Spring 2017 Information Compliance Newsletter Spring 2017 Information Compliance Newsletter

Finally, Spring has arrived, and we have collated another edition of our information compliance newsletter to update you on recent copyright, Freedom of Information and privacy news. If you'd like to let us know what you think, contact isd.spc@uea.ac.uk

Copyright in the news Copyright in the news

  • Out-Law reports on a voluntary code to address online copyright infringement: 'Under the code, Google and Microsoft's 'Bing' will take steps to demote links to copyright infringing content within their search results. Music and film industry bodies, the BPI and Motion Picture Association, are the other signatories of the code'  

freedom of information in the news freedom of information in the news

  • An article reflecting on the scrutiny by UCU of university FOI performance, and the challenges faced with running an FOI service in a university.
  • Article on sexual harassment in universities based on information obtained from 120 institutions via an FOIA request. UEA mentioned.
  • The Information Commissioner Elizabeth Denham has raised the bar for FOI compliance and any organisation failing to produce at least 90% of their responses within the statutory time limit can expect to be subject to monitoring.
  • Brexit WhatsApp messages released under FOI. Demonstrating that any kind of recorded information may be caught by FOI, this article describes how the Irish Department of Taoiseach were obliged to disclose transcripts of a group discussion. 

information security in the news information security in the news

  • The National Cyber Security Centre discusses the benefits and drawbacks of using password managers.
  • There is low confidence in the UK's ability to protect itself from cyber attacks due to a skills shortage and poor and inconsistent handling of breaches.

privacy in the news privacy in the news

  • Some advice from The Register on what to do to protect your data if you are planning on visiting the US.
  • The Guardian offers advice to a reader on what technical steps they can take to reduce their online activity visibility to monitoring agencies, which is now increased due to the passing of the Investigatory Powers Act 2016.
  • couple were awarded £17,000 in damages after the B&B they lived above installed CCTV which recorded sound and images from both the B&B and the couple's property.
  • A court in Ireland is considering whether the EU's highest court should be asked to rule on the validity of model contract clauses as a means for businesses to transfer personal data from the EU to the US. The model clauses are not considered to provide sufficient protection of privacy.
  • A recent court case clarified the adequacy of comprehensive searches for information relating to Subject Access Requests. Searches need only be reasonable and proportionate. 
  • An executive order by the new US President places in question the validity of the Privacy Shield mechanism for EU-US data transfers.
  • An Oxford college sent out 200 rejection emails to applicants including details on all other failed candidates. They asked for the email to be deleted by way of mitigation. 
  • Article reflecting on the Investigatory Powers Bill (now Act) and its potential to affect academic research.
  • Sports Direct is reported to have kept secret from its staff the fact that a cyber attack had led to the loss of unencrypted personal data. 
  • The ICO has fined a health firm £200k for a serious breach of the DPA by failing to secure sensitive personal data sent to and processed by a transcribing service.
  • The University of Brighton mistakenly included personal information about employees in response to a Freedom of Information request about pay scales. The university has reported the breach to the ICO.
  • The US Department of Justice (DoJ) plans to submit a legislative fix that would allow it to demand evidence stored on servers in other countries. The action is designed to circumvent a court ruling which said that DoJ could not demand emails from Microsoft because they were held on a server in Ireland.
  • Tim Berners-Lee writing in the Guardian notes that we have lost control of our personal data.
  • Universities must put sound data protection policies and practices in place if we are to adopt the latest education technologies (edtech).

Training training

Online and face to face training is available for all UEA staff. For those who prefer online training, you can choose from:

Each module takes around 30 minutes to complete, and includes activities to ensure you've mastered the key points.

Face to face training can be booked via CSED, or contact us to find out more about bespoke training for your department.

information compliance news on twitter information compliance news on twitter

Follow ISDTN on Twitter to get this and a lot more daily news of interest covering HE, information security, education, research, and information compliance.