Access Management

13 August 2012 at 10:59am

MoJ Summary of Data Protection Responses

Andrew Cormack
Access Management
Breach Notification
Data Protection Regulation
Privacy
incident response
Cloud computing
The Ministry of Justice have published a summary of the responses to their consultation on European Data Protection proposals. On the issues we raised around Internet Identifiers, Breach Notification and Cloud Computing there seems to be general agreement with our concerns.
Read more
2 July 2012 at 2:58pm

Pseudonyms and Data Protection

Andrew Cormack
Access Management
Privacy
Data Protection Directive
Data Protection Act
The Information Commissioner’s consultation on an Anonymisation Code of Practice is mainly concerned with the exchange or publication of datasets derived from personal data. However it once again highlights the long-standing confusion around the treatment of pseudonyms under Data Protection law.
Read more

Identity and Access Management

Malcolm Teague
24 October 2013 at 3:16pm
Access Management
Identity
NHS-HE
health
The NHS in England, Scotland and Wales use OpenAthens for access management for electronic journal and kowledge base resources e.g. It was announced on 19th February 2013 that NICE have contracted with Eduserv for 2 years for the NHS in England to use OpenAthens:
Read more
12 June 2012 at 9:30am

Draft EU Regulation on eIdentities

Andrew Cormack
Access Management
Breach Notification
eSignature Directive
The European Commission have proposed a draft eIdentity Regulation, to replace the current eSignatures Directive (99/93/EC). While the proposal is mostly concerned with inter-operability of national electronic IDs and improving the legal significance of digital signatures, timestamps, documents, etc.
Read more
6 June 2012 at 1:42pm

Choosing the Right Identifier

Andrew Cormack
Access Management
Privacy
In discussing a legal framework for federated access management we’ve concluded that the right approach to use as a basis for exchanging attributes is that a particular attribute is “necessary” to provide a service. That implies both that service providers shouldn’t ask for attributes they don’t need, and also that where there is a choice of attributes that could be used they should choose the one that includes the smallest amount of unnecessary information.
Read more
13 August 2012 at 10:57am

Draft Identity and Privacy Principles from Government Data Service

Andrew Cormack
Privacy
Access Management
The Government Data Service have published draft identity and privacy principles for federated access management (FAM) systems. It’s interesting to compare these with the approach that has been taken by Research and Education Federations to see whether we have identified the same issues and solutions.
Read more
6 June 2012 at 11:48am

Consent - the last resort?

Andrew Cormack
Access Management
Data Protection Directive
Data Protection Regulation
I did a presentation at the EEMA eID Interoperability conference last month on alternatives to "consent" in federated access management. At the moment consent seems to be the most often cited justification for processing personal data – websites frequently say that "by using this site you consent to...".
Read more
6 June 2012 at 11:20am

ICO Comments on EU Data Protection proposal

Andrew Cormack
Access Management
Breach Notification
Data Protection Regulation
Privacy
The Information Commissioner has published his initial analysis of the EU Data Protection proposals.
Read more
4 July 2012 at 5:02pm

MoJ Evidence on EC Data Protection proposal

Andrew Cormack
Access Management
Breach Notification
Cloud computing
Data Protection Regulation
Privacy
incident response
I've just sent in a Janet submission to the Ministry of Justice's Call for Evidence on the EU Data Protection proposals. Our response mentions the good and bad things about the proposal, as discussed here previously, for
Read more
6 June 2012 at 11:14am

Data Protection Proposal: Federated Access Management

Andrew Cormack
Access Management
Data Protection Regulation
Privacy
The European Commission’s proposed Data Protection Regulation supports recent thinking in moving away from using consent as a basis for federated access management systems.
Read more
Subscribe to Access Management