JISC Legal : Data Protection

skip navigation

Site Map
Privacy Statement
Copyright Policy
Accessibility
Feedback

Search Site:

Legal Guidance for ICT Use in Education, Research and External Engagement

Home
My Role
Legal Areas
Themes
Contact Us
- Enquiry Form
About Us

Content

Legal Areas

Data Protection

monitor screens This section deals with the application of the Data Protection Act 1998 and associated law to UK FE and HE institutions, with particular focus on the development and use of information and communication technologies. JISC Legal offers sector-specific guidance to assist you in this area of law, a varied range of FAQs with examples, model policies, codes of practice and useful links to other resources. You can access these below.

Data Protection Guidance

JISC Legal Overviews
Publications
Codes of Practice
Model Policies
Law Watch
FAQs
Links

Data Protection Essentials (24/08/2007)

A point by point guide to Data Protection Law for FE and HE.

Data Protection Overview (15/08/2007)

This overview explains the application of the Data Protection Act 1998 (the 'Act') to UK further and higher education institutions.

Recording Lectures: Legal Considerations (28/07/2010)

This guidance examines the legal implications of recording lectures at UK FE and HE institutions, focusing mainly on the issues of copyright and consent.

e-Safety Policy Checklist (03/03/2010)

A checklist of questions for institutions to consider when updating or framing an e-safety policy.

Legal Aspects of the Use of Technology in Assessment (04/09/2009)

The legal issues which arise when using e-assessment in UK FE and HE.

Lifelong Learning and Workforce Development (06/03/2009)

JISC Legal's support for projects and others in the areas of Institutional Innovation, Lifelong Learning and Workforce Development.

Feasibility of Cross-Jurisdiction Common Access Management Federation Agreements - PPT (01/01/2008)

An investigation into the feasibility of cross-jurisdiction common access management federation agreements.

Feasibility of a Cross-Jurisdiction Common Access Management Federation Agreement - Report (01/01/2008)

A report on the legal aspects of common agreements for federation-identity provider and federation-service provider agreements.

Institutional Access to Staff and Student IT Accounts and IT Equipment - MODEL POLICY

The purpose of this Model Policy is to outline the circumstances in which it is permissible for an institution to access the IT accounts of staff members or students.

JISC Classification Scheme & RRS for HE sector (23/10/2007)

In October 2007 JISC infoNet launched the new Business Classification Scheme and Records Retention Schedule for Higher Education institutions.

e-Repositories and the Law - Deposit Checklist (10/09/2007)

Checklist of relevant questions to be asked in accepting material for use in an e-repository.

e-Repositories and the Law Essentials (10/09/2007)

Essentials guide for practical legal information on the laws in the UK affecting e-repositories.

Legal Aspects of e-Repositories and e-Collections (10/09/2007)

Basic introduction to the establishment, development and administration of online repositories in FE and HE.

Code of Practice for Archivists and Records Managers (01/08/2007)

Generic guidance (widely applicable) together with sections devoted to the effect of the Act on the functions and activities associated with the work of Records Managers and Archivists.

Data Retention Directive Overview - 21/06/2007

This overview paper briefly clarifies the current situation with regard to retention of communications traffic data by certain UK organisations.

National Archives - Recordkeeping Magazine (01/01/2007)

RecordKeeping was published quarterly between 2004 and 2009 covering news, case studies and examples of best practice from The National Archives and the wider archives and records management communities.

National Archives - Policy and Legislation (01/01/2007)

This section contains details of policies and legislation that relate to or have an impact on archives and records management, such as the Data Protection Act, the Freedom of Information Act and the current acts relating to archive services at local and regional levels.

National Archives - Electronic Records Management (01/01/2007)

The vast majority of government records are now produced electronically and The National Archives works with central and local government organisations to ensure that this information is both stored securely and easily accessible.

National Archives - Responsibilities for Records Management (01/01/2007)

Good records and information management is essential if the government is to meet the requirements of Data Protection, Freedom of Information and Human Rights legislation. Under agreement with the ICO this is done through a programme of information management assessments.

JISC infoNet's Records Management Homepage (01/01/2007)

Records management ensures the effective and consistent management of the information created or received by an institution throughout its lifecycle.

Data Sharing in FE and HE Administration (20/12/2006)

This overview paper briefly explains the law relating to data protection and its application to the sharing of data, internally and externally, by Further and Higher Education (FE and HE) institutions.

Developing and Operating an ePortfolio System - Assessing the Legal Issues (09/07/2006)

Legal issues which may affect the development and use of particular ePortfolio systems.

Page 1 of 2

First Previous [1] 2 Next Last

Revised Code of Practice under Section 60 of the FOI (Scotland) Act 2002 (22/12/2009)

The consultation on a revised code of practice can be found on the Scottish Government website.

Data Protection Code of Practice for FE and HE (09/05/2008)

The Data Protection Code of Practice is designed to provide guidance to the FE and HE sectors on issues pertaining to Data Protection law affecting their day-to-day operations.

Framework Code of Practice for Sharing Personal Information (01/10/2007)

This framework offers practical advice aimed at assisting those involved in information sharing.

Code of Practice for Archivists and Records Managers (01/08/2007)

Generic guidance (widely applicable) together with sections devoted to the effect of the Act on the functions and activities associated with the work of Records Managers and Archivists.

Code of Practice under the FOI (Scotland) Act 2002 (01/09/2004)

The Section 60 Code of Practice on the Discharge of Functions by Public Authorities provides guidance to Scottish public authorities on practices they should follow in meeting their FOI obligations.

Code of Practice under the FOI (Scotland) Act 2002 (01/11/2003)

The Section 61 Code of Practice on Records Management provides authorities with guidance as to the keeping, management and destruction of the authorities' records.

Institutional Access to Staff and Student IT Accounts and IT Equipment - MODEL POLICY

The purpose of this Model Policy is to outline the circumstances in which it is permissible for an institution to access the IT accounts of staff members or students.

National Archives - Policy and Legislation (01/01/2007)

Model Action Plan - Records Management (01/12/2003)

ARCHIVED

A generic Model Action Plan, produced by the Keeper of the Records of Scotland, to assist Scottish public authorities in the development of records management arrangements which comply with the Freedom of Information Scotland Act (2002) section 61 Code of Practice on Records Management.

Wanted - Your Views on New Public Sector Equality Duty

A consultation by the GEO seeks views on proposals for draft regulations on the new public sector equality duty.

Nowhere to Run - EU Online Copyright Infringement Agreement Being Drawn Up

A working party representing 37 EU countries is currently negotiating the Anti-counterfeiting Trade Agreement (ACTA) which intends to tackle online copyright infringements on an international level.

Equality Act Receives Royal Assent

On 8 April 2010 the Equality Act received royal assent after completing its parliamentary process.

EU Cookie Directive - Directive 2009/136/EC

This amendment directive requires consent for the placement of cookies on the Internet by tightening existing legislation in this regard, namely the, e-Privacy Directive, 2002/58/EC.

INSPIRE Regulations 2009

Came into force on 31 December 2009.

Data Protection Assessment Notices Code of Practice - Coroners and Justice Act 2009 (12/02/2010)

By virtue of Part 8 of the Coroners and Justice Act 2009 concerning the extended data protection audit powers available to the Information Commissioner's Office, a Code of Practice for Assessment Notices will be published in April 2010.

Data Breaches - ICO Raises the Stakes

Institutions falling to report data breaches can face financial penalties from April 2010

RIPA (Part 2) New Codes of Practice (22/01/2010)

Further to consultation on The Regulation of Investigatory Powers Act 2000, the Home Office has published new Codes of Practice that will come into force on 6 April 2010.

Sorting Out Your Records Collection

A council were found to be in breach of the Data Protection Act after sensitive personal data relating to social work records were found in a filing cabinet bought by a member of the public.

New Penalties for Serious Data Protection Breaches (13/01/2010)

ICO issues guidance on its new powers to impose monetary penalties of up to £500,000 for serious breaches of the Data Protection Act.

Revised Code of Practice under Section 60 of the FOI (Scotland) Act 2002 (22/12/2009)

The consultation on a revised code of practice can be found on the Scottish Government website.

EU Commission's Telecoms Reform Package (30/11/2009)

The European Parliament has voted in favour of new and updated legislation governing Europe's telecoms industry.

Increased Penalties for Data Misuse (19/10/2009)

In response to a call from the Information Commissioner’s Office (ICO) the government are consulting on amending the Data Protection Act 1998.

New Data Controller Fees (02/10/2009)

A new notification fee of £500 was introduced for some larger institutions on 1 October 2009.

Students and Universities Eleventh Report (29/09/2009)

Recommendations that Government bring forward legislation to strengthen the whistle-blowing procedures in the 1988 Education Reform Act.

User Friendly Privacy Notices, Please

The ICO has published privacy notice codes of practice.

ICO Updated Privacy Impact Assessment Guide

ICO issues handbook on handling personal information and managing privacy risks.

Joint Committee on Human Rights Considers the Coroners and Justice Bill (01/04/2009)

Data Protection clauses in the Coroners and Justice Bill are amended or abandoned.

Widening of Privacy Concept

The European Court of Human Rights ruled that a photograph taken without consent breached a person's right to a private life.

E-Privacy Directive to be Reviewed by EU Data Protection Working Party (26/06/2008)

The Data Protection Working Party of the EU proposed to discuss the ePrivacy Directive (2002/58/EC) on 24 and 25 June 2008.

Page 1 of 2

First Previous [1] 2 Next Last

What is the legal position with regard to gaining access to an email account where the account holder is deceased?

There are a number of aspects to this which must be considered.

How do I find out what level of security our institution should be using for personal information? Do we need to encrypt personal data?

We have been running blog and wiki workshops for a few months now. What are the DP implications of this?

Is there a minimum legal requirement concerning the amount of DP information made available to our users before they submit their details?

Our Finance Dept are frequently telephoned by parents wishing to pay on behalf of their son or daughter. How can we best avoid DP issues in relation to such requests?

Is Police Documentation about the College's Disclosure of Information about a Student Personal Information?

Does police documentation relating to the college's disclosure of information about a student constitute personal information that needs to be disclosed in terms of a subject access request?

How do we get access to a deceased user's email account?

Data Protection FAQs

These questions are based on queries posted to our enquiry service.

Open Source Software Licensing: A Short FAQ (28/03/2006)

This paper provides detailed information on Open Source Licences.

Consortium Agreements: A Short FAQ (12/07/2005)

This paper provides details on how to create an effective consortium agreement and explains why they are needed.

Legal Aspects of ePortfolio Systems - A Short FAQ (30/11/2004)

This paper considers what the legal issues are in relation to institutional ePortfolio systems.

Data Protection, Lifelong Learner Record Systems & ePortfolios: A Short FAQ (01/06/2004)

This paper considers many factors affecting data protection and institutional ePortfolio systems including compliance issues amongst other things.

Equality Act 2010 - A Summary Guide for Public Sector Organisations

Guidance for public sector organisationsaims to make current equality law more consistent, clearer and easier to follow in order to make society fairer.

Information Commissioner's Office

The ICO site offers guidance on data protection and how to keep personal information safe.

Test Your Multimedia Copyright Knowledge

The Welsh Repository Network has published a learning tool to help you consider some of the copyright issues for multimedia respositories.

Privacy International (PI) (UK)

PI is a human rights group formed in 1990 as a watchdog on surveillance by governments and corporations.

Lancaster University Data Protection Project (UK)

The Project set out to examine how the 1998 Data Protection Act affects Higher Education Institutions

Electronic Privacy Information Centre (USA)

An information rich web site on the US approach to data protection and on-line privacy.

Council of Europe Data Protection Web site (EU)

The site includes overview information, legislation documents and a range of reports from the specialist committees

Data Protection Guidance for the HESA Records (UK)

This guidance has been drawn together by HESA and its statutory customers

Consumer Protection (Distance Selling) Regulations 2000 (UK)

If you sell goods or services to consumers by internet, digital television, mail order, including catalogue shopping, phone or fax, then you need to know about the Consumer Protection (Distance Selling) Regulations 2000.

Internet/email Policies (UK)

ACAS, the Advisory, Conciliation and Arbitration Service, have advice leaflets on "Internet and e-mail policies".

Data Protection Issues: Checklists for Libraries (UK)

Checklists of data protection issues for library and information services staff

US Department of Commerce Safe Harbor Website (USA)

Information on the relationship between the USA and Europe with regard to trans-border data flows.

The Office of the Information Commissioner (UK)

The Office of the Information Commissioner's website provides a wealth of information and guidelines on both data protection and freedom of information.

Europa (EU)

The European Union's perspective on data protection with information on how each member State of the Union has implemented the EU Data Protection Directive

UK Access Management Federation (UK)

UK Access Management Federation for Education and Research - Recommendations for Use of Personal Data.

Data Protection Newslinks

Outsourcing - What Not to Do

The recent case of Zurich Insurance receiving a £2.275 million fine for loss of personal data highlights the risks involved in managing data transfer when outsourcing IT services.

Germany Rules Out Facebook Search on Employees

A new law seeks to balance the protection of an employee's personal data with the legitimate rights of employers.

New Privacy Law Needed

Minister suggests law reform by Parliament is required to prevent judicial decisions creating a privacy law 'by stealth'.

Sensitive Medical Records Left at Bus Stop

A CD containing sensitive personal data was discovered at a bus stop and was unencrypted with no password protection.

View all Data Protection news

Recent JISC Legal Events

JISC Legal on RSCtv (07/09/2010)

JISC Legal's Jackie Milne will be presenting on e-Safety on RSCtv, a resource sponsored by RSC Scotland South and West.

JISC Legal @JISC Online Conference Innovating e-Learning (23-26 November 2010)

JISC Legal will be participating in the JISC Online Conference- Innovating e-Learning on the 23-26 November 2010.

Social Media