Domain Name Service resolvers are an important source of information about incidents, but using their logs is challenging. A talk at the FIRST conference discussed how one large organisation is trying to achieve this. DNS resolvers are used legitimately every time a computer needs to convert from human-friendly names (such as www.google.com) to machine friendly […]
The Government has published its proposed guidance to universities, colleges and other specified authorities on what they will be expected to do to satisfy their duty under the Counter-Terrorism and Security Act 2015 to “to have due regard to the need to prevent people from being drawn into terrorism”. This guidance may not become law […]
While we’re still awaiting the announcement of the date when universities and colleges will have a legal duty to “have due regard to the need to prevent people from being drawn into terrorism”, there’s probably enough information available in the published guidance for organisations to start reviewing whether their current practice is likely to be […]
Last week I gave a seminar “Big Data Wrongs and Rights” at Southampton University on how data protection law could provide support and guidance for universities’ use of learning analytics. The next day Jisc launched a Code of Practice on Learning Analytics, which puts many of the same ideas into practical form. After the seminar […]
A distinctive feature of e-infrastructures is that most individuals’ authorisation to access a particular service does not come from their home organisation (as it does for site-licensed journals, for example) nor from the operator of the service (as in traditional, non-federated, access). Instead, authorisation is largely devolved by service owners to individuals who act as […]
A recent conference on student data included perspectives on learning analytics from the OECD and the European Commission. Stephan Vincent-Lancrin (OECD) looked at how improving our use of student data could improve the quality of education provided. He noted that a considerable volume and variety of data about education is already generated within universities, and […]
I’ve been at several conferences recently on how Data Protection law is developing, and they’ve left me less than optimistic. By the end of 2015 Europe will have been working for four years on a Regulation “on the protection of individuals with regard to the processing of personal data and on the free movement of […]
ENISA’s new report proposing a “Security Framework for Governmental Clouds” may be more widely useful than its title and explicit scope suggest. Chapter 3 of the report suggests something pretty close to a project plan that any organisation could use to assess which applications and data are appropriate to move to a cloud service, what […]
Yesterday’s excellent University of Cambridge conference on Internet Regulation After Google Spain suggested that data protection law will continue to affect a growing range of our activities, but that interpreting its requirements in novel circumstances will continue to be challenging. It was suggested that if the current (1995) European Directive was for the age of […]
In discussions of the “Right to be Forgotten” it is often observed that Google manages each month to deal with tens of millions of delisting requests for breach of copyright, as opposed to tens of thousands for inaccurate personal data. Often the implication seems to be that those numbers should be more similar. However it […]