Andrew Cormack

Chief regulatory adviser

My blog posts

Information Sharing in Emergencies

The Information Commissioner’s new blog post explains how Data Protection law should be seen as a guide to when and how to share information in... >>

Regulatory developments blog


My role is to keep Jisc, its members and customers informed about the legal, policy and security issues around networks, networked services and data.

Over the past twenty years there have been many new laws relevant to Jisc’s services, from the Regulation of Investigatory Powers Act to the General Data Protection Regulation (GDPR). As Jisc innovates in its use of technology and data, we also need to lead understanding of how laws can guide the development of those activities.

Our experience of how technology works in large-scale practice also lets us contribute to the development of new laws - for example on defamation, criminal content and data protection - to make them more effective in protecting people, data and systems.


Previously I ran the JANET-CERT and EuroCERT incident response teams.

Media coverage

A year to get your act together: how universities and colleges should be preparing for new data regulations
FE News, August 2017

Preparing for the GDPR
University Business, December 2016