Last updated: 
1 month 4 weeks ago
Blog Manager
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

MoJ Evidence on EC Data Protection proposal

Wednesday, July 4, 2012 - 17:02

I've just sent in a Janet submission to the Ministry of Justice's Call for Evidence on the EU Data Protection proposals. Our response mentions the good and bad things about the proposal, as discussed here previously, for

  • Internet Identifiers: still no clarity on when IP addresses etc. are personal data, but at least more realistic provision for when they are;
  • Incident Response: good to have this explicitly recognised as important for protecting privacy and building trust, but some risk that legislation may create barriers to necessary and proportionate sharing of information about incidents;
  • Breach Notification: concern that timescales for reporting (and penalties for not meeting them) are unrealistic and may skew incident response priorities;
  • Cloud Computing: looks helpful for consumer clouds, but leaves the existing uncertainties for those outsourcing to cloud providers.