The Information Commissioner has published new guidance on when information will be ‘held’ by a public authority for the purposes of the Freedom of Information Act (note that Scotland has its own law and guidance). Paragraphs 28-36 of the guidance deal with the tricky topic of deleted computer files and backups. The guidance suggests that […]
Category: Articles
Thoughts on regulatory and ethical issues relating to the use of technology in education and research
Defamation Bill – House of Lords
The Defamation Bill arrived in the House of Lords this week. Most of the debate concentrated on how to reform the definition of defamation and the court processes for dealing with it. However Lord McNally (at Column 934) gave a good summary of the twin problems affecting websites that host content provided by third parties: […]
One of the big challenges in designing policies and architectures for federated access management is to reconcile the competing demands that the system must be both “privacy-respecting” and “just work”. For an international access management system to “just work” requires information about users to be passed to service providers, sometimes overseas. The information may be […]
The Information Commissioner has published new Guidance on the Use of Cloud Computing for organisations who are, or are considering, using cloud services to process personal data. The benefits of clouds are recognised: these may include “increased security, reliability and resilience for a potentially lower cost”. However cloud customer organisations may also “encounter risks to […]
Responsible ISPs in Latvia
Earlier in the year I wrote about the German ISP Association’s scheme to remove the economic disincentive for ISPs to inform their customers of botnet infections on their PCs by providing a centrally-funded helpdesk. In Latvia a different approach has been taken: providing a “responsible ISP” mark that consumer networks can use on their websites […]
The ASPIRE study on the future of National Research and Education Networks calls for European NRENs to work together on a common approach to cloud computing. The European Commission has just published a Cloud Strategy that also seeks a common European approach, noting that “faced with 27 partly diverging national legislative frameworks, it is very […]
ENISA on cyber incident reporting
ENISA have published an interesting report on cyber incident reporting. Their scope is wide – incidents range from the failure of a certificate agency to storms creating widespread power (and therefore connectivity) outages. In each of these areas they find a common pattern, where governments are trying to encourage (or mandate) notification of incidents in […]
BYOD toolkit
The US Government’s CIO Council has published an excellent toolkit to help organisations develop appropriate policies for employees to use their own laptops and smartphones for work (known as Bring Your Own Device or BYOD). The toolkit identifies three different technical approaches to controlling the security of the organisation’s information: Use virtualisation so that the […]
The Defamation Bill completed its passage through the House of Commons this week with only minor changes to the provisions for third party postings on websites: A new power (New Clause 1) will be created for a court to order takedown of an article if it has been the subject of a successful defamation case. […]
Federations: next challenges
Last week’s REFEDs and VAMP meetings in Utrecht invited identity federations to move on to the next series of technical and policy challenges. Current federations within research and education were mostly designed to provide access to large commercial publishers and other services procured by universities and colleges for their individual members. Services and arrangements are […]