I was recently invited by EDUCAUSE to present a webinar on GDPR to their community of mostly North American universities and colleges. The number of participants indicates that European data protection law is a topic of interest. But the most common question was why, as non-EU organisations, they should care about GDPR. So I wrote […]
The Forum of Incident Response and Security Teams (FIRST) invited me to write a piece on how GDPR affects security and incident response. Summary: it makes them pretty much essential 🙂
Education Technology have just published an article I wrote (though I didn’t choose the headline!) on how security and incident response fit into the General Data Protection Regulation. It aims to be an easy read: if you want something more challenging follow the “incident response protects privacy” link to get the full legal analysis.
To mark one year to go till the General Data Protection Regulation comes into force, we’ve published an article on “How Universities and Colleges Should be Preparing for New Data Regulations” on the Jisc website.
At the request of the Research Councils UK e-Infrastructure group, Janet established a working group from 2013-2016 to support those providing and using e-infrastructure services in achieving an approach that both protects services from threats and is usable by practitioners. More detail about the group can be found in the Terms of Reference. The Working […]
While some e-infrastructures included accounting in their design and operations from the start, others are now being asked or required to add accounting support to their existing systems. Typically accounting forms part of a relationship between the infrastructure and some other organisation – perhaps a funder, host or customer – rather than the infrastructure’s relationship […]
After (too) many years, I’ve turned the ideas from my original TF-CSIRT documents into a formal academic paper, which has just been published in the open access law journal, SCRIPTed: Andrew Cormack, “Incident Response: Protecting Individual Rights Under the General Data Protection Regulation”, (2016) 13:3 SCRIPTed 258 https://script-ed.org/?p=3180 The new General Data Protection Regulation provides […]
Abstract: Reconciling big data techniques with a legal approach relying on prior consent has proved difficult. By definition, when organisations collection personal information for data-led investigations they do not know what the results and impact of their processing will be. This paper suggests how other parts of the current European data protection framework can provide […]
This document provides an introduction to the work of the UK e-Infrastructure Security and Access Management Working Group and the papers it has published. JR0059_E-INFRASTRUCTURES_WORKING_GROUP_SUMMARY Members of the group are: Stephen Booth, Edinburgh Parallel Computing Centre Peter Boyle, Edinburgh University David Britton, Glasgow University John Chapman, Jisc (Secretary) Andrew Cormack, Jisc (Chair) Darren Hankinson, Manchester […]
The various organisations participating in an e-infrastructure are likely to have their own policies on its use; harmonising those policies offers an opportunity to implement them more accurately, efficiently and effectively. This paper discusses how policies are likely to interact and how those developing policies can benefit from the coordination provided by using a common […]