Last updated: 
8 hours 20 min ago
Blog Manager
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

Consultation: Assessing the impact of (re-)using campus data

Our university and college buildings already contain a surprising number of sensors that could collect information about those who occupy them. At a recent event I spotted at least half a dozen different systems in a normal lecture room, including motion detectors, swipe card readers, wireless access points, the camera and microphone being used to stream the event, and Bluetooth and other transmissions from the many laptops and devices we were all carrying.

There is increasing interest in using data from these sensors – and new ones installed for specific purposes – to make our campuses "better" in many different ways. A paper by Aion et al groups these possibilities into six categories: those that directly affect students' learning; those involved in managing campus infrastructure; those that facilitate collaboration; those that provide institutional accountability; those that protect the environment, for example by improving energy efficiency; and those that create a healthy environment for learning and living.

With such a wide range of sensors and data to process and combine, and such a wide range of purposes, we need some way to assess the risks and benefits our plans will create for those who use the campus. Some possible uses of data will provide high benefit at very low risk: others will involve such high risks that, even with all possible mitigations used, they cannot be justified for the likely benefit.

To guide universities and colleges through this complex area, we’ve written a draft Data Protection Impact Assessment Toolkit, inspired by a Toolkit approved by European Regulators for RFID applications back in 2011. It is designed to help you work out how intrusive a particular application might be, what risks might arise, and what mitigations might be available to reduce these to an acceptable level. We'd very much welcome feedback on the toolkit: please send your comments to <Andrew.Cormack@jisc.ac.uk> by the end of April.