GDPRtopics

11 March 2020 at 9:39am

Consultation: Assessing the impact of (re-)using campus data

Andrew Cormack
Intelligent Campus
Data Protection Regulation
GDPRtopics
Our university and college buildings already contain a surprising number of sensors that could collect information about those who occupy them. At a recent event I spotted at least half a dozen different systems in a normal lecture room, including motion detectors, swipe card readers, wireless access points, the camera and microphone being used to stream the event, and Bluetooth and other transmissions from the many laptops and devices we were all carrying.
Read more
4 June 2020 at 11:58am

Wellbeing Analytics Code of Practice: Consultation

Andrew Cormack
Data Protection Regulation
GDPRtopics
Learning Analytics
wellbeing
[UPDATE: thanks for your feedback. Final text has now gone into the Jisc production process :)]
Read more
24 January 2020 at 2:17pm

Learning Analytics: helping tutors help students

Andrew Cormack
Data Protection Regulation
GDPRtopics
Learning Analytics
#DALTAI_HE
Talking to new audiences, who may not share your preconceptions, is a great way to learn new things. So I was delighted to be invited to Dublin to talk about learning analytics as part of their DALTAí project (an English backronym creating the Irish for student: bilingualism creates opportunities!). The audience - and my fellow panellists - came from a particularly wide range: students, tutors, ethics, regulatory, administrative, etc. all around one table.
Read more
9 January 2020 at 4:21pm

EDPS preliminary opinion on Data Protection and Scientific Research

Andrew Cormack
Data Protection Regulation
GDPRtopics
The European Data Protection Supervisor has just published an interesting paper on the research provisions in the GDPR. The whole thing is worth reading, but some things particularly caught my eye:
Read more
6 December 2019 at 11:26am

Showing Accountability for Personal Data

Andrew Cormack
Data Protection Regulation
GDPRtopics
incident response
Learning Analytics
wellbeing
A few weeks ago I gave a presentation to an audience of university accommodation managers (thanks to Kinetic for the invitation), where I suggested that we should view Data Protection as an opportunity, rather than a challenge.
Read more
12 September 2018 at 8:06am

Penetration Testing - Legitimate Interests Assessment

Andrew Cormack
Data Protection Regulation
penetration testing
GDPRtopics
In developing our Data Protection Impact Assessment for the Janet Security Operations Centre we noted that our Penetration Testing service could involve high risks, but didn't really fit the DPIA framework.
Read more
31 May 2018 at 11:14am

Learning Analytics Dashboards

Andrew Cormack
Data Protection Regulation
GDPRtopics
Learning Analytics
Learning analytics dashboards, like the class mark books that long preceded them, show tutors a lot of information about their students. That could be pretty intrusive, so should universities and colleges be asking students to consent before tutors look at their data?
Read more
2 May 2018 at 11:48am

DPIAs: First Attempts

Andrew Cormack
Data Protection Regulation
GDPRtopics
Data Protection Impact Assessment
Article 35 of the General Data Protection Regulation introduces a requirement to conduct a formal Data Protection Impact Assessment (DPIA) for any processing that may involve a high risk to individuals. The Article 29 Working Party’s DPIA guidance contains a helpful list of nine factors that may give rise to a high risk. Any activity involving two or more factors is likely to require a DPIA.
Read more
1 May 2018 at 9:15am

Incident response, logfiles and the GDPR

Andrew Cormack
GDPRtopics
incident response
Data Protection Regulation
The Article 29 Working Party has recently highlighted the importance of detecting and mitigating information security breaches.
Read more
26 April 2018 at 9:46am

Research Provisions in the GDPR

Andrew Cormack
Data Protection Regulation
GDPRtopics
Like the current Data Protection Act 1998, the General Data Protection Regulation (GDPR) will apply to any research involving data about identifiable living individuals. Also like the Act, the Regulation provides for adaptation in a couple of areas where this is needed to make such research possible.
Read more
Subscribe to GDPRtopics