Consent Managment - An Introduction
Institutional Consent Management Policy and Processes Supporting Personalisation
What is JISC Legal's Consent Management Project?
The study will assist the use of technologies which, for data protection or other legal reasons, require the consent of a user to the release of their personal data. The release of such data may be required in order to verify that a user has the right to access a particular resource, or to allow personalisation features. The project complements work being done on access management generally, and in particular, federated access management and Shibboleth. More information on these initiatives can be found on the JISC website: http://www.jisc.ac.uk/.
What is Consent Management about?
In many cases it may be possible, for an institution, to provide online services without the release of information that identifies a particular person, and in this case, no data protection issues arise. However, in other circumstances, identity will be necessary to the provision of access or personalisation. The processing of personal information will only be legal if done in compliance with the principles laid down by the Data Protection Act 1998. The first, core principle requires processing (including transfer) to be fair and lawful. In order to meet this requirement, one of the "Schedule 2" conditions for processing must be met. The most commonly relied on condition is "consent", in other words, that the data subject has agreed to the processing after having reasonable notice of what processing is proposed.
Legal Issues Involved in Managing Identity - The Identity Management Toolkit
JISC has launched a toolkit to allow information officers, IT directors, security managers and their staff to better understand the legal issues involved in managing identity issues. Identity management is key to many processes and services that universities and colleges provide for students, staff and other individuals and the sector as a whole can benefit from improved identity management practice. The toolkit can be accessed here - http://www.jisc.ac.uk/news/stories/2010/03/identity.aspx.
__________________
Previous Projects
Feasibility of a Common Template For Access Management Federations
This JISC-funded project was intended to identify the extent to which a common template is feasible for access management federations across a number of jurisdictions. If a common template is possible, this will make it easier for service providers to sign-up to federations in different coutries, and will make peering between federations easier.
Preliminary Findings Documents
Prior to the publication of the final report, please find below documents related to the preliminary findings:
* Report on Preliminary Findings
* PowerPoint Presentation of the Preliminary Findings
* Outline Report on a Comparison of Attributes
If you require any of these documents in a different format, please contact JISC Legal.
For more details of the project funding, please visit:
http://www.jisc.ac.uk/whatwedo/programmes/programme_am_transition/fedpolicy.aspx.
We hope that representatives of federations, service providers and federation users will all contribute to this study, in order to provide the best framework of agreements to ease transition to the most user-friendly of systems for all.