Resources
This page contains a list of resources that we think every information governance professional needs to know about. For those that have just started out or, if you have been ‘given’ responsibility for data protection, cyber security or AI strategy as part of the day job, we want to help you find your feet on what you should be looking at. We’ll keep the list updated and add new links and material from time to time.
If you think we should add something to these lists, drop us an email on [email protected].
Data Protection
Useful Websites:
Panopticon Information Law Blog
The Panopticon blog is a great website if you want to learn about the legal intricacies of information law. Giving great commentary on legal judgements it really helps you to develop your understanding about how the law works within established legal frameworks.
If you want to really get to grips with what the law says and how it works in practice, the Hawktalk blog is a great place to start. With a clear flow and some really useful references with every post, you’ll quickly start to build up your knowledge.
When the ICO takes formal action against an organisation by issuing an Enforcement Notice or a Monetary Penalty Notice, the organisation has a right to appeal to the First Tier Tribunal (FTT). This website contains the latest published decisions.
Free Resources:
Handbook on European Data Protection Law
Written in 2018 and released following the coming into effect of the GDPR, this is a core text for any new information law professional. The handbook provides a thorough grounding in the origins of data protection law, how the legal frameworks developed and how the EU-GDPR came into being as well as covering key definitions and concepts, signposting to important caselaw, and worked examples of how the EU-GDPR applies.
European Data Protection Board – Guidelines & Recommendations
Supervisory Authorities based in the EU apply the EU-GDPR. The EDPB is an independent European Body that is responsible for ensuring that the EU-GDPR is applied consistently across the EU. One of the roles of the EDPB is to issue guidelines about how certain elements of the EU-GDPR should be interpreted. Here is a link to their guidance page. While the UK is no longer part of the EU, if an organisation processes personal data of European Data Subjects the EU-GDPR is likely to apply. Every information law professional should ensure they keep their knowledge up to date about what the EDPB is producing.
Draft ICO Regulatory Action Policy
Contrary to the media hype, not every personal data breach can lead to a big fine. In fact, the ICO has historically been very selective about how it uses its enforcement powers. In order to better understand how the ICO works and when it is likely to take action, we recommend that anyone responsible for data protection reads through their approach to regulatory action. The link is the latest version and is still in draft, but it does give useful insight into the ICO’s priorities.
One of the most effective ways to assess how an organisations privacy program is functioning is to carry out an audit. This is one of the tools the ICO can use if it has significant concerns about how an organisation processes personal data. The ICO audit guide is another useful tool to help you understand how they operate and the types of things they look for if they carry out an audit.
This detailed guide covers a large number of significant data protection cases heard at the European Court of Human Rights up to 2020. Helpfully it contains links to all of the judgements.
Cyber Security
Useful Websites:
National Cyber Security Centre (NCSC): Guidance for Education
The NCSC provides guidance and resources tailored to various sectors, including education. This centralised hub has a range of useful resources website offers best practices, toolkits, and threat intelligence reports specific to the UK context.
Jisc provides digital solutions for UK education and research institutions. While Jisc are well known in the education sector, they offer a range of cyber security services advice and solutions and training that is less well known.
Security, including cyber security | ICO
Security of personal data plays a significant role in compliance with data protection law. This dedicated guidance from the ICO helps cyber security professionals understand how implementing effective security controls assist in improving compliance with data protection law.
Free Resources
The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications. This is a crucial resource for any cyber security professional engaged in discussions around secure design of web applications.
If you are trying to compare the benefits of different standards, this is a useful website.
UCISA Information Security Toolkit
UCISA (the Universities and Colleges Information Systems Association) have produced a useful toolkit for information security controls for the effective management of ISMS.
