Data Protection Regulation

11 February 2019 at 8:02pm
In a workshop at last week's AMOSSHE conference, we discussed how wellbeing analytics might be able to assist existing Student Support services.
31 January 2019 at 3:03pm
Shortly after we did out first Data Protection Impact Assessments, on the Janet Security Operations Centre and the Jisc Learning Analytics Service, the ICO published its
28 January 2019 at 3:18pm
Incident response teams often share information when investigating incidents. Some patterns may only become apparent when data from different networks are compared; other teams may have skills – such as analysing malware – to understand data in ways we cannot. Since much of this information includes IP or email addresses - information classed as Personal under data protection law - concerns have arisen that attackers might be able to use the law to frustrate this sharing.
14 January 2019 at 10:00am
Under current plans the UK will become - for data protection purposes - a "third country" when it leaves the EU.
12 December 2018 at 1:34pm
With the GDPR having now been in force for more than six months, my talk at this week's EUNIS workshop looked at some of the less familiar corners of the GDPR map. In particular, since EUNIS provided an international audience, I was looking for opportunities to find common, or at least compatible, approaches across the international endeavours of education and research. Topics covered: What is a University? Network and Information Security; Research; Learning Analytics; Intelligent Campus; and Wellbeing.
19 November 2018 at 2:34pm
I've been asked a number of times whether GDPR affects the sharing of information between incident response teams. This slideset discusses how GDPR encourages sharing to improve security, and provides a rule of thumb for deciding when the benefit of sharing justifies the data protection risk.
12 November 2018 at 11:49am
At last week's Jisc Security Conference I presented a talk on how we've assessed a couple of Jisc services (our Security Operations Centre and Penetration Testing Service) from a data protection perspective. The results have reassured us that these services create benefits rather than risks for Jisc, its customers and members, and users of the Janet network. This post links together:
27 September 2018 at 7:16am
An interesting observation made by a Dutch colleague earlier this week. The arrows in my standard model of learning analytics (here rearranged and recoloured to match the "swimlane" visualisation of the learning process) all mark "gatekeeper" points where information flow is filtered and reduced.
12 September 2018 at 8:06am
In developing our Data Protection Impact Assessment for the Janet Security Operations Centre we noted that our Penetration Testing service could involve high risks, but didn't really fit the DPIA framework.
17 August 2018 at 11:28am
Recently I've been presenting our suggested legal framework for learning analytics to audiences involved in teaching, rather than legal people. For that I've been trying out a different visualisation, which considers the teaching process as involving three layers:
Subscribe to Data Protection Regulation