JISC Legal : Data Protection

A point by point guide to Data Protection Law for FE and HE.

This overview explains the application of the Data Protection Act 1998 (the 'Act') to UK further and higher education institutions.

This guidance is designed to help institutions deal with consent management when sharing personal data across and between institutions and external service providers.

JISC Legal is pleased to present our free Cloud Computing and the Law toolkit for FE and HE professionals. 

In this guide, you’ll find summaries of the key legal considerations of using Facebook in an FE and HE context.

An up-to-date, accessible guide for senior managers on ICT law within FE and HE.

Our free Recording Lectures and Screencasts webcast is now available in captioned, bite-sized segments. Presented as a lively panel discussion, this is a practical, relevant guide to the legal, technical and accessibility issues involved in recording lectures and screencasts.

This paper considers the legal issues which arise in relation to the taking of or possession of images (still and moving) of children for use in an Open Education Resource. 

This JISC Legal study, funded by JISC's Information Environment Programme, addresses clear questions that arise in relation to learners’ access and identity.

This JANET factsheet on providing email accounts for alumni is intended to assist in considering all the potential issues involved, with JISC Legal contribution from a legal perspective.

This podcast, created for the JISC Innovation and e-Learning Conference 2010, explores FAQs on the legal aspects of recording lectures.

These Top Ten Tips were created to celebrate JISC Legal's 10th anniversary, all the while looking forward to the challenges UK FE and HE will face in the next ten years.

This guidance examines the legal implications of recording lectures at UK FE and HE institutions, focusing mainly on the issues of copyright and consent.

A checklist of questions for institutions to consider when updating or framing an e-safety policy.

This webcast was designed to assist institutions in meeting their legal duties and inspection needs in relation to safeguarding and e-security.

The legal issues which arise when using e-assessment in UK FE and HE.

JISC Legal's support for projects and others in the areas of Institutional Innovation, Lifelong Learning and Workforce Development.

The Data Protection Code of Practice is designed to provide guidance to the FE and HE sectors on issues pertaining to Data Protection law affecting their day-to-day operations.

An investigation into the feasibility of cross-jurisdiction common access management federation agreements.

Institutions who share data might be interested in the ICO's latest publication.  They have published a statutory code of practice on data sharing by public sector bodies, businesses and other organisations.

The Cloud Industry Forum has launched a Code of Practice for cloud service providers.

The consultation on a revised code of practice can be found on the Scottish Government website.

The Data Protection Code of Practice is designed to provide guidance to the FE and HE sectors on issues pertaining to Data Protection law affecting their day-to-day operations.

The purpose of this Model Policy is to outline the circumstances in which it is permissible for an institution to access the IT accounts of staff members or students.

This framework offers practical advice aimed at assisting those involved in information sharing.

Generic guidance (widely applicable) together with sections devoted to the effect of the Act on the functions and activities associated with the work of Records Managers and Archivists.  

This section contains details of policies and legislation that relate to or have an impact on archives and records management, such as the Data Protection Act, the Freedom of Information Act and the current acts relating to archive services at local and regional levels.

The Section 60 Code of Practice on the Discharge of Functions by Public Authorities provides guidance to Scottish public authorities on practices they should follow in meeting their FOI obligations.

ARCHIVED

A generic Model Action Plan, produced by the Keeper of the Records of Scotland, to assist Scottish public authorities in the development of records management arrangements which comply with the Freedom of Information Scotland Act (2002) section 61 Code of Practice on Records Management. 

The Section 61 Code of Practice on Records Management provides authorities with guidance as to the keeping, management and destruction of the authorities' records.

The law has changed that applies to how institutions must use cookies.

The Data Protection Act 1988 (DPA) limits the transfer of personal data to countries within the European Economic Area (EEA) (the eighth data protection principle).

The US Patriot Act is intended to assist terrorism prevention in the US and permits access to data by the US intelligence services in certain circumstances, including, but not limited to, in the interests of national security

The length of time that you keep student data for will depend on two factors:  the first is good records management practice, and the second is compliance with the Data Protection Act 1998.

There are two legal issues here, the first concerns data protection, and the second concerns your duty of care to employees.

Under the Data Protection Act 1988 (DPA)  a college or university must ensure that the personal data relating to its staff, students and others remains secure including protecting such data from accidental loss (the seventh data protection principle)...  (cont'd)

We are pleased to announce the launch of JISC Legal Plus - a new staff development service bringing JISC Legal's expertise to your institution at competitive prices...  (cont'd)

Firstly it is necessary to try and distinguish between emails which contain information which are business records and emails which are just  ... (cont)

This is a decision for the institution to make. There have certainly been various news articles highlighting privacy and data protection concerns related to Facebook, and similar issues apply to other external social networking sites ... (cont)

Covert monitoring is surveillance of online activity without giving the users involved specific notification that this is going on.  It clearly has legal implications relating to ... (cont)

The seventh data protection principle provides that "Appropriate technical and organisational measures shall be taken  ... (cont)

Strictly speaking data protection law treats parents of adult students as third parties and so the information provided to them should be considered ... (cont)

The institution must consider a number of steps if it chooses not to disclose the information to the individual concerned following a subject access request ... (cont)

There is no minimum or maximum amount of information to be given in a fair processing notice. The Information Commissioner has said that ... (cont)

The new proposals aim to update and harmonise the current EU data protection regime including strengthening individuals’ rights.

The law has changed that applies to how institutions must use cookies.

The High Court states that even where private individuals are expressing their own views online the requirements of lawful processing in the DPA can apply.

Came into force on 31 December 2009.   

The Government has launched a consultation on Open Data.  

A data controller is able to anonymise originally-personal data to make it free of data protection law constraints.

Fines of up to £500,000 for the most serious incidents of sending unwanted emails.

The Budget supporting papers have indicated various proposed actions including a new Communications Act and proposals relating to intellectual property.

New law gives individuals more control over what information organisations can store on their computer.

The Bill proposes to extend the number of public authorities subject to its provisions and this includes the Scottish Further and Higher Education Funding Council and the General Teaching Council for Scotland but university and colleges are not currently included.

Data protection law needs to provide more clarity on what actually constitutes personal data.

A consultation by the GEO seeks views on proposals for draft regulations on the new public sector equality duty.

A working party representing 37 EU countries is currently negotiating the Anti-counterfeiting Trade Agreement (ACTA) which intends to tackle online copyright infringements on an international level.

On 8 April 2010 the Equality Act received royal assent after completing its parliamentary process.

This amendment directive requires consent for the placement of cookies on the Internet by tightening existing legislation in this regard, namely the, e-Privacy Directive, 2002/58/EC.

New supplementary guidance from the GMC entitled 'Making and using visual and audio recordings of patients' is now available from their website.  

ACAS guide offers practical tips on the impact of social networking on discipline and grievances, bullying, defamation, data protection and privacy.

The European Commission has launched a consultation on cloud computing.  This will feed into the European cloud computing strategy due to be presented in 2012.

Queen Mary, University of London, have issued a series of papers on the legal issues associated with Cloud Computing.

JISC has launched a toolkit to allow information officers, IT directors, security managers and their staff to better understand the legal issues involved in managing identity issues.

This toolkit aims to guide information professionals in assessing cloud computing services for information use and storage, including development of a cloud computing strategy.

The site includes overview information, legislation documents and a range of reports from the specialist committees

The European Network and Information Security Agency (ENISA) has published its report ‘Security and Resilience in Governmental Clouds’ which assesses the operational, legal, and security requirements of cloud computing.

Guidance for public sector organisationsaims to make current equality law more consistent, clearer and easier to follow in order to make society fairer.

The ICO site offers guidance on data protection and how to keep personal information safe.

The Welsh Repository Network has published a learning tool to help you consider some of the copyright issues for multimedia respositories.

PI is a human rights group formed in 1990 as a watchdog on surveillance by governments and corporations.

The Project set out to examine how the 1998 Data Protection Act affects Higher Education Institutions

An information rich web site on the US approach to data protection and on-line privacy.

This guidance has been drawn together by HESA and its statutory customers

If you sell goods or services to consumers by internet, digital television, mail order, including catalogue shopping, phone or fax, then you need to know about the Consumer Protection (Distance Selling) Regulations 2000.

ACAS, the Advisory, Conciliation and Arbitration Service, have advice leaflets on "Internet and e-mail policies".

Checklists of data protection issues for library and information services staff

Information on the relationship between the USA and Europe with regard to trans-border data flows.