Data Protection Regulation

14 January 2019 at 10:00am

Brexit and GDPR

Andrew Cormack
Data Protection Regulation
brexit
Under current plans the UK will become - for data protection purposes - a "third country" when it leaves the EU.
Read more
12 December 2018 at 1:34pm

Explorations in GDPR

Andrew Cormack
Data Protection Regulation
incident response
Learning Analytics
Intelligent Campus
well-being
With the GDPR having now been in force for more than six months, my talk at this week's EUNIS workshop looked at some of the less familiar corners of the GDPR map. In particular, since EUNIS provided an international audience, I was looking for opportunities to find common, or at least compatible, approaches across the international endeavours of education and research. Topics covered: What is a University? Network and Information Security; Research; Learning Analytics; Intelligent Campus; and Wellbeing.
Read more
19 November 2018 at 2:34pm

Information Sharing and GDPR

Andrew Cormack
incident response
Data Protection Regulation
I've been asked a number of times whether GDPR affects the sharing of information between incident response teams. This slideset discusses how GDPR encourages sharing to improve security, and provides a rule of thumb for deciding when the benefit of sharing justifies the data protection risk.
Read more
12 November 2018 at 11:49am

Assessing the DP Impact of Jisc Security Services

Andrew Cormack
Data Protection Regulation
#Jiscsec
incident response
penetration testing
At last week's Jisc Security Conference I presented a talk on how we've assessed a couple of Jisc services (our Security Operations Centre and Penetration Testing Service) from a data protection perspective. The results have reassured us that these services create benefits rather than risks for Jisc, its customers and members, and users of the Janet network. This post links together:
Read more
27 September 2018 at 7:16am

Learning Analytics: Information Filtering

Andrew Cormack
Learning Analytics
Data Protection Regulation
An interesting observation made by a Dutch colleague earlier this week. The arrows in my standard model of learning analytics (here rearranged and recoloured to match the "swimlane" visualisation of the learning process) all mark "gatekeeper" points where information flow is filtered and reduced.
Read more
12 September 2018 at 8:06am

Penetration Testing - Legitimate Interests Assessment

Andrew Cormack
Data Protection Regulation
penetration testing
GDPRtopics
In developing our Data Protection Impact Assessment for the Janet Security Operations Centre we noted that our Penetration Testing service could involve high risks, but didn't really fit the DPIA framework.
Read more
17 August 2018 at 11:28am

Learning Analytics: a new visualisation

Andrew Cormack
Learning Analytics
Data Protection Regulation
Recently I've been presenting our suggested legal framework for learning analytics to audiences involved in teaching, rather than legal people. For that I've been trying out a different visualisation, which considers the teaching process as involving three layers:
Read more
16 August 2018 at 9:05am

Progress Report: ePrivacy Regulation

Andrew Cormack
ePrivacy Regulation
Data Protection Regulation
Cookies
Alongside the 1995 Data Protection Directive (DPD) sat the 2002 ePrivacy Directive (ePD), explaining how the DPD should be applied in the specific context of electronic communications.
Read more
3 August 2018 at 9:51am

WHOIS access for CSIRTs

Andrew Cormack
Data Protection Regulation
WHOIS
Domain Names
incident response
Over recent months the GDPR has given extra weight to concerns - originally expressed by regulators fifteen years ago - about public access to information about individual registrants of DNS domains. This article considers the use of this WHOIS data by those handling information security incidents, and why this represents a benefit, rather than a risk, to the objectives of data protection law.
Read more
15 June 2018 at 2:41pm

Learning Analytics and GDPR

Andrew Cormack
Learning Analytics
Data Protection Regulation
Since there was a lot of interest in my keynote presentation at the EUNIS 2018 conference last week, this post collects together the slides and the blog posts that provide further analysis and discussion of the ideas:
Read more
Subscribe to Data Protection Regulation