No. 79 February 2012 > JISC Legal

No. 79 February 2012

This newsletter is also available in Word and PDF.

JISC Legal Monthly Newsletter: February 2012

Legal Guidance for ICT Use in Education, Research and External Engagement

Welcome to the February 2012 JISC Legal Monthly Newsletter (No 79). This month's news includes items on social media, proposed new rules on data protection as well as new guidance on notification of security breaches.

Law Watch items this month include the proposed new rules on data protection.

The new proposals announced in January, aim to update and harmonise the current EU data protection regime. The most directly relevant part for colleges and universities will be the Regulation where the main law is to be found and when it becomes law will directly apply to the UK and other EU member states. The drafts have still to go through a discussion, lobbying and amendment phase and are unlikely to become law before 2014. JISC Legal will keep you updated throughout the process. For further details please see our Law Watch article.

Following on from the new data protection proposals we have released an FAQ on students’ data protection rights and requests for coursework. Read more on the FAQ: Do we have to release student coursework under FOI if someone makes a request?

JISC Legal continues to offer great value expert in-house training on FOI, copyright, data protection and e-safety to colleges and universities. If your institution is looking for relevant sector specific expertise in these significant areas then our on-site staff development packages are for you. Find out the details of JISC Legal Plus at - http://www.jisclegal.ac.uk/JISCLegalPlus

News

JISC Legal's Guidance Gets Shorter!

For your convenience, JISC Legal are introducing http://jiscleg.al/ ... style shortened URLs in our guidance, tweets and newsletters. Whilst our website’s content management system has some very nice features, it can occasionally throw up some two-line URLs – not best for retyping or tweeting! So, where appropriate, we’ll now include shortened jiscleg.al URLs to make life easier. Don’t worry – your computer won’t be taken over by Albanian hackers. We’re pleased to be in the vanguard of organisations having their own shortened domain name, including Google, YouTube, and the BBC. As always, let us know any suggestions you have for us improving our service to you – we’re always listening at jiscleg.al/feedback.

Deleted Emails May Still be 'Held' Under FOI

In the recent decision Keiller v IC and University of East Anglia, the Tribunal allowed an appeal to go ahead against the ICO. In rejecting the argument that once deleted, an email was not ‘held’, it stated that ‘it was a matter of common-sense’ that information on a backup server was still recoverable after deletion. As well as consequences in terms of potential disclosure under FOI, this case also reminds institutions to have coherent data retention and deletion policies up to date for all communications.

ICO Fines First Scottish Organisation £140,000

The Information Commissioner’s Office has issued Midlothian Council a fine of £140,000 for sending sensitive information about children to the wrong recipients. The ICO found that the five data protection breaches, causing ‘serious upset’ to the children’s families, could have been avoided where adequate data protection policies, training and appropriate checks had been put in place. This story is a reminder to all institutions to ensure that robust procedures and checks are followed prior to any disclosure of sensitive personal information.

ICO Launches Access Aware Campaign

The ICO has launched a campaign called Access Aware aimed at increasing awareness within organisations of their data protection obligations in particular what a subject access request looks like and what to do if one is received. The campaign is targeted at reducing the number of mishandled subject access requests, complaints about which have accounted for 38% of the ICO’s total data protection specific casework in the last financial year.

An Access Aware toolkit has been developed which is available from the ICO website for download and use within organisations. The toolkit will be a useful resource for staff in FE and HE institutions who are involved in dealing with data protection issues or training staff in this area.

For further information on this story and to download the toolkit visit: http://www.ico.gov.uk/news/latest_news/2012/consumers-being-denied-access-to-their-information-says-ico-27012012.aspx

Ignorance No defence to Copyright Infringement

Belief that copyright permission has been granted is no defence to infringement of copyright if no valid permission was, in fact, given. This was the finding in the Patents County Court case Hoffman v Drug Abuse Resistance Education (UK) Ltd (DARE) (Neutral Citation Number: [2012] EWPCC 2). The case concerned photographs copied from a Government sponsored website and used without permission. This means that colleges and universities which employ web designers must ensure permission has been granted for use of images on their websites. It is also provides insight as to how damages are likely to be calculated in such cases (£10,000 in this case).

Further details of this story are featured in our Law Watch item.

School Grossly Negligent in Safeguarding Learners

A serious case review found that a school had failed ‘on every level’ to prevent sexual abuse of pupils by a teacher. Despite concerns being raised about Nigel Leat over the past 14 years, these were not passed on to school governors or education authorities. Staff reported him 30 times but every incident was dealt with individually. The school was awarded an outstanding level of care to children by Ofsted over the period. The chair of the relevant Safeguarding Children Board concluded ‘procedures were not followed and this prevented the correct action from being taken’ and it was ‘a gross failure of responsibility’. This article highlights the need for institutions to have robust, well established reporting procedures and safeguarding policies in place.

Proposed New Rules on Data Protection Unveiled

The new proposals aim to update and harmonise the current EU data protection regime including strengthening individuals’ rights. The proposed legislation is in two parts comprising a Regulation and a Directive which will replace the current Data Protection Directive (Directive 95/46/EC).

The most directly relevant part for colleges and universities will be the Regulation where the main law is to be found and which when it becomes law will directly apply to the UK and other EU member states. The drafts have still to go through a discussion, lobbying and amendment phase and are unlikely to become law before 2014.

JISC Legal has a new law watch item which provides more detail on the proposals at jiscleg.al/DPProposedNewRules

The draft proposals are available on the Europa website at http://ec.europa.eu/justice/newsroom/data-protection/news/120125_en.htm

Internet Search Juror Jailed

A juror who researched a defendant's history on the internet and forwarded details of what she found to fellow members of the jury was recently sentenced to a six month prison term. Dr. Dallas, a university lecturer, was told that she 'deliberately ignored instructions' not to research the case on-line and that such contempt of the jury and jury system left judges no choice other than to impose a custodial prison sentence. This story reminds colleges and universities of the importance of having in place adequate safeguarding measures to encourage appropriate use of their computing systems, whilst educating staff and students of the risks associated with inappropriate use of the internet. Such policies may well be relied upon in a disciplinary situation. Finally, this particular case emphasises the significant consequences internet users face should they criminally abuse the system.

More details on this story are available from the BBC website. Details on e-Safety and Computer Misuse are available from our own website - http://www.jisclegal.ac.uk/

Digitally Manipulated Photograph is Copyright Protected

The Patents County Court has ruled that the composition of a photograph is ‘capable of being a source of originality’. Manipulations affecting colour, contrast and composition were deemed copyright protected. The particular placement of features and colour contrasts had an aesthetic quality and made the image ‘visually interesting’, according to Mr Justice Birss QC. Even where iconic symbols were included in the image, this did not detract from the photographic work’s originality. This finding may be of interest to FE and HE staff considering the use of imaging software or digitally manipulated images. Further information and a detailed ruling can be accessed in the full article.

Staff Beware Befriending Students on Facebook

The General Teaching Council heard 336 cases of ‘unacceptable professional conduct’ last year and 43 of these involved the use of online chatrooms and email. Consequences may vary from internal disciplinary action, to the involvement of outside agencies such as the police. Examples of communications ‘outside the boundaries of the professional teacher/student relationship’ or ‘a breach of the standards expected’ are included in the article. Staff in FE and HE should be very wary of potential risks when considering befriending students and consult any institutional policy on the matter. Having a separate professional account may prevent confusion. Institutions are reminded to update acceptable use policies to include the use of social media. More information on this issue can be accessed on the JISC Legal website. jiscleg.al/FacinguptoFacebook

Call for Evidence on New Small Patent Claims Procedures

The Intellectual Property Office (IPO) is looking for input on its proposals to improve the existing small claims track procedures in the Patents County Court (PCC). The proposals include changes to procedures, a new costs regime and a limit on the value of claims heard in the court as well as changing the name of the Patents County Court. This call for evidence is taking place over a 4 week period and closes on 16 February 2012.

The changes are designed to reduce the cost of lower value IP litigation and will help to ensure that such litigation falls within the jurisdiction of the PCC from the outset.

Further details of the proposals are available on the IPO website at - http://www.ipo.gov.uk/types/hargreaves.htm and will be of interest to those in FE and HE institutions working in the areas of knowledge exchange and innovation.

JISC infoNet Launch Knowledge Transfer infoKit

JISC infoNet has launched a new infoKit – ‘Knowledge Transfer 2.0’ or ‘KT2.0.’ The infoKit which is designed to be a practical ‘how-to’ resource provides strategic guidance, practical tools and tactical tips and is intended to enable colleges and universities to increase the return on investment from knowledge transfer activities.

Recognising changes in Knowledge Transfer, and specifically the transfer of innovation and intellectual property from colleges and universities to businesses and other communities, the resource integrates current innovation theory, modern social media tools and current thinking on market behaviour or motivation, to provide a more effective model of Knowledge Transfer; which is capable of delivering more with less.

Although primarily aimed at staff with responsibility for knowledge transfer the infoKit will also be of interest to other staff such as IT services staff involved in implementation of the relevant technology.

Further information on the background and context of the resource is available at http://www.jiscinfonet.ac.uk/infokits/kt/about

View the new infoKit at http://www.jiscinfonet.ac.uk/infokits/kt

For information regarding the legal aspects of Knowledge Transfer visit the External Engagement area of the JISC Legal website.

Checked Your Online Privacy Settings Recently?

Social networking sites regularly update their terms and conditions of use and LinkedIn would appear to be a latest case in point. The changes to their privacy settings include new settings where the default means that profile information, names and photos may be used in third party advertising if you leave it unchanged. This has the resultant potential for unwanted spam emails. Institutions and staff with a social network profile are reminded to regularly check their own settings for such updates to ensure that the benefits of using social networking tools remain as expected.

Scottish ICO Asks for More Time in FOI Prosecution

In his recently published special report to the Scottish Parliament, Kevin Dunion stated that the purpose of FOISA would be undermined if any person in an authority believed that an information request could be thwarted by destroying information. The current six month period for action to be taken would, according to the Scottish Commissioner, start from the discovery of an act rather than from the carrying out of the act. This is just one of the areas listed in his report as having scope for improvement. FE and HE staff working in FOI will find this section a useful reminder of what obligations they have and how to meet them.

Clarification on Notice and Takedown Procedures

The EU Commission has promised to clarify procedures for taking down and blocking access to illegal content after receiving complaints that current confusing rules result in legal uncertainty, illegal content staying on line for too long and individuals rights being ignored. A targeted public consultation will take place later in the year. Currently, ISPs and website hosts are not liable for illegal content where they have no actual knowledge of the illegal activity, or where they have knowledge they ‘act expeditiously to remove or disable access to the information.’ Clarification will assist FE and HE institutions to ensure that all procedures and practices are adequate and appropriate. More detail is available from the full article.

Proposal for General DP Regulation Faces Delay

Further to our news posting last month, we can confirm that the proposal for the review of the EU Directive (95/46/EC) has been delayed until late February/March. There are a number of issues within the draft regulation that require to be resolved and the Commissioner in charge of the review is still undecided on certain points. The draft regulation therefore remains a work in progress at this point in time.

JISC Legal will provide further information once the official draft regulation is available. However, in the meantime, additional information is available from our website: jiscleg.al/ExplicitConsenttobeaRequirement

jiscleg.al/EUDPLawUpdate

New Guidance on Notification of Security Breaches

Under the revised Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), public electronic communications service providers are required to notify the ICO when a personal data breach occurs.

The regulations require that -

a record of all security breaches is kept in a log of personal data breaches
the Information Commissioner is notified of any security breaches
subscribers need to be informed of the breach without delay if is likely to adversely affect their personal data or privacy

For now, this law only applies to providers of public electronic communications services, (not users of the JANET network) but the European Commission are keen that similar requirements be extended to all other organisations handling personal data. So it’s probably worth planning for when (not if) these requirements come to cover all colleges and universities.

The new guidance on how to respond to security breaches can be found on the ICO website.

Further Updated Guidance Available on Equality Duties

The Public Sector Equality Duty Guidance for Wales is now available from the EHRC website. As well as the legal requirements, the guidance includes eight guides on the specific duties in Wales which were set out in the Equality Act 2010 (Statutory Duties)(Wales) Regulations 2011 which became law on 06 April 2011. The EHRC has also revised some of its Jan 2011 guidance to reflect the The Equality Act 2010 (Specific Duties) Regulations 2011 which passed into law for England in Sep 2011. Further revised guides are due. The position in Scotland remains that the consultation on the revised draft Regulations for the public sector equality duty specific duties closed on the 25 November and some interim guidance on the general public sector equality duty is available pending passing into law of the revised regulations. Most Colleges and Universities are considered public authorities and will be interested in this updated guidance which aims to aid their compliance with equality legislation.

The guidance for public authorities in Wales published on 03 Jan 2012 and for England published in Dec 2011 is available from the EHRC website

The EHRC website also has information, including the interim guidance, on the current status of Scotland’s legislation

ERA Supports Access to BBC and Channel 4 Online Services

Following discussions with the BBC and Channel 4, the ERA Licensing Scheme recently confirmed that changes have been made in order to support access to some BBC and Channel 4 on-line services, for educational purposes.

According to the ERA website, the changes allow educational establishments holding a current ERA Licence to:

(a) record and access BBC Content in relevant BBC Online Services for educational purposes under the terms of an ERA Licence; and
(b) apply non-commercial educational use within the scope of the ERA Licence to access to 4oD Content within Channel 4 Online Services on the conditions that would otherwise be limited to personal, non-commercial use. Age of consent and viewer guidance terms continue to apply to any educational access.

It is important for institutions to note such changes particularly where they hold the ERA Licence in terms of what they can do with particular material. Further, they should also bear in mind the relevant terms and conditions linked to particular content and whether or not they can use it. Also s.35 of the Copyright, Designs and Patents Act 1988 could be considered by an educational establishment in terms of recording broadcasts.

More details on this news story is available from the ERA website.

ICO Information Rights Strategy Published

The publication details the ICO’s goals, duties, immediate outcomes being sought and ways in which it will measure its own effectiveness. Priority areas include health, credit and finance, criminal justice, internet and mobile services as well as security. In addition, the ICO lists ways in which the strategy will be translated into practice. This will be of interest to FE and HE staff working in information management. The publication is available on the ICO website. http://www.ico.gov.uk/

Outdated Obscenity Law

A supplier of gay pornography has achieved the first successful not guilty plea to a charge under the Obscene Publications Act 1959. Mr Peacock runs an online mail order business and supplied gay pornography to an undercover vice officer. He was charged with six counts of obscene publication. The jury found that customers had not been depraved and corrupted by material that had been expressly asked for and contained consensual sexual acts. The article claims that obscenity law is now out of date, confusing and irrelevant in today’s society.

New Guidance from the Law Society on Social Media

A practice note aimed at facilitating an understanding of some of the potential risks of social media has been published.

The purpose of the document is to provide guidance to individuals and legal practices engaged in, or considering whether to engage in, social media activity.

It examines the value of the use of popular professional networking services such as LinkedIn and considers the use of forums and comment spaces such as Twitter and Facebook.

The guidance includes proposals on how to handle: Posting comments and opinions, the potential blurring of boundaries between personal and professional use, privacy settings, confidentiality, and defamation. It also provides a list of suggestions on what a social media policy should include.

The practice note, which will be of interest to those in FE and HE who are evaluating social media, can be accessed on the Law Society website at - http://www.lawsociety.org.uk/productsandservices/practicenotes/socialmedia.page

Copyright Licensing Call for Evidence

FE and HE institutions have an opportunity to contribute their views on copyright licensing in the UK as Richard Hooper issues a call for evidence as part of the independent feasibility study into the development of a Digital Copyright Exchange for the UK (DCE).

The feasibility study will be conducted in two parts. The first phase will consider in further detail the issues highlighted in the Hargreaves Review surrounding copyright licensing in and for the digital age, including setting out clear definitions of the roles played by creators, businesses, rights management organisations and consumers.

The second phase will examine and recommend solutions to the issues raised. The establishment of a DCE, a digital market place where licences in copyright content can be readily bought and sold was one of the recommendations made by the Hargreaves Review which would simplify rights clearance in providing access to materials in FE and HE institutions and is considered by some stakeholders to be a strong potential solution.

Universities and FE and HE colleges which participate in the call for evidence are invited to respond to two questions:

whether they agree with the 'Hargreaves Hypothesis' - that the current copyright licensing system is not fit for purpose for the digital age;
whether they agree with the feasibility study's proposed definitions, including the market definition.

The closing date for receipt of evidence is Friday 10 February 2012.

Further details on the call for evidence can be found on the IPO's website.

For further information on the potential impact of the Hargreaves Review on FE and HE see JISC Legal's own guidance.

Contact Details

JISC Legal
Information Services Directorate
University of Strathclyde
Alexander Turnbull Building
155 George Street
Glasgow G1 1RD

0141 548 4939

feedback@jisclegal.ac.uk
www.jisclegal.ac.uk

In This Newsletter

Latest News

Our Training

Guidance

Latest Events

Contact Details

Subscription Details

Publications

Guidance that may be of interest to you ...

Publications this month include our Law ICT and Independent Specialist Colleges

The most recent as well as upcoming JISC Legal publications will appear initially on the JISC Legal website on our All Guidance page -http://www.jisclegal.ac.uk/home/all-guidance.aspx.

Latest Events

Events that might interest you:

Forthcoming JISC Legal Webcast
The latest in our series of interactive webcasts will be available via the JISC Legal website on 14 March 2012. The subject this time is 'Mobile Technology and the Law' - a full programme will appear on the website shortly.

SCORE OER Residential Course

The Support Centre for Open Resources in Education (SCORE) is inviting applications for the OER Residential Course to be held from 18 to 23 March 2012. The closing date for applications is 2 March 2012.

Our Training

JISC Legal Plus - Expert training in ICT law delivered direct to you

Do remember that we provide in-house training in ICT law. Our JISC Legal Plus trainers deliver staff development packages designed to bring you up-to-speed with the digital age. Visit http://www.jisclegal.ac.uk/JISCLegalPlus

You are subscribed to JISC Legal Monthly Newsletter. To unsubscribe, visit: http://goo.gl/XFNm2

JISC Legal is a JISC Advance service and is hosted by the University of Strathclyde, a charitable body, registered in Scotland, with registration number SC015263.

Posted on 03/02/2012

Posted in: Newsletter