Author Archives: Peter Tinson

Is Jill Watson after your job?

She began work as a teaching assistant at Georgia Tech in January 2016, helping students on a masters level artificial intelligence course. At first, she needed help from her colleagues but she soon learnt and it wasn’t long before she was providing support to all students without assistance. Human assistance that is. “Jill” was the creation of course leader Ashok Goel – an artificial intelligence tutor developed using IBM’s Watson platform.

The course was entirely online and questions were submitted via an online forum. Initially the AI derived answers weren’t so good so the human tutors responded. But as time went on “Jill”’s answers improved so the tutors took the answers and posted them to the forum. Within a short space of time, the answers were near perfect and the AI instance was responding directly to the students. The students were not aware that they weren’t dealing with a real person – but then, do they really care if they are getting good advice?

This isn’t the only form of AI that I have seen applied in the education environment. At EDUCAUSE last year, I saw a demonstration of an AI based chat bot that guided an applicant through the process of identifying a suitable course at university and ultimately the application process itself. I was driving the questions, playing the role of the applicant – the responses were reassuring and at the end of the process, I felt satisfied that I had been given good advice.

In both instances, the AI instance will have had to learn from real life examples to build up its knowledge bank in order to make informed decisions. In the case of Jill Watson, that learning took little time; with the AI applications assistance there was more initial programming which was underpinned by some clear rules and expectations. But given that in both examples, the AI instance learnt from patterns of behaviour exhibited by real people, is there scope for using artificial intelligence at the service desk?

The answer has to be yes. The service desk system has a wealth of information about problems and their solutions that can be drawn upon and used to address submitted problems. There are many repetitive questions that get asked of a service desk which could easily be handled by an AI instance. Many service desks have identified these – password resets being an obvious example – and have sought to reduce the impact of these through FAQ sections and similar channels. But how effective are these mechanisms? Do they help deliver a one stop shop?

Could AI further aid service desk staff? It could – dealing with repetitive queries is one thing but artificial intelligence could be deployed to recognise similar questions from the bank of queries in the service management system and identify solutions. The service desk staff would then be able to give a quicker response rather than having to re-learn how to deal with a problem or seek out the expert that dealt with it last time around. Alternatively, the AI system might identify the person with the most expertise and route the query accordingly.

AI is far quicker at identifying patterns than people. As a result an artificial intelligence based system would give an earlier indication of an incident or bug and so help the service desk respond more quickly (perhaps before some realised there was a problem).

So where will that leave the service desk? Will the use of AI allow service desk staff to focus on the really meaty problems that are more satisfying to solve or will it give staff the opportunity to focus on new areas? Alternatively, will it lead to a deskilling of staff, an unrewarding role reduced to passing on solutions that are drawn down from a vast body of previous experience? Is Jill Watson going to take your job?

HERB, TEF and Brexit – a maelstrom of change

In this post to accompany the Exhibitor briefing for the UCISA17 Conference, UCISA Executive Director Peter Tinson considers the current political landscape and its impact on the education sector.

The machinations of leaving the European Union continue to feature strongly in the news headlines and this is likely to be the case at least until there is some clarity on the UK’s future relationship with the remainder of the EU (and probably for some time after that). However, the impact of Brexit is already being felt by higher education institutions. The number of EU students applying for undergraduate study through UCAS fell by 7% from last year contributing to an overall decline in applications at the January UCAS deadline. Although UCAS receives a good proportion of applications after this deadline, since most of these come from groups that have seen the steepest decline in applications (international, EU and older (19+) students), there are little grounds for optimism that the numbers will recover.

In addition to Brexit, the Government policy of placing tighter restrictions on visas for non-EU students has also had an impact. Since 2010, when the Coalition Government came to power, the number of international students has fallen by around 43,000. The fall has been concentrated in the middle and lower ranking institutions and contrasts with other higher ranked institutions that have increased their international student intake, in some cases substantially. In England, this compounds the effect of competition for undergraduate places that resulted when the cap on student numbers was withdrawn. The more successful institutions have managed (and in many cases, planned) to increase undergraduate student numbers with the lower ranked institutions failing to attract their target numbers. As a consequence, the gap between the most successful and those that depend on student recruitment will continue to grow.

There is potentially some good news for the sector with the publication of the Government’s Industrial Strategy. Although the full details have yet to emerge, universities will benefit from both investment in innovation, technology and research and from a strengthened regional development agenda. In addition, there are proposals for new Institutions of technology that will deliver vocational focused qualifications in STEM subjects. What the relationship will be between such institutions and their local universities and colleges remains to be seen – given the developments in the further education sector (see below), partnerships between institutions of technology and universities cannot be ruled out.

The Government announced a number of amendments to the Higher Education and Research Bill. These may appease some of the Bill’s critics, particularly in the House of Lords, and subsequently ease its passage through Parliament. The Bill has not been watered down completely however – there remain some potential disruptors to the sector and Jo Johnson’s desire to see new entrants to the market remains strong. There is a strong push towards the provision of accelerated degrees. It will be interesting to see if those institutions that are currently suffering falling student numbers take the opportunity to develop accelerated degree programmes or whether alternative providers will see a gap in the market to develop new offerings.

There is reference to the Teaching Excellence Framework (TEF) within the Bill with the amendments deferring implementation of a subject level TEF to 2019/20. The TEF will continue to evolve – the suggestion is that this year will be one to see the effect and impact with any lessons learned giving rise to change in subsequent years. Any changes may have to take into account the sector’s response to the new measure. The TEF can apply to any higher education provider, be it a traditional institution, a further education college providing HE, or an alternative provider. There appears to be some dissention in the ranks – WonkHE has identified six institutions, including two alternative providers, that opted out of the first stage and reported that thirty three institutions have opted out of TEF2 in spite of being eligible. Is this an indicator that an exercise that was initially badged as being light touch has now become sufficiently burdensome that the burden outweighs the value to the institution?

Finally, the reports on the further education area reviews in England have been being published since November. The reviews invited colleges, employers and other local representatives to review provision and make recommendations to “ensure employers and young people get the skills and training they need to help their local area thrive”. Most recommendations centre on mergers, consolidations and strategic collaborations. Whilst many of the proposed mergers have been between further education colleges in a given area, there have been a number of collaborations proposed between further and higher education institutions and at least one merger between an FE college and university. The proposals in England are similar to recent changes made to the further education sector in both Scotland and Wales – with both higher and further education now under the same Government department, could this be the precursor to closer collaboration and an integrated skills and higher education policy?

Sources:
Times Higher: UK’s ‘lower ranked’ universities take non-EU student hit (23 February)
WonkHE: Path clears for HE Bill as Government announces major changes (24 February)
WonkHE: TEF1, TEF2 and a complex game of snakes and ladders (20 February)

Review of the year

In what has been an extremely turbulent year UCISA, through the work of its Executive, its Groups and the UCISA Office, has sought to address the needs of our community in these uncertain times. Brief highlights of this work are given below.

UCISA’s work continues to be cited and our expertise sought by others:

  • The report from the Science and Technology Committee of the House of Commons into the technology issues of the Investigatory Powers Bill reflected the concerns expressed in UCISA’s response about the scope and cost of implementation of the Bill. Now the Bill has been passed by both Houses of Parliament, UCISA will be looking at the implications for UK universities and colleges;
  • UCISA’s Model Regulations and suggested amendment to accommodate the Counter Terrorism legislation were referenced in the Advice Note accompanying HEFCE’s revised framework for monitoring the Prevent duty in higher education institutions in England. UCISA will continue to review guidance and recommendations to ensure that it meets the needs of both the legislation and the sector, and is effective and proportionate;
  • UCISA was represented on the Advisory Board for the Higher Education Data and Information Improvement Programme (HEDIIP) and is represented on both the Programme and Advisory Boards for the HESA Data Futures Programme;
  • UCISA continues to have representation on the UCAS Council.

We have provided advice and guidance to our members through:

  • The provision of an online Information Security Awareness Training course free to our Full members. The course can be downloaded free of charge from the UCISA website as a zipped SCORM 1.2 package which may then be imported into a VLE. We are currently reviewing an updated version of the course and expect to make an announcement on its availability early in the New Year;
  • The UK Higher Education Learning Space Toolkit, a collaboration between UCISA, AUDE and SCHOMS, our sister organisations for Directors of Estates and Media Services staff, was published in February. The Toolkit provides guidance for Audiovisual, IT and Estates teams and demonstrates why the provision of excellent learning spaces should be a strategic, institution wide concern. UCISA are collaborating further with SCHOMS, AUDE and a number of other organisations to develop case studies based on the Toolkit content;
  • The Effective Benefits Management for IT and Business Change Projects Toolkit provides an overview of the principles behind achieving Benefits Realisation and tools for use in projects;
  • The Government has advised that General Data Protection Regulation (GDPR) will become law in the UK in May 2018 as planned. We published a number of pieces on the regulation and will be publishing a briefing paper on the implementation of the GDPR in 2017.

In 2016, we have promoted the sharing of good practice through:

  • Running seven face to face events including five multiday conferences, all of which were fully booked. Every event, bar one, included participation from our corporate members through exhibition stands and presentations. 2016 saw the first conference organised jointly between the Corporate Information Systems Group and the Project and Change Management Group. Feedback from the event was extremely positive and highlighted the benefit of bringing different specialist groups together;
  • Running seven webinars covering topics as diverse as data security and cloud based applications. We recognise that not everyone can afford the time to travel and will be looking to continue offering occasional webinars throughout 2017.
  • Recognising the excellent work that takes place in our member institutions through the Award for Excellence. The Award always attracts entries covering a wide range of topics. 2016 was no different with the Award going to the University of St Andrews for their apprentice scheme;
  • Publishing case studies to supplement the 2016 Technology Enhanced Learning Survey and the 2015 Digital Capabilities Survey;
  • Publishing a best practice guide for Establishing Process Improvement Capability in a higher education environment;
  • Awarding bursaries for individuals within the UCISA membership to attend a wide range of conferences and update the community on the practices highlighted.

We have conducted a number of surveys to allow our members to benchmark themselves against their peers, and to establish the level of maturity of activity within the sector. In addition to the annual Higher Education IT Statistics and Corporate Information Systems survey, this year we:

  • Published the results of the eighth survey on Technology Enhanced Learning. The results from previous surveys have been presented to audiences across the world;
  • Carried out the second Service Desk Benchmarking survey in collaboration with the Service Desk Institute and TopDesk;
  • Discussed ways of benchmarking IT departments in institutions internationally with our partner organisations across the globe.

The list above highlights just some of the work that our Committees and the UCISA Office has carried out on behalf of our members. A more formal annual report will be published in the New Year and presented at the Association’s AGM at the UCISA17 Conference at Celtic Manor on 9 March.

2017 promises to be another challenging year. The Government’s plans for Brexit will be published and the process to leave the EU will begin. UCISA will monitor developments and provide access to information and guidance as the process begins. The Higher Education and Research Bill will pass through Parliament and bring with it changes in the governance structure for higher education in England. UCISA will provide guidance for institutions beginning to implement the changes required for when the GDPR becomes law in the 2017-18 academic year. And that is all in addition to the normal tasks of deploying systems to enhance teaching and learning, to improve the student experience and to facilitate research and manage the data and outputs associated with it. We recognise that many of these challenges require a collaborative approach. We will continue to work with Jisc, with our sister professional associations both within the UK and abroad, and with our growing corporate membership.

I should like to take this opportunity to remind you that bookings are open for the UCISA17 Conference in March. Bookings are also open for three other events taking place in the first half of the year.

Finally, thank you for your support in 2016. I wish you, on behalf of the UCISA team, all the best for Christmas and the New Year.

Peter Tinson
Executive Director
21 December 2016

GDPR – Understanding Penalties, Fines and Liabilities

In his second post, Craig Clark, Information Security and Compliance Manager at the University of East London, looks at the interpretation of Article 83 of the General Data Protection Regulation.

GDPR – Understanding Penalties, Fines and Liabilities

Introduction

The introduction of the General Data Protection Regulations (GDPR) has been dominated in the main by one topic – what fines organisations could face if they are found to have breached the GDPR by a supervising authority which in most cases for the UK will be the Information Commissioners Office (ICO).
Many media outlets have been quick to leap on the fact that the maximum fine for non-compliance is €20,000,000 or 4% of global annual turnover, whichever is higher. However in the haste to report this, many commentators have forgotten to clarify that this is the maximum fine. Below, I have attempted to breakdown the conditions for imposing administrative fines and show there is a bit more to it.

Understanding the Fining Structure

The GDPR has been designed to ensure that organisations take the appropriate measures to protect personal data against the risks of loss in the 21st Century. For organisations that fail to meet the requirements, the GDPR allows the supervising authority to take a range of actions including:

  • Issue warnings;
  • Issue reprimands;
  • Order compliance with Data Subjects requests;
  • Communicate the Personal Data breach directly to the Data Subject.
  • In addition to the above the supervising authority have the power to impose administrative fines that will in each case be effective, proportionate, and dissuasive.

    There are two tiers of administrative fine that can be imposed. The maximum fine for the first tier is €10,000,000 or in the case of an undertaking up to 2% of total annual global turnover (not profit) of the preceding financial year, whichever is greater. The second tier maximum is €20,000,000 or in the case of an undertaking up to 4% of total annual global turnover (not profit) for the preceding financial year whichever is greater. The fines within each tier relate to specific articles within the Regulation that the controller or processor has breached. As a general rule, breaches of an obligations by controllers or processors will result in a fine within tier one, while breaches of a data subjects rights and freedoms will result in a fine within tier two.

    Question: Does your organisation understand what articles of the GDPR relate to a tier 1 or tier 2 fine?

    How will Fines be Determined?

    The GDPR is clear that in order to ensure any fine is proportionate, a range of factors will be assessed by supervisory authorities when investigating organisations that breach the GDPR.

    Of key importance will be the nature, gravity, duration and the character of an infringement. It is also worth noting that actions taken by the controller or processor to mitigate any damage suffered by data subjects, along with the degree of responsibility for the technical and organisational measures implemented by Controllers and Processors to prevent the breach occurring will be considered during an investigation.

    The Regulation also allows supervising authority to take on a holistic approach to an investigation and consider factors such as infringement history including previous correction notices, level of co-operation, the categories of personal data affected, the manner in which the breach became known and was reported, the level of adherence to approved codes of conduct or certification mechanisms and any other aggravating or mitigating factors.

    Minimising Fines

    It is logical to suggest that an organisation which demonstrates they have a positive approach to ensuring security, with a range of technical, management and operational controls will receive a lower fine then an organisation that takes no measures, or blatantly disregards its obligations under GDPR. It is also worth noting that the Information Commissioner has made it clear that in terms of incident reporting, organisations that proactively report breaches will be given more credit than organisations who do not report a breach that is then discovered by a 3rd party.

    Question: Does your organisation currently document breaches? If they do, how are these reported?

    In summary, organisations can significantly reduce the likelihood of receiving a maximum fine by establishing a culture that promotes information security best practices and an ethos centred on protecting personal information. As we have seen with the results of the TalkTalk breach, the ICO is now entering a new phase of exploring the upper limits of the monetary fines available to them. It is highly likely that this current trend will continue into 2018 meaning that GDPR compliance should be high on the list of 2017 objectives for organisations that fall within its scope.

    A rocky road ahead…

      “Times of unprecedented change”

      “Challenging economic climate”

    Looking back at a number of the reviews of the political landscape that I’ve written over the years, the two phrases above appear with almost monotonous regularity. And they are just as appropriate today as they have been in previous years. However, what is new is that before both the direction of change and the reasons for the economic challenges were known. The big difference today is that result of the referendum on 23 June has thrown uncertainty into the mix. Uncertainty, not just in the higher education sector, but across the whole country as the process to leave the EU begins.

    The Government have sought to reduce some of the uncertainty by guaranteeing that EU students that are currently studying in the UK and those that will begin their courses in the coming years will continue to receive funding for the duration of their courses. Similar guarantees have been made for Horizon 2020 research funding. However, what is not clear is what the impact of Brexit will be on the future recruitment of students from the EU or on research funding. It is unlikely to be good news.

    The current analysis is that the Government appears to be favouring a hard Brexit with tighter controls on immigration. The dominance of immigration as an issue in the referendum campaign and subsequent policy has been reflected in the statements from the Home Office suggesting further clampdowns on international students. Regardless of the actual policy that emerges, the rhetoric is damaging – a fall of 10% in the numbers of Indian students is evidence of that. It was not by accident that the Indian Prime Minister linked trade agreements with relaxation of visa requirements but although Theresa May stated that talented workers would be welcome, her response regarding students was lukewarm at best. It would appear that the lady is not for turning.

    This is all set against the rather gloomy background of HEFCE’s assessment of the financial health of English universities released this week. The picture is likely to be similar in universities in the other countries of the UK. The forecast, made before the referendum, suggests falling levels of surpluses (and in some cases significant deficits), more borrowing and falling levels of cash reserves. The report notes that universities were looking for an increase of fee income from overseas students (of close to 30%), and for growth in home and EU students of over ten per cent by the 2018/19 session. In the current circumstances it is unlikely that either will materialise; a period of budgetary constraint will be the consequence. This will place an even greater emphasis on efficiencies and effective use of data in planning.

    The Higher Education and Research Bill (HERB) is entering the Report stage before its third reading in the House of Commons. The Bill has seen a number of amendments as it has passed through the Committee stage but these have not radically changed the direction of the Bill. The Bill advocates the abolition of the English Funding Council (HEFCE) and the establishment of the Office for Students (OfS). The importance of the role HEFCE play in monitoring the financial health of the sector has been recognised in an amendment that proposes this role transfers to the OfS.

    There is a great deal of focus on the Teaching Excellence Framework (TEF), particularly the link to fee increases. Although the TEF will initially apply to English universities, similar measures in the past have been adopted by the other countries in the UK so it would not be a surprise if in future years the TEF becomes applicable to all UK institutions.

    The governance arrangements for higher education are also changing. In addition to HEFCE’s transformation into the Office for Students (and universities moving under the Department for Education), there are reports of the Welsh funding council being absorbed into a new Tertiary Education Authority and of the Scottish Funding Council being merged into a ‘super-quango’ with a number of other bodies. Both add to the uncertainty in the sector.

    Finally one change that we do know about is that the UK will be implementing the EU General Data Protection Regulation before we leave the EU. Although much of the focus has been on the scale of the fines for breaches, GDPR represents an opportunity for organisations to improve their data and its management. UCISA has set up a website to highlight resources and activities that inform and support our members in their implementation of the Regulation.

    There are difficult and challenging times ahead. Universities will need to make good use of the data they have to try and predict the effect of changes and plan accordingly. They will need be more agile to deal with the changes that are known as well as those that are yet to emerge. The sector has been resilient at times of uncertainty in the past and many will see opportunities to reshape their offering and operating model to adapt to the new environment. IT will be at the hub of that change.

    EU-GDPR: Using the fear stick is missing an opportunity

    The General Data Protection Regulation is scheduled to come into force in May 2018. As it will be EU Law before the process to leave the EU is completed, it will be one of the pieces of legislation that will roll over into UK law. In this article that was first published on LinkedIn, Craig Clark, Information Security and Compliance Manager at the University of East London, highlights the opportunities GDPR presents.

    For those that have worked in privacy for a long time, the path towards the final draft of the General Data Protection Regulation has been incredibly long (2011) and at times frustrating. Now that the count down is well underway, CIO’s, Information Security types and those in IT or legal functions seemingly can’t escape the barrage of GDPR related content on their news feeds and meeting agendas.

    I have kept a close eye on how the GDPR compliance issue is being pitched by vendors, lawyers and GRC consultants and in an overwhelming number of cases the key point they want to drive home is the increased penalties for non compliance – usually with a headline similar to : IF YOUR ORGANISATION DOES NOT COMPLY WITH THE GDPR THEY COULD BE FINED €20 MILLION!

    While this is technically correct it is entirely misleading, not least because the next line should read (or 4% of annual global turnover, whichever is higher). The GDPR is about much more then penalties, fines and liabilities. While one of the core aims is to enhance the protection of Data Subjects with an significant increase in their rights, there are many potential benefits for organisations. The problem is that by leading with a large negative, there is a serious risk that the advantages the Regulation offers are going to be overlooked.

    Lets take a look at some key advantages:

    Improved Records Management

    Perhaps the most obvious benefit is that the GDPR presents an opportunity to explore and refresh how you gather, store, and use and delete data. This is a chance to unleash real business value out of all that personal information you currently curate, often, at the moment, for no other reason than because it is there. This leads to huge costs of storing unnecessary data and the complex challenge of now trying to unravel what they need to store for business purposes. By employing data minimisation, and ensuring that data subjects data can be kept up to date as a matter of design, organisations could benefit from:

  • improved efficiency in customer interactions
  • reduced data storage costs (electronically and physically)
  • less wasteful marketing campaigns that use out of date information
  • lower security risk due to less personal data on file
  • lower likelihood of regulatory intervention
  • Development of Trust

    For many organisations trust is the hardest virtue to instil in its customers and the first thing to be lost when things go wrong. If we take the TalkTalk data breach as a classic example, their customer base significantly reduced in the immediate aftermath of the data breach and despite major changes to their Information Security practices, this has had a significant impact on their customer numbers and subsequently the forecasts they can make about future performance. Quite simply people no longer trust them.

    By mandating the need for improved security and reporting organisations have the opportunity to show that they take the security of customers data seriously. After all without that data, what would the business be? By actively demonstrating a willingness to comply with and embrace GDPR organisations will demonstrate a strong commitment to their customers and keep them coming back, protecting and growing the organisational brand.

    Improved Operational Effectiveness

    One of the most positive aspects that can be taken from GDPR is that it allows business to fully champion a risk-based approach to Information management. This means that whilst the rules are the same for everyone, how these rules are applied will largely be up to the organisation to decide depending on the level of risk that a given data activity presents for people’s privacy. Many of the obligations in the GDPR can be implemented in varying degrees depending on the risk appetite. This means that organisations can choose to implement procedures and practices based on their business and the level of privacy they need to provide, rather then implementing procedures for the sake of it. This could be regarded as a source of uncertainty for the C-Suite but in practice, the risk-based approach is what will make the GDPR not only effective but fair.

    Pulling it Together

    Once an organisation has looked past the headlines and begins to scope out how they are going to achieve compliance, the obvious question is “Where do I start?” Make no mistake, GDPR compliance will be complex for medium to large enterprises but there is a path through it. One of the first things organisations should look at is the ICO document 12 steps to take now. This guide will allow organisations to being planning and feeding in their specific requirements. Once the initial plan is outlined it is my view that the smoothest path to compliance is to integrate a Personal Information Management System (PIMS) into the current business model. For organisations that utilise an Information Management System (ISMS) such as ISO27001 this will be familiar territory. For those that do not, the current PIMS standard in the UK is BS10012:2009 however BS10012:2016 is being rewritten to include the requirements of the GDPR. Implementing this standard will allow an organisation to benchmark personal information management practices with recognised best practice. Crucially, it will also allow organisations to produce auditable evidence on their data privacy practices and go a long way to satisfying the Information Commissioners Office that organisations take on board that data privacy is no longer ‘best efforts’.

    New Prevent guidance – challenges and considerations

    Last month saw HEFCE issue a revision of their framework for monitoring of the Prevent duty in higher education institutions in England. The revised framework places a clear onus on institutions to evidence that they have followed due process when considering their Prevent duty. Further it is worth considering the Prevent duty and the implications of the monitoring requirements when reviewing institutional policies.

    Although the HEFCE Framework has been updated, the Home Office guidance underpinning it has not altered since the initial framework was published. Paragraph 27 of Home Office guidance states the there is an “expectation that institutions will have policies around general usage […] we would expect these to contain specific reference the statutory duty”. It is pleasing to see that the Advice note (also updated) that accompanies the updated Prevent monitoring framework points to the UCISA Model Regulations and the suggested amendment to accommodate the Counter Terrorism legislation.

    Paragraph 27 goes on to state that institutions “should consider the use of filters” as part of their overall strategy to prevent people from being drawn into terrorism. The HEFCE framework places more emphasis on the need “to consider” by directing providers to provide specific comment on “their approach to web filtering in relation to the Prevent duty, particularly where a decision has yet to be taken at the time of the provider’s previous submission to HEFCE”. The Advice note asks “What factors were taken into account when considering whether and how to use filtering to limit access to harmful content? Has a final decision been taken on web-filtering and how has this been reflected in IT policies and communicated to staff?” (interestingly the framework doesn’t ask for evidence on how it has been communicated to students). What is important is that institutions should take a risk based approach to assessing whether or not they should implement filtering and use the conclusion from those discussions in their evidence to HEFCE.

    So what are the potential impacts on policies (and in this regards, the regulations on the use of IT facilities and the network should be regarded as policy)? If there is no filtering then it needs to be clear in the regulations (for both staff and students) that the network is monitored and that any research that may access material of an extremist nature will require specific approval (for example, through a research ethics committee). That approval is still needed if filtering is in place but in that instance it will be required in order for IT service departments to have authority to turn filtering off for given individuals or research groups. There remains a concern that if there is a public statement to the effect that filtering has been turned on, those of inquisitive mind will look at ways of circumventing it and those who are at risk of being drawn into extremist activities will seek other ways of accessing such material.

    Finally the Advice note suggests that HEFCE is looking for further evidence of IT policies to provide oversight of websites and social media output across the institution, asking about arrangements for managing both institution’s ‘branded’ websites and social media and for student union (and their societies) websites and social media to ensure that they are not used to promote extremist materials or activities. A blend of approaches is probably needed here. The regulations for use of institutional IT facilities should give adequate coverage for institutional websites – they are likely to be established using institutional resources and maintained by institutional staff. If not, then it may be necessary to include specific Prevent related conditions into contracts where website content is maintained externally. There need to be named individuals (or groups of individuals) with responsibility for officially sanctioned social media accounts who will be bound by the regulations (as outlined in the Social media for staff legal checklist published by Jisc and included in the UCISA Social Media Toolkit). It may be necessary to come to separate arrangements for Students’ Union – they are often separate legal entities and their services may not be hosted by the institution. In these instances, there may be reliance on clauses relating to bringing the institution into disrepute to take action against an individual (which may or may not be an IT regulation issue) or specific agreement (such as within a tenancy agreement) with the Student Union to ensure monitoring takes place.

    Peter Tinson
    Executive Director
    UCISA

    Scotland and Brexit

    I attended a seminar last week considering the impact of the Referendum result in Scotland. As UCISA is a UK wide organisation it is important to understand the range of views across the UK and the potential impacts on the devolved nations. In Scotland, along with Northern Ireland, the majority cast their votes in favour of remaining in the EU. Nicola Sturgeon has made the Scottish Government view clear – they wish the majority view in Scotland to be respected and for Scotland to remain in the EU. To what extent that can be achieved isn’t clear, partly because the new cabinet at Westminster is still defining its approach to leaving the EU.

    The lack of clarity stems from before the referendum. There was no White Paper to outline the proposed action in the event of a vote to leave – this contrasts with the approach taken with the Scottish independence referendum where options for both outcomes were known. Further it has become evident that there were no plans or contingencies for a leave success. It isn’t clear how the exit will be triggered or who needs to be consulted – and this might not be clear until a number of legal challenges have been addressed later in the year. Finally, the notion of leaving the EU means different things to different people – there remains a great deal of negotiation between constituents within Government for a clear picture to emerge.

    What are the options for Scotland? Given that there appears to be reluctance to hold a further referendum on independence, it will probably be limited to trying to influence a move to a least worst option. David Davies, in his address to Parliament on 5 September, stated that the devolved administrations would have an important role to play (but that they would have no veto). So Scotland will need to lobby hard for a softer Brexit with continued access to free trade against the hard line Brexiteers within the UK Government. An alternative might be for Scotland to build stronger relationships with the EU post exit in certain areas such as agriculture or higher education. However, this may require a further Scotland Act to devolve more powers to Holyrood in order to be achievable. A further option could be for Scotland and Northern Ireland, as the two nations within the UK that voted to remain, to take over the UK’s EU membership but the constitutional challenges that would present within the UK makes that extremely unlikely.

    The result of the Referendum on June 23 will have an immediate impact even before negotiations begin. The demands placed on the Civil Service to inform the negotiations and manage the process will cost, both financially and in terms of time spent away from business as usual. So it may be prudent for those organisations that receive direct or indirect Government funding to budget for a reduction in income. Further, it may mean that some issues that might have occupied parliamentary time will be pushed further down the queue.

    So what will be the impact on higher and further education in Scotland? Whilst education remains a priority for Holyrood, it is way down the list in the Westminster Government’s Brexit considerations and it will be some time before the full impact is understood. The risk to research through the loss of EU funding and collaboration opportunities is well documented. In the short term, there is the risk of further reduction in central funding and a risk to student numbers. Brexit has given added impetus to the Home Office perspective on international students and the potential damage to applications from beyond the EU. EU student numbers may also decline amidst the uncertainty.

    UK universities and their representative bodies will need to be effective in lobbying and influencing Government over the coming months and years. In the short term this will be needed to remove uncertainty (for example, reassuring EU students applying now for 2017 that their fees won’t rise during their course); longer term it will be needed to ensure the continued global success of the sector. What is clear is that the uncertainty means that universities will need to plan for a range of potential scenarios – the need for quality data and systems to support this has never been greater.

    (Previously published on Peter Tinson’s blog page)

    Cloud services mini-toolkits

    There is increasing use of cloud-based services in Project and Change management, such as Trello, Skype and Doodle, often in conjunction with Google Apps. The PCMG Committee has developed a range of mini-toolkits to help people use these services more effectively:

    These have been made available through Google docs to allow downloading for local use and for colleagues to suggest improvements and so keep the documents current and relevant. Our thanks to the University of Sheffield for their initial work in developing these documents.

    Posted on behalf of Simon Geller, Joint Vice-Chair UCISA Project and Change Management Group

    The current environment

    The run up to the General Election in 2015 saw very little in the form of legislation and little change in the sector. The year since has been far busier with the publication of the Green Paper Teaching excellence, social mobility and student choice, the introduction of the Counter Terrorism duty on higher and further education institutions (the PREVENT duty), the drafting of the Investigatory Powers Bill and consultations on the information provided to students and the HESA Data Futures programme. The proposals within the Green Paper require refinement – it is not clear what the impact will be on institutions and it is anticipated that there will be further consultation during 2016. Although the Paper only applies to higher education in England, it is probable that a number of the measures proposed will also be introduced in time in the other countries of the UK.

    The publication of the Green Paper in November demonstrated that the Westminster Government is looking to shape the English Higher Education sector rather more than it has in the past with emphasis on teaching excellence, better information for students and widening participation. The Green Paper contained little detail and it is not clear how soon detailed proposals will be presented. The BIS Select Committee, whilst welcoming the approach in principle in its recent report, urged caution over the pace of implementation, noting that the second stage of the Teaching Excellence Framework “should only be introduced once Government can demonstrate that the metrics to be used have the confidence of students and universities”. The Green Paper also noted that universities needed to be more accountable for how student fees are spent. This reflects a theme first visited in a Private Members Bill tabled by Heidi Allen, Conservative MP for South Cambridgeshire so it is perhaps not surprising to see elements of her proposals feature in the Green Paper.

    Despite the emphasis on a light touch approach, it is evident that universities and colleges will need to make effective use of data in order to meet the anticipated requirements of the Green Paper. There are a number of other developments that will place similar demands on our institutions. The HESA Data Futures programme is seeking to redesign and transform the collection of student related data. The programme is in its early stages with a recent procurement to appoint an organisation to design and deliver the future business process, technology and application architecture. UCISA will continue to ensure that suppliers of student records systems are engaged with this initiative. Further, the Higher Education Commission’s report From Bricks to Clicks notes that data analytics has the potential to transform the higher education sector, but cautions that UK institutions are currently not making the most of the opportunities in this area.

    There continues to be funding pressure on all UK higher education institutions. In Northern Ireland funding has reduced by 28% in real terms since 2010/11 leading to downsizing by the universities in the province. In Wales, a cross-party review of higher education funding and student finance arrangements is due to report in the autumn. Although funding cuts proposed by the Welsh Government have been rescinded, it is likely that there will be some rationalisation within the sector over the coming year. The Scottish Funding Council has also cut the level of funding with some institutions noting that continued cuts put “pressure on institutional viability”. In England, the introduction of competition has resulted in some big winners and losers – those institutions which have seen a fall in student numbers are now having to cut their cloth accordingly. In the Further Education sector, the outcome of the Area Reviews is expected to be mergers between further education colleges.

    There may be a lull in the development of policy as elections for new administrations in Scotland and Wales take place in May followed by the referendum on the UK’s EU membership in June. It remains to be seen if changes in the constituency of those Governments are reflected in changes in education policy. It goes without saying that a vote to leave the EU will also have a significant impact on universities and governmental policies. 2016 promises to be an interesting year.