Last updated: 
2 weeks 1 day ago
Blog Manager
One of Jisc’s activities is to monitor and, where possible, influence regulatory developments that affect us and our customer universities, colleges and schools as operators of large computer networks. Since Janet and its customer networks are classified by Ofcom as private networks, postings here are likely to concentrate on the regulation of those networks. Postings here are, to the best of our knowledge, accurate on the date they are made, but may well become out of date or unreliable at unpredictable times thereafter. Before taking action that may have legal consequences, you should talk to your own lawyers. NEW: To help navigate the many posts on the General Data Protection Regulation, I've classified them as most relevant to developing a GDPR compliance process, GDPR's effect on specific topics, or how the GDPR is being developed. Or you can just use my free GDPR project plan.

Group administrators:

Wellbeing Analytics Code of Practice: Consultation

Jisc has been providing expert, trusted advice on digital technology in the education sector for more than 30 years. We know that technology and data have the ability to transform the student experience. But, as a membership organisation owned by research and educational institutions, we must ensure our advice and guidance are responsible and safe for students, staff and institutions. With universities and colleges concerned about wellbeing and mental health problems among students and staff, and suggestions that increased use of data might help them provide better support, we were delighted to have the opportunity of participating in the ICO sandbox to test our ideas of how this might be done without increasing the risks to students and staff.

In the event, our discussions with ICO colleagues have been even more productive than we had hoped. We have explored possible legal bases for processing personal data to support wellbeing and mental health services and expanded our draft Code of Practice to include all relevant safeguards. In addition, with the ICO’s encouragement and support, we have developed new tools for educational institutions to conduct Data Protection Impact Assessments (DPIAs) for their planned activities and to assess purpose compatibility when considering new data sources. These tools should help institutions meet their accountability duty in the General Data Protection Regulation (GDPR).

Having completed our sandbox engagement we are now conducting a public consultation on the Code of Practice, including its Data Protection Impact Assessment and Purpose Compatibility Assessment Annexes.

Any feedback is welcome, to Andrew.Cormack@jisc.ac.uk by the end of April, please. If you can structure your response as follows, this will help us ensure we have heard from a representative range of the document’s users and don't miss any comments.

== About you

1. Which kind of organisation do you work in?

2. Please state where your role sits within the organisation (e.g. Senior Management / Tutor / Wellbeing provider / Project Management / DP Specialist / Student Representative).

3. Please score your current level of data protection expertise  1-5 (with 1- very low, 2- low, 3- satisfactory, 4 - good, 5 – excellent).

== About the documents

Please rate the following on with a score of 1-5 (with 1- very poor, 2- poor, 3- satisfactory, 4 - good, 5 – excellent)

(please provide detail of any clarification required and/or additional risks that may need considering in the final section).

4. Level of detail?

5. How easy to use/understandable?

6. To what extent does it help you identify which lawful basis/condition for processing special category to use?

7. To what extent does it help you ensure that the data sources you use in wellbeing analytics are in compliance with data protection legislation?

== Additional comments/risks (you are also welcome to send these as marked-up comments/changes to the PDF)

Code of Practice...

DPIA template...

Purpose compatibility matrix...