The project will analyse the legal, practical and technical aspects of consent management processes which are necessary to support the provision of personalised services and resources in UK further and higher education institutions, particularly with respect to the transfer of personal data to third parties.

Institutional Consent Management policy and Processes Supporting Personalisation

Overview

The project will analyse the legal, practical and technical aspects of consent management processes which are necessary to support the provision of personalised services and resources in UK further and higher education institutions, particularly with respect to the transfer of personal data to third parties. The project context is the JISC’s objective to build an online information environment that provides secure and convenient access to a comprehensive collection of scholarly and educational material. It builds on the Personalisation Studies (DPIE 2 in particular) and will link to the proposed Identity Management Toolkit and new Access and Identity Management Programme.

Aims and objectives

The project will focus on issues of data protection and investigate current policy and practice amongst institutions for gaining consent to the transfer of personal information to third party providers; the purposes for which this information is disclosed; the requirements for training or informing users of the use to which their personal information may be put and their responses to this use and potential online solutions for obtaining consent and exchanging information. The project will look at issues of federated access management related to this area.

Project Methodology

There are four main areas of work: desk research, surveys and interviews, technical evaluation and the resulting deliverables from these three. Research will focus on relevant legislation and legal issues, practical issues and proposed technical solutions plus how users are informed or trained on personal data transfers. The survey will focus on current institutional policies and practices and a sample directed survey of institutional representatives. This will be followed up by key stakeholder interviews. Technical evaluations will concentration on relevant online solutions in relation to course management and the exchange of information. For deliverables, please see below.

Anticipated outputs and outcomes

Interim, draft and final reports. Guidance and best practice will form part of the final report which will cover: 

  • Legal issues of data protection particularly with respect to consent management. 
  • Current policy and practice for obtaining consent from users for the transfer of their personal information to third party providers. 
  • How, currently, institutions engage with Service Providers. 
  • How findings fit with the UK Access Management Federation and JISC Identity and Access Management initiatives 
  • Legal, practical and technical requirements for training or informing users of the use to which their personal information might be put and their responses to this.

Project Staff

Project Manager

Jason Miles-Campbell, Service Manager jason.miles-campbell@jisclegal.ac.uk

Project Team are (JISC Legal, Learning Services, University of Strathclyde, unless otherwise stated): 

 

Bookmark and Share
Summary
Start date
6 April 2009
End date
6 September 2009
Funding programme
Information Environment Programme 2009-11
Strand
Resource discovery strand of Information Environment 09-11
Project website
Lead institutions
Univesity of Strathclyde, Glasgow
Partner institutions
CDLR, University of Strathclyde
Committees
  • JISC Infrastructure and Resources Committee
Topic