JISC Legal : Identity Management

Site Map
Privacy Statement
Copyright Policy
Accessibility
Feedback

COOKIES: This site uses Google Analytics Cookies for performance monitoring only. By using our website you agree that we can place these cookies on your device.

Legal Guidance for ICT Use in Education, Research and External Engagement

Home
My Role
Legal Areas
Themes
Contact Us
- Enquiry Form
About Us
Training
- JISC Legal Plus

Content

Themes

Identity Management

Data Protection Intro

Identity Management

In many cases it may be possible, for an institution, to provide online services without the release of information that identifies a particular person, and in this case, no data protection issues arise. However, in other circumstances, identity will be necessary to the provision of access or personalisation. The processing of personal information will only be legal if done in compliance with the principles laid down by the Data Protection Act 1998. The first, core principle requires processing (including transfer) to be fair and lawful. In order to meet this requirement, one of the "Schedule 2" conditions for processing must be met. The most commonly relied on condition is "consent", in other words, that the data subject has agreed to the processing after having reasonable notice of what processing is proposed.

Resources

Guidance
FAQs
Law Watch
Links

Mobile Technologies and the Law Webcast (14 March 2012)

Our Mobile Technologies and the Law webcast (streamed live on 14 March 2012) can now be accessed in captioned, bite-sized segments.

Cookies - Six Months Until Enforcement (25/11/2011)
The law has changed that applies to how cookies are used by websites.

Personal Data and Consent Management: A Briefing Paper (16/11/2011)This guidance is designed to help institutions deal with consent management when sharing personal data across and between institutions and external service providers.

Consent Management: Handling Personalisation Data Lawfully (21/02/2011)

This JISC Legal study, funded by JISC's Information Environment Programme, addresses clear questions that arise in relation to learners’ access and identity.

The Digital Economy Act 2010: Implications for UK Colleges and Universities (23/07/2010)

This guidance document examines the Digital Economy Act 2010 and its implications for universities and colleges in the UK.

Initial Comparison of Federation Attributes (01/01/2008)

From the service provider and federation surveys, most expressed a neutral view as to the adoption of new attributes.

Feasibility of Cross-Jurisdiction Common Access Management Federation Agreements - PPT (01/01/2008)

An investigation into the feasibility of cross-jurisdiction common access management federation agreements.

Feasibility of a Cross-Jurisdiction Common Access Management Federation Agreement - Report (01/01/2008)

A report on the legal aspects of common agreements for federation-identity provider and federation-service provider agreements.

Data Protection Essentials (24/08/2007)

A point by point guide to Data Protection Law for FE and HE.

Data Protection Overview (15/08/2007)

This overview explains the application of the Data Protection Act 1998 (the 'Act') to UK further and higher education institutions.

Data Retention Directive Overview (21/06/2007)
This overview paper briefly clarifies the current situation with regard to retention of communications traffic data by certain UK organisations.

Consortium Agreements: A Short FAQ (12/07/2005)

This paper provides details on how to create an effective consortium agreement and explains why they are needed ... (cont)

How can we monitor emails remotely? Learners have a right of privacy to personal communications (article 8 of the European Convention on Human Rights) but colleges have ... (cont)

What Does the New "Cookie" Legislation Require us to do?

The law has changed that applies to how institutions must use cookies.

Can an institution use a cloud service provider that is unable to give assurances that personal data will not be transferred to a country outside the EEA?It is important to recognise that in any situation where a data controller is using a data processor, the data controller remains responsible for compliance with the Data Protection Act 1998 (DPA).

What level of security should our institution be using for personal information?

The seventh data protection principle provides that "Appropriate technical and organisational measures shall be taken ... (cont)

Further FAQsLinks to further resources.

Consortium Agreements: A Short FAQ (12/07/2005)

This paper provides details on how to create an effective consortium agreement and explains why they are needed ... (cont)

What Does the New "Cookie" Legislation Require us to do?

The law has changed that applies to how institutions must use cookies.

Updated Guidance by the ICO on Cookies
Guidance has been issued by the ICO on how the rules apply for those operating websites and using cookies.

Personal Opinions Online Subject to the DPA

The High Court states that even where private individuals are expressing their own views online the requirements of lawful processing in the DPA can apply.

Defamation - Academics to get Increased Protection
Joint Committee report on defamation law recommends new notice and take-down internet procedures as well as increased protection for scientists and academics.

What's Personal and What's Anonymous Data?

A data controller is able to anonymise originally-personal data to make it free of data protection law constraints.

New ICO Regulations - Unwanted Emails - Cookies

Fines of up to £500,000 for the most serious incidents of sending unwanted emails.

New Law on Cookies Coming into Force

New law gives individuals more control over what information organisations can store on their computer.

Defamation Bill 2011

This bill seeks to amend current defamation legislation and is progressing through Parliament. The main focus of the bill is to make sure that defamation legislation is fit for modern times.

Freedom of Information (Amendment Bill) 2010-11

The Freedom of Information (Amendment Bill) is currently making its way through Parliament and is due to be further debated on the 18th March 2011.

What Constitutes Personal Data?

Data protection law needs to provide more clarity on what actually constitutes personal data.

Wanted - Your Views on New Public Sector Equality Duty

A consultation by the GEO seeks views on proposals for draft regulations on the new public sector equality duty.

Nowhere to Run - EU Online Copyright Infringement Agreement Being Drawn Up

A working party representing 37 EU countries is currently negotiating the Anti-counterfeiting Trade Agreement (ACTA) which intends to tackle online copyright infringements on an international level.

Equality Act Receives Royal Assent

On 8 April 2010 the Equality Act received royal assent after completing its parliamentary process.

EU Cookie Directive - Directive 2009/136/EC

This amendment directive requires consent for the placement of cookies on the Internet by tightening existing legislation in this regard, namely the, e-Privacy Directive, 2002/58/EC.

Data Protection Assessment Notices Code of Practice - Coroners and Justice Act 2009 (12/02/2010)

By virtue of Part 8 of the Coroners and Justice Act 2009 concerning the extended data protection audit powers available to the Information Commissioner's Office, a Code of Practice for Assessment Notices will be published in April 2010.

Data Breaches - ICO Raises the Stakes

Institutions falling to report data breaches can face financial penalties from April 2010

RIPA (Part 2) New Codes of Practice (22/01/2010)

Further to consultation on The Regulation of Investigatory Powers Act 2000, the Home Office has published new Codes of Practice that will come into force on 6 April 2010.

Sorting Out Your Records Collection

A council were found to be in breach of the Data Protection Act after sensitive personal data relating to social work records were found in a filing cabinet bought by a member of the public.

Revised Code of Practice under Section 60 of the FOI (Scotland) Act 2002 (22/12/2009)

The consultation on a revised code of practice can be found on the Scottish Government website.

EU Commission's Telecoms Reform Package (30/11/2009)

The European Parliament has voted in favour of new and updated legislation governing Europe's telecoms industry.

Page 1 of 2

First Previous [1] 2 Next Last

Guide to Social Networking in the Workplace

ACAS guide offers practical tips on the impact of social networking on discipline and grievances, bullying, defamation, data protection and privacy.

JISC Identity Management Toolkit

JISC has launched a toolkit to allow information officers, IT directors, security managers and their staff to better understand the legal issues involved in managing identity issues.

Council of Europe Data Protection Website

The site includes overview information, legislation documents and a range of reports from the specialist committees

Equality Act 2010 - A Summary Guide for Public Sector Organisations

Guidance for public sector organisationsaims to make current equality law more consistent, clearer and easier to follow in order to make society fairer.

UK Access Management Federation (UK)

UK Access Management Federation for Education and Research - Recommendations for Use of Personal Data.

Search Site

Recent JISC Legal Events

Video Introduction - Cloud Computing and the Law Webcast - (30 May 2012, 2pm, Online)

This webcast will examine and clarify the legal challenges for colleges and universities that are using or considering using cloud computing services.

Social Media