Dear list members,
Please see below the detail of changes made in response to GDPR. The JISC Privacy and Security information can be found here: https://www.jiscmail.ac.uk/policyandsecurity/index.html
If you need general help using the JISC email lists please see: https://www.jiscmail.ac.uk/help/
Hope you are all enjoying the sunshine,
Heather Marshall (List Owner)
=== New section: https://www.jiscmail.ac.uk/policyandsecurity/index.html#5 Section 5: Mailing List Privacy Notice ===
Provides the default privacy notice for mailing lists, it explains how information information (provided by subscribers, when joining a mailing list or using a mailing list) is used, is stored and (in some cases) shared, and how it can be removed. As mentioned in the previous update, it is important that list owners make subscribers aware of the privacy notice.
Feel free to use the template from the service policies - remember to replace LISTNAME with the name of your list
=== New section: https://www.jiscmail.ac.uk/policyandsecurity/index.html#11 Section 11: Data Protection Schedule ===
This schedule describes the agreement between Jisc/JiscMail (the Data Processor), and the List Owner (Data Controller). As such GDPR requires that there be a written agreement between the Controller (LIST OWNER) and Processor (JiscMail) that sets out the Processor obligations with regard to this Processing. Jisc's legal team are taking a consistent approach with Jisc services and are putting in place a standard Data Protection Schedule (you may have already seen a version of this for other Jisc services you/your organisation may use).
We would ask all list owners to review the information in the Data Protection Schedule, and If you have any questions, please email [log in to unmask]
=== Update: Section 4: Role of List Owners https://www.jiscmail.ac.uk/policyandsecurity/index.html#4 ===
We have added an additional point to the bullet which starts "Keeping the list active by......" the point now ends with "New mailing lists are expected to be used within 6 months of creation"
An additional statement has been added below these bullet points, referring to the new Data Protection Schedule:
"In relation to data protection legislation, each list owner is the Controller of the Personal Data in their lists, see the Section 12: Data Protection Schedule for details of JiscMail's obligations as a Processor of this Personal Information."
=== Update: Section: 7 Mailing List Archives https://www.jiscmail.ac.uk/policyandsecurity/index.html#7 ===
We have described the different types of mailing list archive settings which may be applied to a mailing list, and explained that "The archive privacy setting is displayed on a list homepage, www.jiscmail.ac.uk/LISTNAME (replacing LISTNAME with the name of the mailing list)"
=== Update: Section 9: Limitations https://www.jiscmail.ac.uk/policyandsecurity/index.html#9 ===
We have repeated limitations of the service, these existed in other sections of the policy, but we felt it was important to bring them together here too:
"JiscMail does not control or bear any liability for the content of messages you or others post to lists, it acts as a conduit for messages and we are not liable for the conduct of any other JiscMail user. JiscMail neither moderates nor edits messages before they are posted to the list.
JiscMail cannot assume any responsibility for the content of any messages sent to lists other than those from JiscMail themselves and we do not review, screen or edit the content."
We have added a sub-section called "Service Performance" to describe how we alert list owners of downtime (planned/unplanned).
=== Update:Section 10: Data Protection https://www.jiscmail.ac.uk/policyandsecurity/index.html#9 ===
The Data protection section has been updated to reference new legislation, and the following statement:
"The Data Protection Schedule sets out JiscMail's obligations to each list owner (the data Controller) with regard to any Personal Data it processes on behalf of the list owner. In the event of any conflict between the Data Protection Schedule and any other provision of these service policies, the relevant provision of the Data Protection Policy shall take precedence."
The final bullet point, about helpline enquiries, has been updated to refer to Jisc's privacy notice https://www.jisc.ac.uk/website/privacy-notice
Glasgow Caledonian University is a registered Scottish charity, number SC021474