Dear Forced Migration JiscMail list subscribers,
We have been advised by JiscMail, which is the service that provides this mailing list, that they have reviewed and updated their service policies in line with the GDPR. These policies are now available at: https://www.jiscmail.ac.uk/policyandsecurity/index.html
The main changes in these service policies are two new sections: Section 5: Mailing List Privacy Notice and Section: 12: Data Protection Schedule, as well as re-numbering sections as appropriate, and there are some updates to: Section 4: Role of List Owners, Section 7: Mailing List Archives, Section 9: Limitations, Section 10: Data Protection. The new sections and updates are described below.
=== New section: https://www.jiscmail.ac.uk/policyandsecurity/index.html#5 Section 5: Mailing List Privacy Notice ===
Provides the default privacy notice for mailing lists, it explains how information information (provided by subscribers, when joining a mailing list or using a mailing list) is used, is stored and (in some cases) shared, and how it can be removed. As mentioned in the previous update, it is important that list owners make subscribers aware of the privacy notice.
Feel free to use the template from the service policies - remember to replace LISTNAME with the name of your list
=== New section: https://www.jiscmail.ac.uk/policyandsecurity/index.html#11 Section 11: Data Protection Schedule ===
This schedule describes the agreement between Jisc/JiscMail (the Data Processor), and the List Owner (Data Controller). As such GDPR requires that there be a written agreement between the Controller (LIST OWNER) and Processor (JiscMail) that sets out the Processor obligations with regard to this Processing. Jisc's legal team are taking a consistent approach with Jisc services and are putting in place a standard Data Protection Schedule (you may have already seen a version of this for other Jisc services you/your organisation may use).
=== Update: Section 4: Role of List Owners https://www.jiscmail.ac.uk/policyandsecurity/index.html#4 ===
We have added an additional point to the bullet which starts "Keeping the list active by......" the point now ends with "New mailing lists are expected to be used within 6 months of creation"
An additional statement has been added below these bullet points, referring to the new Data Protection Schedule:
"In relation to data protection legislation, each list owner is the Controller of the Personal Data in their lists, see the Section 12: Data Protection Schedule for details of JiscMail's obligations as a Processor of this Personal Information."
=== Update: Section: 7 Mailing List Archives https://www.jiscmail.ac.uk/policyandsecurity/index.html#7 ===
We have described the different types of mailing list archive settings which may be applied to a mailing list, and explained that "The archive privacy setting is displayed on a list homepage, www.jiscmail.ac.uk/LISTNAME (replacing LISTNAME with the name of the mailing list)"
=== Update: Section 9: Limitations https://www.jiscmail.ac.uk/policyandsecurity/index.html#9 ===
We have repeated limitations of the service, these existed in other sections of the policy, but we felt it was important to bring them together here too:
"JiscMail does not control or bear any liability for the content of messages you or others post to lists, it acts as a conduit for messages and we are not liable for the conduct of any other JiscMail user. JiscMail neither moderates nor edits messages before they are posted to the list.
JiscMail cannot assume any responsibility for the content of any messages sent to lists other than those from JiscMail themselves and we do not review, screen or edit the content."
We have added a sub-section called "Service Performance" to describe how we alert list owners of downtime (planned/unplanned).
=== Update:Section 10: Data Protection https://www.jiscmail.ac.uk/policyandsecurity/index.html#9 ===
The Data protection section has been updated to reference new legislation, and the following statement:
"The Data Protection Schedule sets out JiscMail's obligations to each list owner (the data Controller) with regard to any Personal Data it processes on behalf of the list owner. In the event of any conflict between the Data Protection Schedule and any other provision of these service policies, the relevant provision of the Data Protection Policy shall take precedence."
The final bullet point, about helpline enquiries, has been updated to refer to Jisc's privacy notice https://www.jisc.ac.uk/website/privacy-notice
Note: The material contained in this communication comes to you from the Forced Migration Discussion List which is moderated by the Refugee Studies Centre (RSC), Oxford Department of International Development, University of Oxford. It does not necessarily reflect the views of the RSC or the University. If you re-print, copy, archive or re-post this message please retain this disclaimer. Quotations or extracts should include attribution to the original sources.
E-mail: [log in to unmask]
Posting guidelines: http://www.forcedmigration.org/research-resources/discussion/forced-migration-discussion-list-posting-guidelines
List Archives: http://www.jiscmail.ac.uk/lists/forced-migration.html