[OSX-Users] OSX upgrade warning

Jules Field Jules at ecs.soton.ac.uk
Thu Sep 22 10:52:19 BST 2016 

NHS patient records are an example of "sensitive personal data". Names 
and so on are examples of "personal data".
There is a legal difference (and quite a large one). The same rules do 
not apply to both.

On 22/09/2016 09:48, Christopher Gutteridge wrote:
> I've written to the security manager in iSolutions. His usual approach 
> is that for non legally protected data, like research etc, he'll help 
> you understand the risk and you can make a choice. However with 
> personal data he's (rightly) much more strict.
>
> I've asked if there's a recommended easy-to-consume page about good 
> practice and any services that are recommended or that we should avoid.
>
> My current understanding is that we shouldn't send people's personal 
> data to countries which do not have suitable data-protection laws. 
> There are exceptions if a specific company complies to rules, but just 
> shoving stuff in the cloud is reckless when it could cause harm if 
> leaked.
>
> Something to think about; would you be happy with the NHS casually 
> using dropbox to move patient records?
>
>
> On 22/09/2016 09:20, Tim Chown wrote:
>> Chris, we’re leaving the EU too, do we need to send all our documents 
>> to France? ;)
>>
>> But more seriously, yes, that sounds like a good idea.
>>
>> Tim
>>
>>> On 21 Sep 2016, at 21:42, Christopher Gutteridge 
>>> <cjg at ecs.soton.ac.uk> wrote:
>>>
>>> If useful I can ask if we can have some guidelines to help people 
>>> apply some basic rules to avoid the most serious risks. The basic 
>>> rule of thumb I work to is that non-public information about people, 
>>> even non-structured data, should not leave the EU. This is pretty 
>>> good stuff, it's to protect people, not profits. We do have a duty 
>>> to protect our staff, students and others who trust us with their data.
>>>
>>> Our staff clearly don't have a good touchstone for knowing what's OK 
>>> and what's really bad. The law is quite clear and the fines for 
>>> serious breaches are quite punitive.
>>>
>>>
>>> On 21/09/2016 16:28, Leslie Carr wrote:
>>>> It looks like (from Chris’ explanation of the institutional 
>>>> sensitivities) the issue is not “which platform” but “what documents”.
>>>>
>>>> So I am checking whether my historic course admin materials (which 
>>>> are on Dropbox) contain any marking information.
>>>>>>>> Les
>>>>
>>>>
>>>>> On 21 Sep 2016, at 16:11, Tim Chown <tjc at ecs.soton.ac.uk> wrote:
>>>>>
>>>>> Git is great for certain things.
>>>>>
>>>>> Concurrent joint editing of documents isn’t really one, e.g. 
>>>>> during a telecon (I also use etherpad for this).
>>>>>
>>>>> Easy access to files from a wide variety of platforms is another - 
>>>>> that’s where dropbox is so well integrated into many apps.
>>>>>
>>>>> But it’s a good question Vladi, and maybe some recommendations for 
>>>>> universities would be good to see.
>>>>>
>>>>> Tim
>>>>>
>>>>>
>>>>>
>>>>>> On 21 Sep 2016, at 15:58, Christopher Gutteridge 
>>>>>> <cjg at ecs.soton.ac.uk> wrote:
>>>>>>
>>>>>> We have at least two git repositories but I'm not sure of the 
>>>>>> official rules on access. ECS people can almost certainly use 
>>>>>> gitlab for non public git work.
>>>>>>
>>>>>> http://gitlab.soton.ac.uk/
>>>>>>
>>>>>>
>>>>>> On 21/09/2016 15:47, Vladimiro Sassone wrote:
>>>>>>> On 21 Sep 2016, at 15:35, Jules Field <Jules at ecs.soton.ac.uk> 
>>>>>>> wrote:
>>>>>>>> which incidentally is not good for a lot of purposes
>>>>>>> would you care to elaborate? As I see it, none of them (dropbox, 
>>>>>>> one drive, box, …) is any good for much, google drive and iCloud 
>>>>>>> a little bit better… Wouldnt be nice to just set up a university 
>>>>>>> Git repository…
>>>>>>>
>>>>>>> \vs
>>>>>>>
>>>>>>>
>>>>>> -- 
>>>>>> Christopher Gutteridge -- http://users.ecs.soton.ac.uk/cjg
>>>>>>
>>>>>> University of Southampton Open Data Service: 
>>>>>> http://data.southampton.ac.uk/
>>>>>> You should read our Web & Data Innovation blog: 
>>>>>> http://blogs.ecs.soton.ac.uk/webteam/
>>>>>>
>>> -- 
>>> Christopher Gutteridge -- http://users.ecs.soton.ac.uk/cjg
>>>
>>> University of Southampton Open Data Service: 
>>> http://data.southampton.ac.uk/
>>> You should read our Web & Data Innovation blog: 
>>> http://blogs.ecs.soton.ac.uk/webteam/
>>>
>>
>

Jules

-- 
Jules Field MEng MBCS CITP CEng
email+iMessage: Jules at ecs.soton.ac.uk
Twitter: @JulesFM

Senior Tutor, Electronics and Computer Science
Teaching Systems Manager, Faculty of Physical Sciences and Engineering
University of Southampton SO17 1BJ, UK

'No more impressive warning can be given to those who would confine
  knowledge and rsearch to what is apparently useful, than the
  reflection that conic sections were studied for eighteen hundred
  years merely as an abstract science, without regard to any utility
  other than to satisfy the craving for knowledge on the part of
  mathematicians, and that then at the end of this long period of
  abstract study, they were found to be the necessary key with which
  to attain the knowledge of the most important laws of nature.'
  - Alfred North Whitehead

More information about the Osx-users mailing list