OpenAthens Conference 2018 - Neil Scully and Martyn Jansen - Protecting the user
1. openathens.org
Protecting the user:
Data protection, privacy and security
Martyn Jansen
Contracts & Legal Manager
martyn.jansen@eduserv.org.uk
Neil Scully
Head of Development and Service Delivery
neil.scully@eduserv.org.uk
3. openathens.org
What we want to tell you about…
• Rights and freedoms of data subjects
• Transparency and information
• Minimisation
• Protection
• Breaches
4. openathens.org
Rights and freedoms
• The right to be informed
• The right of access
• The right to restrict processing
• The right to rectification, object and erasure
7. openathens.org
Protection
• Good measures required
• CIA
• Encryption and pseudonymisation
• Technology not the whole answer - privacy by default and design, PIA,
procedures and staff training
9. openathens.org
Managing personal data in OpenAthens
• Creating and managing personal accounts
• Releasing attributes to publishers (Service Providers)
• Dealing with access and deletion requests
• Data retention
19. openathens.org
Access & deletion requests
• Access requests
• To us – we will confirm with organisation administrator before acting
• To you – request via the OpenAthens Service Desk
• Full details sent in PDF
• Delete accounts
• Delete in the OAAdmin area (or via API)
23. openathens.org
User awareness
• OpenAthens privacy policy & T&Cs updated https://openathens.org/privacy/
• Make privacy policy more visible to users
• Link from sign in pages *
• E-mail templates *
• User review prompts *
(* Work to do)
24. openathens.org
Conclusion
• OpenAthens requires minimal personal data
• OpenAthens has considerable in-built privacy controls
• Some care with attribute release and peripheral processes
• User awareness