We have been running a system for the past year at Abertay which allows
students and staff access to information held on our central records system.
It allows authorised users (staff or students) access to a varying level of
information depending on the permissions that have been granted to the user.
The authentication system used relies on both on a valid login to our IT
network, and a secondary check on user vs a challenge / response setup. A
user can be anywhere that we have secure links to, or where they can login
via a virtual private network.
This has led to the situation where some of our students in Malaysia can
access their records, our staff when they visit have access but the
permanent staff in Malaysia have no access to certain parts of our student
record system.
Students and staff can view their academic history, HESA info and address
information in a secure and controlled manner. One benefit of this has
allowed us to do away with the necessity of posting result information on
notice boards, students can now look up their own results and if they choose
to tell their friends or anyone else it means that we have not disclosed
that information.
We offer students the opportunity to amend any data that we hold on them
either via email, calling into our reception or filling in a form and
posting it to us. Giving everyone the chance to maintain their own
information has started to lead to the idea that the student "owns" their
data and that they are responsible for keeping us informed of any changes.
I hope the above is helpful, I can offer further detailed info if anyone
wants it.
Garry
Garry D. Main
Analyst (Registry)
University of Abertay Dundee
Tel 01382 308917 / Fax 01382 308043
-----Original Message-----
From: Gordon Hunt [mailto:[log in to unmask]]
Sent: 14 June 2000 15:58
To: Paul Browning
Cc: [log in to unmask]
Subject: Re: CoP - Transfers of personal data to non-EEA countries
>Are we not very far from a future in which a Web page, visible
>only to staff (or students) who have authenticated in a secure
>way, will bring up the information an institution holds on them,
>offer some of it in a form that can be updated or corrected by
>them, and offer some checkboxes against some items which, if
>checked, cause the information to be displayed in a Web Directory?
We're already there, in fact - see the SCWEIMS Project
(http://www.malts.ed.ac.uk/scweims/), one of the SHEFC C&IT Programme
projects, which is developing exactly that kind of system, while a parallel
project, Scotmid (http://www.gla.ac.uk/scotmid/index.html) looks at
authentication issues.
Gordon
************************************************************
Gordon Hunt
Head of Information Services
Royal Scottish Academy of Music & Drama
100 Renfrew Street
Glasgow G2 3DB
Tel: 0141 332 4101 x269
Fax: 0141 332 5924
***********************************************************
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|