With the new academic year in full swing, we've gathered some recent information compliance news to help keep you up to date with developments in Freedom of Information, data protection and information security.
We hope you find this useful. If you'd like to let us know what you think, contact email@example.com.
- Summer saw several significant personal data breaches at UK universities. Times Higher Education reports on how, at the University of Bedfordshire, confidential medical data was found unsecured and abandoned on campus.
- The UK Information Commissioner has taken action against Brunel following the loss, during building refurbishment, of documents containing personal data. The university has signed an undertaking, requiring induction and annual refresher training on data protection for all staff who routinely process personal data.
- Another undertaking was signed by King's College London, after a spreadsheet of student personal data was sent out to other students in error. Again, staff training was found to be an issue and the university is now required to ensure all staff handling personal data receive mandatory DPA training before the end of 2015, and that training must be refreshed every two years. At UEA, online or face-to face data protection training is mandatory for all staff handling personal data - see training section below for details.
- While these universities may have avoided a financial penalty from the Information Commissioner, Out-law report that other costs of serious data breaches can be significant. As the article shows, data breaches are also very common. All personal data breaches at UEA must be reported to the University's Strategy, Policy and Compliance team as soon as possible.
- Indiviudals can also pay a high cost if they mishandle personal data. The BBC reported on one former Morrison's employee who is currently serving an eight year jail term after deliberately posting staff data online.
- The Information Commissioner has also written that even accessing leaked personal data that's been made available online can be a breach of the DPA.
- Finally, a recent ruling by the Court of Justice of the EU could have a considerable impact on the way UK organisations share personal data with the US. The BBC has reported on the decision, and UEA's Paul Bernal has also commented on its significance. UEA is likely to be affected by this decision. If your department is involved in sharing any personal data with the US, please contact firstname.lastname@example.org for guidance.
- Occasionally UEA's response to a FOI request contributes to a news story. We may not always be identified, but a quick look at our disclosure log shows where we've contributed. The past few months have seen the outcome of several such requests. This article from Times Higher relates to a request on research grant income targets for academics.
- In another FOI-related article, this time a bit closer to home, Concrete reports on income from UEA accommodation.
- The Guardian reports on how Channel 4 used FOI to uncover data on plagiarism in schools and Universities.
- Times Higher Education reports on how FOI was again used in gathering data on how many HE staff are employed on zero-hours contracts.
- Finally, in our last newsletter we speculated on the changes that may be in store for the Freedom of Information Act. The government wasted little time in shaking things up, setting up a new Commission to review the Act. In September the Campaign for Freedom of Information reported on how 140 media bodies, campaign groups and others have written to the Prime Minister expressing ‘serious concern’ at the government’s approach to the Act. Given that journalists now routinely use the Act as a research tool this is not unexpected, but the outcome of the Commission remains to be seen.
- Advice from the experts on staying safe online [Business insider] and seven things security experts do to keep safe online [Guardian]. Two articles on the best ways to keep your identity safe, according to security experts.
- Information on the Counter-Terrorism and Security Act [Jisc - article no longer available]. Articles from the Jisc community on the Prevent duty.
- The Cyber Siege of Higher Education in North America [Educause Review]. Article on why US universities and colleges are high-priority targets for cyber attack.
- LastPass hack raises questions about security of password managers [Guardian]. Article asks, are password managers a good way to miminise the risk of being compromised online?
Online and face to face training is available for all UEA staff. For those who prefer online training, you can choose from:
- Data Protection (mandatory for any member of staff handling personal data)
- Freedom of Information
- Records Management
- Information Security (available from Blackboard)
- Copyright (available from Blackboard)
Each module takes around 30 minutes to complete, and includes activities to ensure you've mastered the key points.
Face to face training can be booked via CSED, or contact us to find out more about bespoke training for your department.