Jisc Legal : Identity Management

Site Map
Privacy Statement
Copyright Policy
Accessibility
Feedback

COOKIES: This site uses Google Analytics Cookies for performance monitoring only. By using our website you agree that we can place these cookies on your device.

Legal Guidance for ICT Use in Education, Research and External Engagement

Home
My Role
Legal Areas
Themes
Contact Us
- Enquiry Form
About Us
Training
- JISC Legal Plus

Content

Themes

Identity Management

In many cases it may be possible, for an institution, to provide online services without the release of information that identifies a particular person, and in this case, no data protection issues arise. However, in other circumstances, identity will be necessary to the provision of access or personalisation. The processing of personal information will only be legal if done in compliance with the principles laid down by the Data Protection Act 1998. The first, core principle requires processing (including transfer) to be fair and lawful. In order to meet this requirement, one of the "Schedule 2" conditions for processing must be met. The most commonly relied on condition is "consent", in other words, that the data subject has agreed to the processing after having reasonable notice of what processing is proposed.

Resources

Guidance
FAQs
Law Watch
Links

Mobile Technologies and the Law Webcast (14 March 2012)
Our Mobile Technologies and the Law webcast (streamed live on 14 March 2012) can now be accessed in captioned, bite-sized segments.

Cookies - Six Months Until Enforcement (25 November 2011)
The law has changed that applies to how cookies are used by websites.

Personal Data and Consent Management: A Briefing Paper (16 November 2011)

This guidance is designed to help institutions deal with consent management when sharing personal data across and between institutions and external service providers.

Consent Management: Handling Personalisation Data Lawfully (21 February 2011)

This JISC Legal study, funded by JISC's Information Environment Programme, addresses clear questions that arise in relation to learners’ access and identity.

The Digital Economy Act 2010: Implications for UK Colleges and Universities (23 July 2010)

This guidance document examines the Digital Economy Act 2010 and its implications for universities and colleges in the UK.

Initial Comparison of Federation Attributes (1 January 2008)

From the service provider and federation surveys, most expressed a neutral view as to the adoption of new attributes.

Feasibility of Cross-Jurisdiction Common Access Management Federation Agreements - PPT (1 January 2008)

An investigation into the feasibility of cross-jurisdiction common access management federation agreements.

Feasibility of a Cross-Jurisdiction Common Access Management Federation Agreement - Report (1 January 2008)

A report on the legal aspects of common agreements for federation-identity provider and federation-service provider agreements.

Data Protection Essentials (24 August 2007)

A point by point guide to Data Protection Law for FE and HE.

Data Protection Overview (15 August 2007)

This overview explains the application of the Data Protection Act 1998 (the 'Act') to UK further and higher education institutions.

Data Retention Directive Overview (21 June 2007)
This overview paper briefly clarifies the current situation with regard to retention of communications traffic data by certain UK organisations.

Consortium Agreements: A Short FAQ (12 July 2005)

This paper provides details on how to create an effective consortium agreement and explains why they are needed ... (cont)

If we provide remote access to our CRM from abroad, what are the legal considerations? (14 May 2013)
This question raises an interesting issue regarding ‘access’ overseas and ‘transfer’ overseas but unfortunately the legal position is unclear. Read on to find out more.

Is a college/university required to report a data breach to the ICO? (11 February 2013)
A college or university is not, in most circumstances, a provider of services to the public and as such is not required to notify the ICO of a data breach under new obligations imposed by the Privacy and Electronic Communications (EC) Directive Regulations 2003 (PECR).

What happens to a company’s intellectual property rights if it is dissolved? (21 January 2013)
By virtue of section 654 of the Companies Act 1985 or Section 1012 of the Companies Act 2006, depending on when the company was dissolved, all its property and rights in England and Wales (but not its liabilities) pass to the Crown as bona vacantia.

We would like to publish details on our website about past students, including name, year graduated and course. Is this allowed? (16 November 2012)

The short answer is that the details about individuals mentioned above are likely to be considered personal data and as such the data protection legislation applies.

Can a company be the author of a copyright work? (16 November 2012)
While a company can own the copyright in a work (and will do so in relation to copyright works created by employees in the absence of agreement to the contrary), the duration of copyright is still linked to the original author.

Can I be compelled to have my photograph taken and displayed on a staff photo board? (8 October 2012)
As an employee you are required to comply with reasonable instructions from your employer.

What level of security should our institution be using for personal information? (7 September 2012)
The seventh data protection principle provides that "Appropriate technical and organisational measures shall be taken ... (cont)

How can we monitor emails remotely? (4 May 2012)
Learners have a right of privacy to personal communications (article 8 of the European Convention on Human Rights) but colleges have ... (cont)

What Does the New "Cookie" Legislation Require us to do? (15 December 2011)
The law has changed that applies to how institutions must use cookies.

Can an institution use a cloud service provider that is unable to give assurances that personal data will not be transferred to a country outside the EEA? (28 October 2011)
It is important to recognise that in any situation where a data controller is using a data processor, the data controller remains responsible for compliance with the Data Protection Act 1998 (DPA).

Further FAQs (12 June 2009)
Links to further resources.

Consortium Agreements: A Short FAQ (12 July 2005)

This paper provides details on how to create an effective consortium agreement and explains why they are needed ... (cont)

Defamation Bill Set to Bite the Dust?
It is reported that the proposed Defamation Bill is no longer expected to become law.

Websites Forced to Identify Trolls (12 June 2012)
New government proposals, to be added to the Defamation Bill, state that internet 'trolling' victims have a right to know who is behind the malicious comments made about them.

What Does the New "Cookie" Legislation Require us to do? (15 December 2011)
The law has changed that applies to how institutions must use cookies.

Updated Guidance by the ICO on Cookies (14 December 2011)
Guidance has been issued by the ICO on how the rules apply for those operating websites and using cookies.

Personal Opinions Online Subject to the DPA (9 December 2011)
The High Court states that even where private individuals are expressing their own views online the requirements of lawful processing in the DPA can apply.

Defamation - Academics to get Increased Protection (20 October 2011)
Joint Committee report on defamation law recommends new notice and take-down internet procedures as well as increased protection for scientists and academics.

What's Personal and What's Anonymous Data? (16 June 2011)
A data controller is able to anonymise originally-personal data to make it free of data protection law constraints.

New ICO Regulations - Unwanted Emails - Cookies (27 April 2011)
Fines of up to £500,000 for the most serious incidents of sending unwanted emails.

New Law on Cookies Coming into Force (8 March 2011)
New law gives individuals more control over what information organisations can store on their computer.

Defamation Bill 2011 (11 February 2011)
This bill seeks to amend current defamation legislation and is progressing through Parliament. The main focus of the bill is to make sure that defamation legislation is fit for modern times.

Freedom of Information (Amendment Bill) 2010-11 (11 February 2011)
The Freedom of Information (Amendment Bill) is currently making its way through Parliament and is due to be further debated on the 18th March 2011.

What Constitutes Personal Data? (6 October 2010)
Data protection law needs to provide more clarity on what actually constitutes personal data.

Wanted - Your Views on New Public Sector Equality Duty (20 August 2010)
A consultation by the GEO seeks views on proposals for draft regulations on the new public sector equality duty.

Nowhere to Run - EU Online Copyright Infringement Agreement Being Drawn Up (28 July 2010)
A working party representing 37 EU countries is currently negotiating the Anti-counterfeiting Trade Agreement (ACTA) which intends to tackle online copyright infringements on an international level.

Equality Act Receives Royal Assent (14 April 2010)
On 8 April 2010 the Equality Act received royal assent after completing its parliamentary process.

EU Cookie Directive - Directive 2009/136/EC (6 April 2010)
This amendment directive requires consent for the placement of cookies on the Internet by tightening existing legislation in this regard, namely the, e-Privacy Directive, 2002/58/EC.

Data Protection Assessment Notices Code of Practice - Coroners and Justice Act 2009 (12 February 2010)
By virtue of Part 8 of the Coroners and Justice Act 2009 concerning the extended data protection audit powers available to the Information Commissioner's Office, a Code of Practice for Assessment Notices will be published in April 2010.

Data Breaches - ICO Raises the Stakes (28 January 2010)
Institutions falling to report data breaches can face financial penalties from April 2010

RIPA (Part 2) New Codes of Practice (22 January 2010)
Further to consultation on The Regulation of Investigatory Powers Act 2000, the Home Office has published new Codes of Practice that will come into force on 6 April 2010.

Sorting Out Your Records Collection (19 January 2010)
A council were found to be in breach of the Data Protection Act after sensitive personal data relating to social work records were found in a filing cabinet bought by a member of the public.

Page 1 of 2

First Previous [1] 2 Next Last

OER Teaching Resource - Production Flow Diagram

This flowchart highlights steps to follow and relevant permissions required when seeking to release non public material in SCOOTER, an OER.

Guide to Social Networking in the Workplace

ACAS guide offers practical tips on the impact of social networking on discipline and grievances, bullying, defamation, data protection and privacy.

JISC Identity Management Toolkit

JISC has launched a toolkit to allow information officers, IT directors, security managers and their staff to better understand the legal issues involved in managing identity issues.

Council of Europe Data Protection Website

The site includes overview information, legislation documents and a range of reports from the specialist committees

Equality Act 2010 - A Summary Guide for Public Sector Organisations

Guidance for public sector organisationsaims to make current equality law more consistent, clearer and easier to follow in order to make society fairer.

UK Access Management Federation (UK)

UK Access Management Federation for Education and Research - Recommendations for Use of Personal Data.

Identity Management Newslinks

University Sends Personal Data to Wrong Recipient
An English university, according to a BBC news story, sent an individual’s confidential documents to a former student with the same name.

SIC Updates Vexatious Briefing
The Scottish Information Commissioner has recently updated her guidance on dealing with vexatious requests.

Defamation Bill Set to Bite the Dust?
It is reported that the proposed Defamation Bill is no longer expected to become law.

Court Serves Blow to Online Pirates
UK Internet Service Providers (ISPs) including Sky, BT, Virgin Media and Talk Talk must block file-sharing websites Kickass Torrents, H33T and Fenopy, the High Court has ruled.

View all Identity Management news

Recent JISC Legal Events

No events listed.

Social Media