Regulatory Developments

Last updated: 
2 days 15 hours ago
Blog Manager

One of Janet’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks.

Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers.

Filter by tags:

Group administrators:

Blog Article

The European Court's declaration today that the European Commission's fifteen year old decision on the US Safe Harbor scheme is no longer reliable is another recognition that Data Protection requires continuing assessment, rather than one-off decisions. European regulators have been recommending for years that neither data controllers nor companies to which they export data should rely on Safe Harbor certification alone. The U.K.

Blog Article

A helpful comment on page 3 of the Information Commissioner’s discussion of the latest (Council) draft of the General Data Protection Regulation:

We reiterate our view that there must be realistic alternatives to consent – for example 'legitimate interests' where the data processing is necessary to provide the goods or services that an individual has requested.

Blog Article

The Information Commissioner has published updated and extended guidance on the use of the Data Protection Act's "section 29" exemption, based on cases and wider experience. This exemption is often used to release personal information (such as computer or network logs) to the police or other authorities investigating crimes, so sections 33-52 in particular are worth reading as a refresher.

The points I'm most often asked about are:

Blog Article

A question that comes up from time to time when discussing federated access management is "how can I rely on another organisation to manage accounts for me?". Federation saves services the trouble of managing user accounts by instead delegating the job to an external identity provider, but it's entirely reasonable to think carefully about that. Why should any service trust someone else to manage the keys to its valuable content?

Blog Article

Recently I had a thought-provoking discussion on Twitter (thanks to my guides) on the practice of setting your users phishing tests: sending them e-mails that tempt them to do unsafe things with their passwords, then providing feedback. I've always been deeply ambivalent about this. Identifying phishing messages is hard (see how you do on OpenDNS's quiz), and creating "teachable moments" may well be a good way to help us all learn.

Blog Article

There's a tension between network neutrality - essentially the principle that a network should be a dumb pipe that treats every packet alike - and network security, which may require some packets to be dropped to protect either the network or its users. Some current attacks simply can't be dealt with by devices at the edge of the network: if a denial of service attack is filling your access link with junk then nothing you do at the far end of that link can help.

Prev | Next