 |
 |
This type of use of personal data is the way ahead but care still needs to be taken to meet all of the principles. An incident which happened a few years ago illustrates the dangers in this approach if the principles are not applied. Approaching the librarian to take some books out of the library details of the financial status of the students course fees were called up as part of the default access level of the computerised library system and used in idle conversation during the booking out process. Data protection compliant !!! Ian Welton ----- Original Message ----- From: GARRY D MAIN <[log in to unmask]> To: 'Gordon Hunt' <[log in to unmask]>; Paul Browning <[log in to unmask]> Cc: <[log in to unmask]> Sent: Wednesday, June 14, 2000 4:15 PM Subject: RE: CoP - Transfers of personal data to non-EEA countries > We have been running a system for the past year at Abertay which allows > students and staff access to information held on our central records system. > > > It allows authorised users (staff or students) access to a varying level of > information depending on the permissions that have been granted to the user. > The authentication system used relies on both on a valid login to our IT > network, and a secondary check on user vs a challenge / response setup. A > user can be anywhere that we have secure links to, or where they can login > via a virtual private network. > > This has led to the situation where some of our students in Malaysia can > access their records, our staff when they visit have access but the > permanent staff in Malaysia have no access to certain parts of our student > record system. > > > Students and staff can view their academic history, HESA info and address > information in a secure and controlled manner. One benefit of this has > allowed us to do away with the necessity of posting result information on > notice boards, students can now look up their own results and if they choose > to tell their friends or anyone else it means that we have not disclosed > that information. > > We offer students the opportunity to amend any data that we hold on them > either via email, calling into our reception or filling in a form and > posting it to us. Giving everyone the chance to maintain their own > information has started to lead to the idea that the student "owns" their > data and that they are responsible for keeping us informed of any changes. > > I hope the above is helpful, I can offer further detailed info if anyone > wants it. > > > Garry > Garry D. Main > Analyst (Registry) > University of Abertay Dundee > Tel 01382 308917 / Fax 01382 308043 > > -----Original Message----- > From: Gordon Hunt [mailto:[log in to unmask]] > Sent: 14 June 2000 15:58 > To: Paul Browning > Cc: [log in to unmask] > Subject: Re: CoP - Transfers of personal data to non-EEA countries > > > >Are we not very far from a future in which a Web page, visible > >only to staff (or students) who have authenticated in a secure > >way, will bring up the information an institution holds on them, > >offer some of it in a form that can be updated or corrected by > >them, and offer some checkboxes against some items which, if > >checked, cause the information to be displayed in a Web Directory? > > We're already there, in fact - see the SCWEIMS Project > (http://www.malts.ed.ac.uk/scweims/), one of the SHEFC C&IT Programme > projects, which is developing exactly that kind of system, while a parallel > project, Scotmid (http://www.gla.ac.uk/scotmid/index.html) looks at > authentication issues. > > Gordon > > ************************************************************ > Gordon Hunt > Head of Information Services > Royal Scottish Academy of Music & Drama > 100 Renfrew Street > Glasgow G2 3DB > > Tel: 0141 332 4101 x269 > Fax: 0141 332 5924 > *********************************************************** %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%