28/04/2015
Counter-Terrorism and Security Act 2015
Andrew Cormack, Chief Regulatory Adviser, @Janet_LegReg
Data retention
» More data added to DRIPA2015 list
› Essentially DHCP & NAT logs
» Only applies to public communications providers
› Not Janet
› Not universities, unless you offer public access
» Only applies when notified by Home Office
28/04/2015
RUGIT : April 27th 2015
2
PREVENT duty
“due regard for need to prevent people being drawn into terrorism”
» Guidance published: HE&FE required to “have regard” to that
» “should not add large/significant new burdens” to institutions
» Update policies/processes
› Safety, welfare, staff training, visitors, whistle-blowers, AUP
» Technology? Seems to say…
› If you filter harmful content, consider adding this
› But if not appropriate for that, not for this either
28/04/2015
RUGIT : April 27th 2015
3
Sensitive research
» Main concern: avoid false positives!
» If conducting legitimate research/study in these areas
› Know where it is
› Conduct it safely
› See existing UUK guidance
28/04/2015
RUGIT : April 27th 2015
4
Our conclusions
https://www.gov.uk/government/publications/preventduty-guidance
» Guidance builds on existing policies, processes, etc.
› Recognises existing good practice (e.g. safecampuses)
› Jisc developing on-line staff Awareness training
– Working with AoC/BIS
» No expectation of new technical “solutions”
» Duty in force for everything but HE/FE on 1st July 2015
28/04/2015
RUGIT : April 27th 2015
5
Find out more…
Andrew Cormack
Chief Regulatory Adviser, Jisc Technologies
[email protected]
https://community.ja.net/blogs/regulatorydevelopments
Except where otherwise noted, this
work is licensed under CC-BY-NC-ND
28/04/2015
RUGIT : April 27th 2015
11