Security

IP Addresses, Privacy and the GDPR
It's well-known that the General Data Protection Regulation says that IP addresses sho...

Andrew Cormack

The advantages of network segmentation
Running traditional flat networks is now an ageing...

Julian Fort

Cyber security posture survey 2018 - How...
Building on the success of last year’s Cyber security posture survey, from March to May this year we surveyed Jisc members to better understand their security posture. We had a great responses from 118 different organisations: 65 universities, 49 colleges, 2 research institutions and 2 Arts and Heritage organisations – so thank you to all of you who took the time to...

John Chapman
GDPR: What's your justification?
[Updated Sep.18 to repair links broken by the demise of the Article 29 WP website][Updated Oct.17 to include an example where multiple justifications are appropriate]One of the key steps in preparing for the General Data Protection Regulation is to know why you are processing each set of personal data, and which of the six legal justifications applies: consent, contract, legal ...

Andrew Cormack

Cyber security posture survey 2018 resea...
...

John Chapman

Penetration Testing - Legitimate Interes...
In developing our Data Protection Impact Assessmen...

Andrew Cormack
Janet Yorkshire Humberside service repor...
Service report for organisations in Yorkshire Humberside connected to the Janet network...

Richard Morgan

GDPR: Backups, Archives and the Right to...
I was recently asked how the GDPR's Right to Erasure would affect backups and archives. However that right, created by Article 17 of the GDPR, only arises when a data controller no longer has a legal basis for processing personal data. Provided an organisation is implementing an appropriate backup and archiving strategy, that shouldn't happen.The key point is that backu...

Andrew Cormack
Learning from Incidents
It's only lunchtime on the first day of the FIRST Conference 2018, and already two tal...

Andrew Cormack

Incident Statistics for April 2018
These statistics only relate to information collat...

James Cleeter

Janet Wales service report April 2018
Service report for organisations in Wales connected to the Janet network via PSBA...

Richard Morgan
GDPR: Recording Phone Calls
Most of us are familiar with the recorded messages at the start of phone calls that warn "this call may be recorded for compliance and training purposes". Some may recognise it as meeting the requirement to notify callers und...

Andrew Cormack

Janet Wales service report June 2018
Service report for organisations in Wales connected to the Janet network via PSBA...

Richard Morgan

Janet Kent service report June 2018
Service report for organisations in Kent connected...

Richard Morgan
Janet Yorkshire Humberside service repor...
Service report for organisations in Yorkshire Humberside connected to the Janet network...

Richard Morgan

How to check the validity of an ISO cert...
Many organizations want to check that their suppliers and partners are managing information security risk, and possession of an ISO 27001 certificate is often the preferred way to evidence this. If you are reliant upon the assuran...

James Davis
Janet North West Regional Delivery Servi...
Please find attached the North West region service report for the month of July 2018....

Gary Blake

Janet Kent service report July 2018
Service report for organisations in Kent connected...

Richard Morgan

Janet Wales service report July 2018
Service report for orgnisations in Wales connected to Janet via the PSBA...

Richard Morgan
Janet Cumbria Regional Delivery Service ...
Please find attached the Cumbria area service report for the month of July 2018....

Gary Blake

Janet Yorkshire Humberside service repor...
Service report for organisations in Yorkshire Humb...

Richard Morgan

Multifactor deployment
...

Michael Costello
Progress Report: ePrivacy Regulation
Alongside the 1995 Data Protection Directive (DPD) sat the 2002 ePrivacy Directive (ePD), explaining how the DPD should be applied in the specific context of electronic communications. In fact, particularly after it was amended in 2009, the ePD did a bit more than that, as it turned out to be a convenient place to insert new ideas such as breach notification and incident respon...

Andrew Cormack

GDPR: Twelve Steps, Sorted
Although the Information Commissioner's "Twelve Steps to Prepare" is an exce...

Andrew Cormack

GDPR: Alumni processes
Most universities maintain databases of alumni, fo...

Andrew Cormack
Learning Analytics: a new visualisation
Recently I've been presenting our suggested legal framework for learning analytics to audiences involved in teaching, rather than legal people. For that I've been trying out a different visualisation, which considers the teaching process as involving three layers:Teaching itself (red): during which we process the personal data that's needed to help students learn. T...

Andrew Cormack

WHOIS access for CSIRTs
Over recent months the GDPR has given extra weight to concerns - originally expressed by r...

Andrew Cormack

Janet South Service Report July 2018
Janet South Service Report July 2018...

Elaine Baker
Thames Valley Service Report July 2018
Thames Valley Service Report July 2018...

Emma Taylor

Are networks data processors?
As the GDPR approaches, several customer organisations have asked us if the Janet network will be offering a data processor contract. Presumably the idea is that the organisation that creates an IP packet is the data controller for the source IP address and that all the other networks that handle the packet on its journey are (sub-)processors.The law isn't clear on whether ...

Andrew Cormack