JISC Legal : Cloud Computing

This guidance is designed to help institutions deal with consent management when sharing personal data across and between institutions and external service providers.

JISC Legal is pleased to present our free Cloud Computing and the Law toolkit for FE and HE professionals. 

This JISC Legal study, funded by JISC's Information Environment Programme, addresses clear questions that arise in relation to learners’ access and identity.

The Data Protection Code of Practice is designed to provide guidance to the FE and HE sectors on issues pertaining to Data Protection law affecting their day-to-day operations.

The Data Protection Act 1988 (DPA) limits the transfer of personal data to countries within the European Economic Area (EEA) (the eighth data protection principle).

The US Patriot Act is intended to assist terrorism prevention in the US and permits access to data by the US intelligence services in certain circumstances, including, but not limited to, in the interests of national security

Under the Data Protection Act 1988 (DPA)  a college or university must ensure that the personal data relating to its staff, students and others remains secure including protecting such data from accidental loss (the seventh data protection principle)...  (cont'd)

The nature of the cloud is such that it is likely that more than one legal jurisdiction will be involved in relation to any particular external cloud service... (cont'd)
 

The Equality Act 2010 places a legal obligation on institutions not to discriminate against learners with disabilities in their service provision (including resources and delivery of teaching). 

The seventh data protection principle provides that "Appropriate technical and organisational measures shall be taken  ... (cont)

Came into force on 31 December 2009.   

(NLA) v Meltwater - In the particular circumstances of commercial news headlines and their monitoring and copying for commercial gain much of the content will attract copyright protection.

Recommendations made by the Hargreaves review of intellectual property and growth have been accepted by the Government.

A data controller is able to anonymise originally-personal data to make it free of data protection law constraints.

ACAS guide offers practical tips on the impact of social networking on discipline and grievances, bullying, defamation, data protection and privacy.

The European Commission has launched a consultation on cloud computing.  This will feed into the European cloud computing strategy due to be presented in 2012.

A dedicated 'one stop shop' has been produced, telling the public about their FOI rights, and a step by step guide on how to use them.

Queen Mary, University of London, have issued a series of papers on the legal issues associated with Cloud Computing.

This toolkit aims to guide information professionals in assessing cloud computing services for information use and storage, including development of a cloud computing strategy.

The European Network and Information Security Agency (ENISA) has published its report ‘Security and Resilience in Governmental Clouds’ which assesses the operational, legal, and security requirements of cloud computing.