Also an FE college, we have had this conversation.
Article about EU/German law and key logging being an infringement of
European Convention of Human Rights
https://www.clydeco.com/insight/article/global-data-privacy-update-september-2017
I wonder if SSL Man In The Middle interception, (web monitoring and
another type of mass surveillance?), can be put on the same level of
infringement of human rights.
These can log almost as much as a keylogger - passwords, personal
information etc.
Our government, for Prevent, requires web filtering. If we do much more
than filtering, we may encroach on "profiling".
Prevent "monitoring" seems to refer to the effectiveness of the policy,
not website/url/keypress monitoring.
https://www.gov.uk/government/publications/prevent-duty-guidance
Statutory "guidance" (for England) suggests web monitoring:
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/550511/Keeping_children_safe_in_education.pdf
and links to saferinternet for more guidance:
https://www.saferinternet.org.uk/advice-centre/teachers-and-school-staff/appropriate-filtering-and-monitoring
which suggests some things, but not keylogging, or SSL interception.
Regards,
Simon
>>> On 09/02/2018 at 16:38, in message
<[log in to unmask]>, Ian
Headley
<[log in to unmask]> wrote:
> Looking for a bit of advice or experience from others please.
>
> We are a group of FE Colleges and a product is being debated which
satisfies
> our Prevent agenda whereas key logging and screen grabbing is
employed by a
> third party company. Details go off site, a human looks to see what
you were
> up to and from a safeguarding perspective, may report it back to the
> organisation.
>
> I asked them to sign a third party processing agreement with the
Group using
> our documentation as what they are doing is processing data from our
> organisation as a processor only and we are controller (for sake of
debate,
> the data is definitely PII).
>
> Short story is that the company won't sign to our conditions, they
are
> insisting we sign to theirs. Obviously we have reached somewhat of an
impasse
> now, pistols at dawn etc. as that isn't going to happen.
>
> Has anyone had experience of this type of monitoring specifically
from a DP
> point of view and trying to keep away for the IPA (just for now)? If
so, what
> agreements were in place to allow this?
>
> Thanks, in advance.
>
> Ian Headley
> Data Protection Officer
> RNN Group
>
>
> Please think of the environment before you print this email
>
> This message (including any attachments) is sent in confidence for
the
> addressee only and may contain confidential or sensitive information.
The
> contents are not to be disclosed to anyone other than the addressee.
> Dissemination, forwarding, printing or copying of this email is
strictly
> prohibited.
>
> Unauthorised recipients are requested to preserve this
confidentiality and
> to advise the sender of any errors in transmission or email
> [log in to unmask] for further advice
>
> Any contractual commitment intimated within this message will only be
> binding upon the RNN Group when confirmed by an official purchase
order or
> formal written contract
>
> Any views or opinions presented within this email are solely those of
the
> author and do not represent those of the RNN Group
>
> Should you require any further information about the RNN Group then
please
> visit our web site at www.rnngroup.co.uk
>
> *****************************************************
>
> We may monitor and disclose, in response to an official request, all
> incoming and outgoing emails in line with current legislation.
>
> We have taken steps to ensure that this email and any attachments are
free
> from any virus, but it remains your responsibility to ensure that
viruses do
> not adversely af
fect you
>
> *****************************************************
>
> National Fluid Power Centre Ltd. Carlton Road, Worksop,
Nottinghamshire. S81
> 7HP Registration No 02854049
> Create Skills Ltd. Carlton Road, Worksop, Nottinghamshire. S81 7HP
> Registration No 08998976
> Charnwood Training Group Ltd. Carlton Road, Worksop,
Nottinghamshire. S81
> 7HP Registration No 04770081
> Aston Recruitment & Training Ltd. Carlton Road, Worksop,
Nottinghamshire.
> S81 7HP Registration No 05157318
> Rotherham Education Services Ltd. Eastwood Lane, Rotherham, South
> Yorkshire. S65 1EG Registration No 08415740
> The RNN Group VAT group registration number is 164473106 and
incorporates
> all of the above subsidiarity companies
>
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data‑protection.html
> If you wish to leave this list please send the command
> leave data‑protection to [log in to unmask]
> All user commands can be found at
> https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
> Any queries about sending or receiving messages please send to the
list
> owner
> data‑protection‑[log in to unmask]
> Full help Desk ‑ please email [log in to unmask] describing
your needs
> To receive these emails in HTML format send the command:
> SET data‑protection HTML to [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
--
Mae'r e-bost hwn ac unrhyw ffeiliau atodedig yn gyfrinachol ac at sylw'r
unigolyn neu'r sefydliad a enwir uchod. Bydd
unrhyw farn neu sylwadau a fynegir yn perthyn i'r awdur yn unig ac ni
chynrychiolant o anghenraid farn Coleg Sir Gâr.
Os ydych chi wedi derbyn yr e-bost hwn ar gam, rhowch sylw i'r
gweinyddwr ar y cyfeiriad canlynol:
[log in to unmask]
Cysidrwch yr amgylchedd - a oes wir angen argraffu'r ebost hwn?
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to
whom they are addressed. Any views or opinions expressed are solely
those of the author and do not necessarily represent those of Coleg Sir
Gâr. If you have received this email in error please notify the
administrator on the following address:
[log in to unmask]
Please consider the environment - do you really need to print this
email?.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|