[UPDATE 2nd June 2020: thanks for your feedback. Final text has now gone into the Jisc production process :)]
Jisc has been providing expert, trusted advice on digital technology in the education sector for more than 30 years. We know that technology and data have the ability to transform the student experience. But, as a membership organisation owned by research and educational institutions, we must ensure our advice and guidance are responsible and safe for students, staff and institutions. With universities and colleges concerned about wellbeing and mental health problems among students and staff, and suggestions that increased use of data might help them provide better support, we were delighted to have the opportunity of participating in the ICO sandbox to test our ideas of how this might be done without increasing the risks to students and staff.
In the event, our discussions with ICO colleagues have been even more productive than we had hoped. We have explored possible legal bases for processing personal data to support wellbeing and mental health services and expanded our draft Code of Practice to include all relevant safeguards. In addition, with the ICO’s encouragement and support, we have developed new tools for educational institutions to conduct Data Protection Impact Assessments (DPIAs) for their planned activities and to assess purpose compatibility when considering new data sources. These tools should help institutions meet their accountability duty in the General Data Protection Regulation (GDPR).
Having completed our sandbox engagement we are now conducting a public consultation on the Code of Practice, including its Data Protection Impact Assessment and Purpose Compatibility Assessment Annexes.