Organisations connecting to Janet are required to implement three policies: the Eligibility Policy determines who may be given access to the network; the Security Policy sets out responsibilities for protecting the security of the network and its users; the Acceptable Use Policy identifies a small number of act
Recently I've been doing some work with Niall Sclater on how education organisations might inform students about the use of learning analytics, and when they might seek students' consent. The resulting blog post is at https://analytics.jiscinvolve.org/wp/2017/02/16/consent-for-learning-analytics-some-practical-guidance-for-institutions/
Last October the European Court of Justice confirmed that websites do have a legitimate interest in security that may justify the processing of personal data. That case (Breyer) overruled a German law that said websites could only process personal data for the purpose of delivering the pages requested by users. As far as I know, everywhere else in Europe the use of logs to secure websites is accepted as lawful.
After (too) many years, I’ve turned the ideas from my original TF-CSIRT documents into a formal academic paper, which has just been published in the open access law journal, SCRIPTed:
The European Commission recently published wide proposals to reform copyright law. One particular concern is that the proposals appear to reduce the existing legal protections for sites that host third party content.
Anyone who has looked at an information security standard is likely to be familiar with the idea of an Information Asset Register. These cover the What and Where of information that an organisation relies on: what information do we hold, and where is it kept.
Many of the requirements of the General Data Protection Regulation (GDPR) point to an extension of this idea: something more like an Information Lifecycle Register. This would add
According to Parliament's website, "outstanding issues on the [Investigatory Powers] Bill were resolved on 16th November". The Bill now passes to its final formal stage, Royal Assent, after which it will be the Investigatory Powers Act.