-07 Corporate Report
  • WP8-08 Risk Register
  • WP8-09 Commercial Conditions of Contract
  • WP8-10 Review of the outputs of the Procurement section of the NSCP
  • Constitutional Documents

This report functions as an over-arching introduction that should be read in conjunction with each of the Reports. 

Cross Certification Certification WP 8-12v2.0

Friday, 7 May 2004

A sample cross certification agreement between a joint public sector body such as LASSeO and any Certification Authority.

Word WP8-12 - Cross Certification Agreement -V2.0 Release (367.00kb)

This document has been prepared as a sample cross certification agreement between a joint public sector body such as LASSeO and any Certification Authority. It has therefore been preserved in form as a legal document. It is not intended to be prescriptive and although it refers specifically to LASSeO, it could, suitably amended, be used between any two Certification Authorities. 

In preparing the Cross Certification Agreement assumptions have been made about the following;

  • Ownership & Maintenance
  • Legal personality
  • Charges
  • BS7799 compliance
  • Indemnity
  • Competence of Certification Authorities
  • Personal data - data processing

Intellectual Property Report WP8-11v

Friday, 7 May 2004

This report covers the most common forms of Intellectual Property Rights.

Powerpoint IP Slides (108.50kb)
Word WP8-11 Intellectual Property Report v2.0 Release (526.50kb)

Ownership of ideas and information is inherently difficult to protect.  However, this is exactly what the law seeks to preserve through Intellectual Property Rights (IPR).  The most common forms of IPR are: copyright, trade marks, patents, design rights and database rights, but this is by no means an exhaustive list.  All of the IPRs mentioned are governed by statute.  Which form of IPR is most appropriate in any given context will depend on the exact nature of what is being protected. This document covers the following;

  • Copyright
  • Trade Marks
  • Patents
  • Joint Ownership of IPR
  • Joint Buying Groups
  • Crown Copyright
  • Open Source Software

Commercial Conditions Checklist WP8-09v

Friday, 7 May 2004

This document provides checklists in which details of the main commercial terms to be included in certain of the contracts to be entered into by the Card Issuer are described

Word WP8-09 - Commercial Conditions Checklist - v3.0 Release (1.07mb)

This document provides checklists in which details of the main commercial terms to be included in certain of the contracts to be entered into by the Card Issuer are described.  The checklists are designed to provide guidance to commercial members of the Card Issuer's contracts teams as to the key terms which the Card Issuer may wish to include in each of the relevant agreements.  In addition the checklists may act as an aide memoire  for the lawyers acting on behalf on the Card Issuer.

Risk Register WP8-08v3.0

Friday, 7 May 2004

The Risk Register identifies the key legal risks that may arise in relation to a Smart Card Scheme.

Powerpoint Risk Register1.ppt (94.00KB)
Word WP8-08 Risk Register V3.0 release (863.50kb)

The Risk Register identifies the key legal risks that may arise in relation to a Smart Card Scheme and the methods by which those risks can be mitigated by the Card Issuer, where applicable.

The Risk Register has been designed for use by Card Issuers both during the evaluation phase of a proposed Scheme to assess potential risks, and when faced with a problem during the live operation of a Scheme.

Corporate Structures WP8-07v3.0

Friday, 7 May 2004

There are a number of different types of business entity that may be used in the UK. Some of these factors are outlined in this report

Corporate Structures1.ppt (132.50kb)

Word WP8-07 Corporate structures V3.0 Release (728.00kb)

1.1 General
There are a number of different types of business entity that may be used in the UK.  The choice of business entity decided upon in any given situation will be driven by many factors - some of these factors are outlined in the relevant following sections of this report.

The various entities fall broadly into the following categories:

  • A company
  •  A limited liability partnership (or LLP)
  • A partnership
  • A joint venture
  • A non-profit distributing organisation (or NPDO)

Companies, LLPs and partnerships are entities legally defined under UK law.  In contrast, a joint venture is a general term used to describe the joining forces of two (or more) entities, either for a specific project or on a more general ongoing basis.  In a joint venture, the legal entity could be a company or a partnership, or the joint venture could simply be on a contractual basis.  Similarly, an NPDO is not a legally defined entity and usually takes the form of a company limited by guarantee or an industrial and provident society.
1.2 Companies
A UK company can take one of the following forms:

· A company limited by shares
· A company limited by guarantee
· An unlimited company.
A company limited by shares or limited by guarantee can be either a private company or a public company.  Only a public company is able to offer its shares to the public, and it is the ability to raise finance in this way that often leads a company to seek public company status. 
1.3 Partnerships
A business may be carried on in the UK as a partnership.  Individuals, companies and other entities may be partners.  A distinction is drawn between:

  • general partnerships, where the partners have an unlimited liability for the debts and obligations of the partnership, and;
  • limited partnerships, where one or more general partners have unlimited liability and limited partners are liable up to the amount of their capital contributions.

Limited partnerships are not used a great deal in the UK.
1.4 Limited Liability Partnerships
A limited liability partnership, or LLP, is a body corporate with a legal personality separate from that of its partners (who are known as members).  An LLP is essentially a corporate business vehicle that combines the flexible structure of a partnership with the benefits for its members of limited liability.  However, unlike limited liability companies, LLPs have no share capital and are not subject to any capital maintenance requirements.
1.5 Joint ventures
A joint venture, which may be structured in a number of ways, can be characterised as an enterprise or venture between two or more parties to carry out and share the profits of a designated business or project.  The venture can take the form of a partnership or a company in which the joint venturers are shareholders.  A third alternative is that the venture could simply be the subject of contractual arrangements between the relevant parties.
1.6 Non-profit distributing organisations
An NPDO will usually take the form of a company limited by guarantee (see part 4.2 c) or an industrial and provident society.  An industrial and provident society is a corporate entity, they key legislation on which can be found in the Industrial and Provident Societies Act 1965.  NPDOs can provide efficient mechanisms for providing services although historically such entities have not featured strongly across the board in relation to Local Authorities.

Public Procurement WP8-05v3.0

Thursday, 6 May 2004

Public procurement law issues for a Local Authority procuring works, supplies or services for the purposes of a Smart Card Scheme.


Word WP8-05 - Public Procurement - v3.0 Release (725.00kb)

This report concentrates on the public procurement law issues for a Local Authority procuring works, supplies or services for the purposes of a Smart Card Scheme.

No recommendation is made in this report as to the most appropriate procurement model to be adopted as this will depend on the particular circumstances of the Scheme.

Data Protection and Information Law WP8-04v3.0

Thursday, 6 May 2004

This report considers the information law issues connected with a Smart Card Scheme.

Powerpoint Information Law1.ppt (114.00kb)
Word WP8-04 data protection and info law V3.0 release (1.17mb)

This report considers the information law issues connected with a Smart Card Scheme.  It applies the general information law issues to the specific circumstances of a Smart Card Scheme.  An overview of information law issues is set out in Appendix 2.  However, as the design of a Smart Card Scheme is something that will vary in each case this report is designed as a starting point for raising awareness of the issues to be considered.  It is not a substitute for taking specific legal advice on each Scheme.

The Office of the e-Envoy draft policy framework "Smart Cards: Enabling e-Government" cites four principal hurdles to the successful delivery of smart card services and their take-up by citizens.  Of these, two are directly relevant to information law - the need to safeguard citizens' rights in respect of Data held about them and the requirement to demonstrate someone is who they say they are, online. In addition, a MORI survey commissioned by the DCA in 2003 revealed that 60% of the public are very or fairly concerned about public services sharing their personal information. It is therefore vitally important that Card Issuers build in a consideration of the information law issues when establishing a Smart Card Scheme and that they build in compliance throughout the lifecycle of a Scheme.

Security Issues WP8-03v3.0

Thursday, 6 May 2004

This report considers the legal issues connected with electronic signatures, PKI, biometric identifiers and the security measures set out in ISO 17799

Powerpoint Security Issues1.ppt (128.50kb)
Word WP8-03 Security issues V3.0 Release (882.00kb)

This report considers the legal issues connected with electronic signatures, PKI, biometric identifiers and the security measures set out in ISO 17799. It charts the legal background to the above issues, and considers the current position under English law. Section 7 of this report considers the issues in the context of a Smart Card Scheme and the way in which certain risks may be managed by means of contract.

Card Governance WP8-02v2.0

Thursday, 6 May 2004

This report considers the legal issues connected with the card governance aspects of a Smart Card Scheme.

Powerpoint Card Governance (158.00kb)
Word WP8-02 Card Governance v2.0 Release (933.00kb)

This report considers the legal issues connected with the card governance aspects of a Smart Card Scheme. It looks at the legal issues that may arise in the establishment and operation of a Smart Card Scheme and the way in which certain issues may be managed by means of contract. An overview of the basic principles of contract law is set out in Appendix 2.

Financial Services Report WP8-01v5.0

Thursday, 6 May 2004

Key legal issues surrounding financial services regulation and consumer protection.

Powerpoint FSMA1.ppt (111.50kb)
Word WP8-01 Financial Services Report V5.0 Release (598.00kb)

This report sets out to investigate the key legal issues surrounding financial services regulation and consumer protection as it may impact on e-money, debit facilities and credit facilities if they were to be made available on a Local Authority Smartcard.