Over recent months the GDPR has given extra weight to concerns – originally expressed by regulators fifteen years ago – about public access to information about individual registrants of DNS domains. This article considers the use of this WHOIS data by those handling information security incidents, and why this represents a benefit, rather than a […]
It’s only lunchtime on the first day of the FIRST Conference 2018, and already two talks have stressed the importance and value of reviewing incidents over both the short and long terms. In the very different contexts of an open science research lab (LBNL) and an online IPR-based business on IPR (Netflix), a common message […]
Since there was a lot of interest in my keynote presentation at the EUNIS 2018 conference last week, this post collects together the slides and the blog posts that provide further analysis and discussion of the ideas: Slides LA and GDPR v0-07 How to do Learning Analytics under the GDPR The role(s) of Consent Incorporating […]
I’ve been trying to produce a visual image to capture the twelve steps to GDPR compliance. For details of the individual steps see: Awareness Data Protection by Design Information Lifecycle Audit Breach Notification Process [Article 29 Working Party guidance] Legal Basis [Information Commissioner guidance] Privacy Notices [Article 29 Working Party guidance] Individual Rights Processes (inc.subject […]
The Information Commissioner’s new guidance on Consent under the General Data Protection Regulation contains some useful guidance for universities and colleges in particular. On the question of which legal bases are available to universities and colleges – in particular whether they are included within the GDPR’s disapproval of consent and legitimate interests being used by […]
Learning analytics dashboards, like the class mark books that long preceded them, show tutors a lot of information about their students. That could be pretty intrusive, so should universities and colleges be asking students to consent before tutors look at their data? I don’t think so, both because the students most likely to benefit are […]
The Article 29 Working Party has recently highlighted the importance of detecting and mitigating information security breaches. One of the key tools in doing this is logfiles: the European Court of Justice in Breyer v Germany recognised the role of web server logs, the Article 29 Working Party guidelines mention logs and network flow data. […]
The Government has published the Network and Information Security Regulations 2018, which will implement the EU NIS Directive in the UK from May 9th. The education sector is not covered by either law. Where we might have been inadvertently captured was in the provisions for DNS Services. These cover both authoritative domain servers and DNS […]
Like the current Data Protection Act 1998, the General Data Protection Regulation (GDPR) will apply to any research involving data about identifiable living individuals. Also like the Act, the Regulation provides for adaptation in a couple of areas where this is needed to make such research possible. All processing of personal data needs a legal […]
As the GDPR approaches, several customer organisations have asked us if the Janet network will be offering a data processor contract. Presumably the idea is that the organisation that creates an IP packet is the data controller for the source IP address and that all the other networks that handle the packet on its journey […]