JISC Legal : Data Protection

A point by point guide to Data Protection Law for FE and HE.

This overview explains the application of the Data Protection Act 1998 (the 'Act') to UK further and higher education institutions.

A checklist of questions for institutions to consider when updating or framing an e-safety policy.

The legal issues which arise when using e-assessment in UK FE and HE.

JISC Legal's support for projects and others in the areas of Institutional Innovation, Lifelong Learning and Workforce Development.

An investigation into the feasibility of cross-jurisdiction common access management federation agreements.

A report on the legal aspects of common agreements for federation-identity provider and federation-service provider agreements.

In October 2007 JISC infoNet launched the new Business Classification Scheme and Records Retention Schedule for Higher Education institutions.

Checklist of relevant questions to be asked in accepting material for use in an e-repository.

Essentials guide for practical legal information on the laws in the UK affecting e-repositories.

Basic introduction to the establishment, development and administration of online repositories in FE and HE.

Generic guidance (widely applicable) together with sections devoted to the effect of the Act on the functions and activities associated with the work of Records Managers and Archivists.  

RecordKeeping was published quarterly between 2004 and 2009 covering news, case studies and examples of best practice from The National Archives and the wider archives and records management communities. 

This section contains details of policies and legislation that relate to or have an impact on archives and records management, such as the Data Protection Act, the Freedom of Information Act and the current acts relating to archive services at local and regional levels.

The vast majority of government records are now produced electronically and The National Archives works with central and local government organisations to ensure that this information is both stored securely and easily accessible.

Good records and information management is essential if the government is to meet the requirements of Data Protection, Freedom of Information and Human Rights legislation.  Under agreement with the ICO this is done through a programme of information management assessments.

Records management ensures the effective and consistent management of the information created or received by an institution throughout its lifecycle.

This overview paper briefly explains the law relating to data protection and its application to the sharing of data, internally and externally, by Further and Higher Education (FE and HE) institutions. 

Legal issues which may affect the development and use of particular ePortfolio systems.

Overview of data retention practices, and implications in FE and HE following the EU data retention directive 2006/24/EC.

This paper provides detailed information on Open Source Licences.

This paper summarises the legal issues involved in the development and use of information and communication technologies (ICT) in learning and teaching.

The consultation on a revised code of practice can be found on the Scottish Government website.

The Data Protection Code of Practice is designed to provide guidance to the FE and HE sectors on issues pertaining to Data Protection law affecting their day-to-day operations.

This framework offers practical advice aimed at assisting those involved in information sharing.

Generic guidance (widely applicable) together with sections devoted to the effect of the Act on the functions and activities associated with the work of Records Managers and Archivists.  

The Section 60 Code of Practice on the Discharge of Functions by Public Authorities provides guidance to Scottish public authorities on practices they should follow in meeting their FOI obligations.

The Section 61 Code of Practice on Records Management provides authorities with guidance as to the keeping, management and destruction of the authorities' records.

The purpose of this Model Policy is to outline the circumstances in which it is permissible for an institution to access the IT accounts of staff members or students.

This section contains details of policies and legislation that relate to or have an impact on archives and records management, such as the Data Protection Act, the Freedom of Information Act and the current acts relating to archive services at local and regional levels.

ARCHIVED

A generic Model Action Plan, produced by the Keeper of the Records of Scotland, to assist Scottish public authorities in the development of records management arrangements which comply with the Freedom of Information Scotland Act (2002) section 61 Code of Practice on Records Management. 

The ICO site offers guidance on data protection and how to keep personal information safe.

PI is a human rights group formed in 1990 as a watchdog on surveillance by governments and corporations.

The Project set out to examine how the 1998 Data Protection Act affects Higher Education Institutions

An information rich web site on the US approach to data protection and on-line privacy.

The site includes overview information, legislation documents and a range of reports from the specialist committees

This guidance has been drawn together by HESA and its statutory customers

If you sell goods or services to consumers by internet, digital television, mail order, including catalogue shopping, phone or fax, then you need to know about the Consumer Protection (Distance Selling) Regulations 2000.

ACAS, the Advisory, Conciliation and Arbitration Service, have advice leaflets on "Internet and e-mail policies".

Checklists of data protection issues for library and information services staff

Information on the relationship between the USA and Europe with regard to trans-border data flows.

The Office of the Information Commissioner's website provides a wealth of information and guidelines on both data protection and freedom of information.

The European Union's perspective on data protection with information on how each member State of the Union has implemented the EU Data Protection Directive

UK Access Management Federation for Education and Research - Recommendations for Use of Personal Data.

There are a number of aspects to this which must be considered.

How do I find out what level of security our institution should be using for personal information? Do we need to encrypt personal data?

 We have been running blog and wiki workshops for a few months now. What are the DP implications of this?

Is there a minimum legal requirement concerning the amount of DP information made available to our users before they submit their details?

Our Finance Dept are frequently telephoned by parents wishing to pay on behalf of their son or daughter. How can we best avoid DP issues in relation to such requests?

Does police documentation relating to the college's disclosure of information about a student constitute personal information that needs to be disclosed in terms of a subject access request?

How do we get access to a deceased user's email account?

These questions are based on queries posted to our enquiry service.

This paper provides detailed information on Open Source Licences.

This paper provides details on how to create an effective consortium agreement and explains why they are needed. 

This paper considers what the legal issues are in relation to institutional ePortfolio systems.

This paper considers many factors affecting data protection and institutional ePortfolio systems including compliance issues amongst other things.

Came into force on 31 December 2009.   

A Code of Practice for Assessment Notices will be published in April 2010 by virtue of Part 8 of the Coroners and Justice Act 2009.

Institutions falling to report data breaches can face financial penalties from April 2010

Further to consultation on The Regulation of Investigatory Powers Act 2000, the Home Office has published new Codes of Practice that will come into force on 6 April 2010.

A council were found to be in breach of the Data Protection Act after sensitive personal data relating to social work records were found in a filing cabinet bought by a member of the public.

ICO issues guidance on its new powers to impose monetary penalties of up to £500,000 for serious breaches of the Data Protection Act.

The consultation on a revised code of practice can be found on the Scottish Government website.

The European Parliament has voted in favour of new and updated legislation governing Europe's telecoms industry. 

In response to a call from the Information Commissioner’s Office (ICO) the government are consulting on amending the Data Protection Act 1998.

A new notification fee of £500 was introduced for some larger institutions on 1 October 2009.

The ICO has published privacy notice codes of practice.

ICO issues handbook on handling personal information and managing privacy risks.

Data Protection clauses in the Coroners and Justice Bill are amended or abandoned.

The European Court of Human Rights ruled that a photograph taken without consent breached a person's right to a private life.

The Data Protection Working Party of the EU proposed to discuss the ePrivacy Directive (2002/58/EC) on 24 and 25 June 2008.

Government is criticised for not giving the issue of safeguarding personal data sufficient importance when formulating primary legislation.

The EU Framework for Electronic Communications and Network Services may impact on at least five pieces of existing UK legislation.