Last updated: 
5 days 14 hours ago
Blog Manager

One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks.

Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers.

NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Filter by tags:

Group administrators:

Blog Article

In data protection circles, the phrase "Safe Harbour" doesn't have a great reputation. Wikipedia describes those as setting hard boundaries around an area where "a vaguer, overall standard" applies. Famously, in 2015, the European Court of Justice struck down the data protection Safe Harbor arrangement negotiated between the European Commission and the US Government.

Blog Article

The Government's new White Paper on Online Harms is strikingly wide in both the range of harms identified, and the range of entities asked to play a part in reducing them. The White Paper envisages that harmful content could be spread through any online facility that allows individual users to share content, to find content shared by others, or interact with each other.

Blog Article

To my ex-programmer ears, phrases like "web 2.0" and "industry 4.0" always sound a bit odd. Sectors don’t have release dates, unlike Windows 10, iOS 12 or Android Oreo. Oddly, one field that does have major version releases is the law: it would be quite reasonable to view 25th May 2018 as the launch of Data Protection 3.0 in the UK. Looking at past release cycles, it seems likely to be fifteen to twenty years before we see version 4.0.

Blog Article

Incident response teams often share information when investigating incidents. Some patterns may only become apparent when data from different networks are compared; other teams may have skills – such as analysing malware – to understand data in ways we cannot. Since much of this information includes IP or email addresses - information classed as Personal under data protection law - concerns have arisen that attackers might be able to use the law to frustrate this sharing.

Blog Article

The Government's powers make orders relating to information about communications have now moved from the Regulation of Investigatory Powers Act 2000 to the Investigatory Powers Act 2016. The associated Code of Practice provides useful information on the process for issuing three types of notice in particular: Communications Data Requests, Technical Capabilities Orders and Data Retention Notices.

Blog Article

At last week's Jisc Security Conference I presented a talk on how we've assessed a couple of Jisc services (our Security Operations Centre and Penetration Testing Service) from a data protection perspective. The results have reassured us that these services create benefits rather than risks for Jisc, its customers and members, and users of the Janet network.

This post links together:

Prev | Next