Dear COSCH list members,
as mentioned in my previous e-mail I forward a second e-mail I received
from JISCMail for your information.
You have received this message because your email address is registered
for the COSCH-JISCMail mailing list.
Dear COSCH List Members,
Since my previous update on JiscMail and GDPR (https://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=OWNERS-ANNOUNCE;5c7d822f.1805) we have now reviewed and updated our service policies, which are now available at: https://www.jiscmail.ac.uk/policyandsecurity/index.html
The main changes in these service policies are 2 new sections: Section 5: Mailing List Privacy Notice and Section: 12: Data Protection Schedule, as well as re-numbering sections as appropriate, and there are some updates to: Section 4: Role of List Owners, Section 7: Mailing List Archives, Section 9: Limitations, Section 10: Data Protection. The new sections and updates are described below.
***Action for all list members***
1. Please read through the changes. If you have any questions about these (or want to make changes to your mailing lists) please email [log in to unmask]
=== New section: https://www.jiscmail.ac.uk/policyandsecurity/index.html#5 Section 5: Mailing List Privacy Notice ===
Provides the default privacy notice for mailing lists, it explains how information information (provided by subscribers, when joining a mailing list or using a mailing list) is used, is stored and (in some cases) shared, and how it can be removed. As mentioned in the previous update, it is important that list owners make subscribers aware of the privacy notice.
=== New section: https://www.jiscmail.ac.uk/policyandsecurity/index.html#11 Section 11: Data Protection Schedule ===
This schedule describes the agreement between Jisc/JiscMail (the Data Processor), and the List Owner (Data Controller). As such GDPR requires that there be a written agreement between the Controller (LIST OWNER) and Processor (JiscMail) that sets out the Processor obligations with regard to this Processing. Jisc's legal team are taking a consistent approach with Jisc services and are putting in place a standard Data Protection Schedule (you may have already seen a version of this for other Jisc services you/your organisation may use).
We would ask all list owners to review the information in the Data Protection Schedule, and If you have any questions, please email [log in to unmask]
=== Update: Section 4: Role of List Owners https://www.jiscmail.ac.uk/policyandsecurity/index.html#4 ===
We have added an additional point to the bullet which starts "Keeping the list active by......" the point now ends with "New mailing lists are expected to be used within 6 months of creation"
An additional statement has been added below these bullet points, referring to the new Data Protection Schedule:
"In relation to data protection legislation, each list owner is the Controller of the Personal Data in their lists, see the Section 12: Data Protection Schedule for details of JiscMail's obligations as a Processor of this Personal Information."
=== Update: Section: 7 Mailing List Archives https://www.jiscmail.ac.uk/policyandsecurity/index.html#7 ===
We have described the different types of mailing list archive settings which may be applied to a mailing list, and explained that "The archive privacy setting is displayed on a list homepage, www.jiscmail.ac.uk/COSCH"
=== Update: Section 9: Limitations https://www.jiscmail.ac.uk/policyandsecurity/index.html#9 ===
We have repeated limitations of the service, these existed in other sections of the policy, but we felt it was important to bring them together here too:
"JiscMail does not control or bear any liability for the content of messages you or others post to lists, it acts as a conduit for messages and we are not liable for the conduct of any other JiscMail user. JiscMail neither moderates nor edits messages before they are posted to the list.
JiscMail cannot assume any responsibility for the content of any messages sent to lists other than those from JiscMail themselves and we do not review, screen or edit the content."
We have added a sub-section called "Service Performance" to describe how we alert list owners of downtime (planned/unplanned).
=== Update:Section 10: Data Protection https://www.jiscmail.ac.uk/policyandsecurity/index.html#9 ===
The Data protection section has been updated to reference new legislation, and the following statement:
"The Data Protection Schedule sets out JiscMail's obligations to each list owner (the data Controller) with regard to any Personal Data it processes on behalf of the list owner. In the event of any conflict between the Data Protection Schedule and any other provision of these service policies, the relevant provision of the Data Protection Policy shall take precedence."
The final bullet point, about helpline enquiries, has been updated to refer to Jisc's privacy notice https://www.jisc.ac.uk/website/privacy-notice
As always, if you have any questions about these changes, or want any help or information about your lists, please contact us at [log in to unmask]
Thanks for supporting JiscMail.
Collaboration services manager
[log in to unmask]
0300 300 2212