Last year, I was invited to give a talk “on GDPR” to NISO, an organisation that develops standards for managing digital information. While most of my thinking and writing has looked at applying data protection law to existing systems, this seemed like a good opportunity to think about how you might use it at an […]
Category: Publications
Links to articles etc. published in journals or other websites
Categories
A Pathway Towards AI Ethics
We can probably agree that “Ethical Artificial Intelligence” is a desirable goal. But getting there can involve daunting leaps over unfamiliar terrain. What do principles like “beneficence” and “non-maleficence” mean in practice? Indeed, what is, and is not, AI? Working with the British and Irish Law, Education and Technology Association (BILETA), Jisc’s National Centre for […]
[UPDATE: slides from my TF-CSIRT presentation are now available] Several years ago I wrote a paper on using the GDPR to decide when the benefits of sharing information among network defenders outweighed the risks. That used the Legitimate Interests balancing test to compare the expected benefits – in improving the security of accounts, systems or […]
Categories
Incident Detection and GDPR
Great to have my paper – “Processing Data to Protect Data: Resolving the Breach Detection Paradox” – published by ScriptEd. Everything you always wanted to know about logfiles and the GDPR: Why Data Protection requires breach detection; What’s the GDPR “Purpose” of breach detection; What’s “Necessary”, when it comes to breach detection; What Safeguards are […]
Categories
IDPro Body of Knowledge
I was delighted to be invited to contribute an article to IDPro’s Body of Knowledge for professionals working in the field of digital identity. Mine is (of course) on how the GDPR applies to identity management. But as well as standards and regulation the collection is steadily expanding to cover things like privacy for consumers, […]
WONKHE has published my article on the need to be careful in introducing, and withdrawing, with any post-virus data processing (the absolute sub-head isn’t mine!) Maintaining trust in university data handling
Categories
Remote Invigilation/e-Proctoring
An article, on “The value of e-proctoring as Exams move on-line”/”Technology can reduce exam stress”, was published in University Business (6/5/20) and the Jisc website (13/5/20).
Having acted as programme chair for the FIRST Security and Incident response conference last year, I also got to co-edit the special conference issue of the ACM journal Digital Threats: Research and Practice (DTRAP). FIRST sponsored the journal, so our issue is open access, available for anyone to read. Topics covered: Using power consumption to […]
[Re-purposing an unused introduction to my full paper – “See no… Hear no… Track no..: Ethics and the Intelligent Campus” – that was published in the Journal of Information Rights, Policy and Practice this week] The Intelligent Campus is a microcosm of the Smart City. Smart cities, according to Finch and Tene, may be “more […]
I was recently invited by EDUCAUSE to present a webinar on GDPR to their community of mostly North American universities and colleges. The number of participants indicates that European data protection law is a topic of interest. But the most common question was why, as non-EU organisations, they should care about GDPR. So I wrote […]