Monthly Archives: December 2016

Review of the year

In what has been an extremely turbulent year UCISA, through the work of its Executive, its Groups and the UCISA Office, has sought to address the needs of our community in these uncertain times. Brief highlights of this work are given below.

UCISA’s work continues to be cited and our expertise sought by others:

  • The report from the Science and Technology Committee of the House of Commons into the technology issues of the Investigatory Powers Bill reflected the concerns expressed in UCISA’s response about the scope and cost of implementation of the Bill. Now the Bill has been passed by both Houses of Parliament, UCISA will be looking at the implications for UK universities and colleges;
  • UCISA’s Model Regulations and suggested amendment to accommodate the Counter Terrorism legislation were referenced in the Advice Note accompanying HEFCE’s revised framework for monitoring the Prevent duty in higher education institutions in England. UCISA will continue to review guidance and recommendations to ensure that it meets the needs of both the legislation and the sector, and is effective and proportionate;
  • UCISA was represented on the Advisory Board for the Higher Education Data and Information Improvement Programme (HEDIIP) and is represented on both the Programme and Advisory Boards for the HESA Data Futures Programme;
  • UCISA continues to have representation on the UCAS Council.

We have provided advice and guidance to our members through:

  • The provision of an online Information Security Awareness Training course free to our Full members. The course can be downloaded free of charge from the UCISA website as a zipped SCORM 1.2 package which may then be imported into a VLE. We are currently reviewing an updated version of the course and expect to make an announcement on its availability early in the New Year;
  • The UK Higher Education Learning Space Toolkit, a collaboration between UCISA, AUDE and SCHOMS, our sister organisations for Directors of Estates and Media Services staff, was published in February. The Toolkit provides guidance for Audiovisual, IT and Estates teams and demonstrates why the provision of excellent learning spaces should be a strategic, institution wide concern. UCISA are collaborating further with SCHOMS, AUDE and a number of other organisations to develop case studies based on the Toolkit content;
  • The Effective Benefits Management for IT and Business Change Projects Toolkit provides an overview of the principles behind achieving Benefits Realisation and tools for use in projects;
  • The Government has advised that General Data Protection Regulation (GDPR) will become law in the UK in May 2018 as planned. We published a number of pieces on the regulation and will be publishing a briefing paper on the implementation of the GDPR in 2017.

In 2016, we have promoted the sharing of good practice through:

  • Running seven face to face events including five multiday conferences, all of which were fully booked. Every event, bar one, included participation from our corporate members through exhibition stands and presentations. 2016 saw the first conference organised jointly between the Corporate Information Systems Group and the Project and Change Management Group. Feedback from the event was extremely positive and highlighted the benefit of bringing different specialist groups together;
  • Running seven webinars covering topics as diverse as data security and cloud based applications. We recognise that not everyone can afford the time to travel and will be looking to continue offering occasional webinars throughout 2017.
  • Recognising the excellent work that takes place in our member institutions through the Award for Excellence. The Award always attracts entries covering a wide range of topics. 2016 was no different with the Award going to the University of St Andrews for their apprentice scheme;
  • Publishing case studies to supplement the 2016 Technology Enhanced Learning Survey and the 2015 Digital Capabilities Survey;
  • Publishing a best practice guide for Establishing Process Improvement Capability in a higher education environment;
  • Awarding bursaries for individuals within the UCISA membership to attend a wide range of conferences and update the community on the practices highlighted.

We have conducted a number of surveys to allow our members to benchmark themselves against their peers, and to establish the level of maturity of activity within the sector. In addition to the annual Higher Education IT Statistics and Corporate Information Systems survey, this year we:

  • Published the results of the eighth survey on Technology Enhanced Learning. The results from previous surveys have been presented to audiences across the world;
  • Carried out the second Service Desk Benchmarking survey in collaboration with the Service Desk Institute and TopDesk;
  • Discussed ways of benchmarking IT departments in institutions internationally with our partner organisations across the globe.

The list above highlights just some of the work that our Committees and the UCISA Office has carried out on behalf of our members. A more formal annual report will be published in the New Year and presented at the Association’s AGM at the UCISA17 Conference at Celtic Manor on 9 March.

2017 promises to be another challenging year. The Government’s plans for Brexit will be published and the process to leave the EU will begin. UCISA will monitor developments and provide access to information and guidance as the process begins. The Higher Education and Research Bill will pass through Parliament and bring with it changes in the governance structure for higher education in England. UCISA will provide guidance for institutions beginning to implement the changes required for when the GDPR becomes law in the 2017-18 academic year. And that is all in addition to the normal tasks of deploying systems to enhance teaching and learning, to improve the student experience and to facilitate research and manage the data and outputs associated with it. We recognise that many of these challenges require a collaborative approach. We will continue to work with Jisc, with our sister professional associations both within the UK and abroad, and with our growing corporate membership.

I should like to take this opportunity to remind you that bookings are open for the UCISA17 Conference in March. Bookings are also open for three other events taking place in the first half of the year.

Finally, thank you for your support in 2016. I wish you, on behalf of the UCISA team, all the best for Christmas and the New Year.

Peter Tinson
Executive Director
21 December 2016

UK vs. US HE – Blockchain and student engagement

liz_ellis

 

 

Elizabeth Ellis
Product Development Manager
Learning Innovation, Learning and Teaching Solutions,
The Open University

Cross-pond impressions from EDUCAUSE 2016

EDUCAUSE 2016 in Anaheim was a really valuable and thought provoking experience, especially as a stranger in a strange land.  I’ve wanted to attend this conference for a long time – having been to ALT C a number of times and attended EDEN, this felt like it would provide me with a trifecta. Because of my role as a product development manager in Technology Enhanced Learning Innovation, I often find myself with a foot in both the technology camp and the pedagogy camp of learning and teaching (I don’t actually think they’re camps – I think they’re symbionts and crucial to students being successful in their higher education careers, but I digress).

I have attended other US-based conferences, and it’s always a bit of a culture shock. The sheer scale of EDUCAUSE was quite unnerving: 8000 colleagues from 1800 institutions across 46 countries. The queue for lunch was terrible.

The conference hashtag provided an invaluable backchannel for discussion and arguments, and is worth a visit (#EDU16). If you would like to see the day by day account of my experience, then do feel free to grab my notes. But this article is more a personal reflection on the three things that stood out for me from EDUCAUSE – where the US Higher Education sector is ahead, where the UK Higher Education sector is ahead, and where we are about level.

Where the US Higher Education sector is ahead

One of the most attended and talked about sessions was on ‘Why the blockchain will revolutionise credentials’. One of the speakers was Chris Jager from Learning Machine. A transcript is available from the link.

It struck me that the presentation and ensuing conversation about blockchain certifications was far more developed than the conversations that have happened locally to me at The Open University, or from what I have gathered in the UK sector. The work that the Knowledge Media Institute at the OU has been doing on blockchain is still in the realms of research and innovation, whereas the HE sector in the US appears to be already beginning to tackle the cultural shifts of implementation. The temperature on blockchain credentials in the sector is still lukewarm in places, with some claiming there is a fear that giving students control of their credentials may undermine those credentials. A more mercenary view is that HEIs are loathe to transition to blockchain certification as there is a market for transcripts and money to be made when students request theirs.

MIT’s Open Standards for Blockchain Certificates are being used, and the advent of interoperable standards represents a shift from idea to reality, and a new infrastructure of trust between students, institutions and employers. This is interesting when compared with criticism of the Open Badges movement, which employers have been fairly sceptical about. UK HEIs have made more use of badges, but predominantly in informal learning spaces or for soft skills.

Blockchain certification could be more compelling within the US HE sector, by virtue of its legacy of for-fee qualifications, and also the high degree of transfer between community, state and private colleges.

In the UK, with the recent advent of tuition fees, the onus has perhaps been less for more mainstream HEIs. However, The Open University has always charged a fee, and is also seeing an increase in student transfers both in and out of the institution. OU students are also more unconventional in routes through education and employment, and blockchain certifications could be a valuable string to the University’s bow.

In an article in the Times Higher Education magazine, Martin Hall points out that blockchain certifications ‘could be an effective way of providing Britain’s Advanced Apprenticeships, for which components of the programme have to be delivered by a number of organisations’. (THE, 28 November 2016)

In The Open University’s Innovating Pedagogy 2016 horizon scan, Blockchain has been identified as High Impact but with a long timescale (4 plus years). The US feels ahead in this particular game.

Full disclosure: I have become borderline obsessed with student engagement, partnership and co-creation this year. I have been co-administering and organising a student consultation and engagement panel, running Hack Days to get students involved in future developments, and generally trying to find ways to not only give our students more direct access to the creation of learning and teaching content and tools, but also to give the Open University’s academic and academic related staff more direct access to students eager to be involved in practical ways.

My colleague David Vince and I published a paper on our work on this in September, outlining our approach to involving students in Technology Enhanced Learning Innovation, referring to the key frameworks that underpin ‘student as partners’ and ‘students as change agents’ in UK HEIs, from Jisc, the Higher Education Academy, and covered in the Teaching Excellence Framework.

‘The Teaching Excellence Framework (TEF) is a catalyst to rethink the role of the student in modern Higher Education Institutions. The Higher Education Academy in the selection criteria for the National Teaching Fellowship defined personal excellence as ‘evidence of enhancing and transforming the student learning experience’ (HEA, 2015).

Part of teaching excellence should therefore be the proactive engagement of students in matters relating to their learning experience, beyond assessment outcomes. More recently within the higher education sector, engagement initiatives such as ‘students as partners’ and ‘students as change agents’ have emerged.

Students as partners is characterised by active student engagement and collaboration ‘[…] in which all involved – students, academics, professional services staff, senior managers, students’ unions and so on – are actively engaged in and stand to gain from the process of learning and working together. Partnership is essentially a process of engagement, not a product. It is a way of doing things, rather than an outcome in itself.’ (Healey et al., 2014)

Students as change agents sees students being actively involved in the change process. In 2015, Jisc launched the ‘Change Agents’ Network’ which is a ‘highly active community of staff and students working in partnership to support curriculum enhancement and innovation’. (Jisc, 2015)’

In two sessions during the conference where I would have expected a robust argument for the involvement of students in the design and implementation of educational technology, there was no mention from presenters, and even the floor seemed largely truculent about the idea when it was brought up.

Design Thinking Process: Edtech Adoption’, an otherwise useful session from Edsurge, didn’t refer at all to the importance of testing new tools and technologies with students in implementation, much less involve them during ideation.

It was a similar experience in the ‘Trends Spanning Education’ session, despite having a great quote – ‘Democratisation of education innovation, it’s starting to happen with people rather than to people’ – people in this sense appeared to be academic and institutional staff rather than students.

Several comments that emerged during out of conference conversations and the Twitter backchannel featured the kneejerk reaction of students not knowing what they need, a conversation that has evolved now in the UK to understanding the balance between need, want and institutional responsibility towards them.

Some US colleagues talked about consultancy processes that include students, but there does not appear yet to be the drive to formalise student partnership as an approach. The emphasis is on institutional collaboration and partnership for student success, rather than partnership in the sense of student engagement as co-creators and co-owners of their learning experiences.

Where the UK and US Higher Education sectors are about level

Almost as soon as I hit the pre-meetings and the Twitter backchannel at EDUCAUSE the term NGDLE started to permeate. Not a new term, certainly, but Next Generation Digital Learning Environments as a concept suddenly seemed to be everywhere. And then I returned home and almost immediately fell in with an online consultation activity being coordinated by Lawrie Phipps, senior co-design manager at Jisc, using a combination of Twitter and blogs, on what NGDLEs and by extension co-creation could mean for the future of learning and teaching.

It also corresponds closely with my work, which is focused heavily on digital learning environments, as well as student engagement in learning and teaching tools and platforms development.

The UK and US higher education sectors appear to be level on this concept, as the discussion moves further way from current vendors and current platforms and tools, and more towards the use of technology in its purest sense for the furthering of learning and teaching, and how students are both key users and contributors in that space.

The key questions for me around this important and innovative concept are:

  • What does next generation mean for online and distance education, and what does it require of it?
  • How can NGDLEs be a vehicle for the best parts of online and distance education: the open web, co-creation, student engagement, technology, and digital capability?
  • What does student success look like in a NGDLE?
  • What do NGDLEs signify about innovation in online education?
  • How is the Teaching Excellence Framework creating a space for NGDLEs and how is it restricting it?

None of which I have any answers for yet, but I’m enjoying the conversation, and it’s allowing me the space to stop and consider the opinions of colleagues, the layering of experiences over my own, and generally the ongoing realisation of that best part of attending conferences: being part of a community.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

A version of this blog post originally appeared on the Learning Innovation blog

GDPR – Understanding Penalties, Fines and Liabilities

In his second post, Craig Clark, Information Security and Compliance Manager at the University of East London, looks at the interpretation of Article 83 of the General Data Protection Regulation.

GDPR – Understanding Penalties, Fines and Liabilities

Introduction

The introduction of the General Data Protection Regulations (GDPR) has been dominated in the main by one topic – what fines organisations could face if they are found to have breached the GDPR by a supervising authority which in most cases for the UK will be the Information Commissioners Office (ICO).
Many media outlets have been quick to leap on the fact that the maximum fine for non-compliance is €20,000,000 or 4% of global annual turnover, whichever is higher. However in the haste to report this, many commentators have forgotten to clarify that this is the maximum fine. Below, I have attempted to breakdown the conditions for imposing administrative fines and show there is a bit more to it.

Understanding the Fining Structure

The GDPR has been designed to ensure that organisations take the appropriate measures to protect personal data against the risks of loss in the 21st Century. For organisations that fail to meet the requirements, the GDPR allows the supervising authority to take a range of actions including:

  • Issue warnings;
  • Issue reprimands;
  • Order compliance with Data Subjects requests;
  • Communicate the Personal Data breach directly to the Data Subject.
  • In addition to the above the supervising authority have the power to impose administrative fines that will in each case be effective, proportionate, and dissuasive.

    There are two tiers of administrative fine that can be imposed. The maximum fine for the first tier is €10,000,000 or in the case of an undertaking up to 2% of total annual global turnover (not profit) of the preceding financial year, whichever is greater. The second tier maximum is €20,000,000 or in the case of an undertaking up to 4% of total annual global turnover (not profit) for the preceding financial year whichever is greater. The fines within each tier relate to specific articles within the Regulation that the controller or processor has breached. As a general rule, breaches of an obligations by controllers or processors will result in a fine within tier one, while breaches of a data subjects rights and freedoms will result in a fine within tier two.

    Question: Does your organisation understand what articles of the GDPR relate to a tier 1 or tier 2 fine?

    How will Fines be Determined?

    The GDPR is clear that in order to ensure any fine is proportionate, a range of factors will be assessed by supervisory authorities when investigating organisations that breach the GDPR.

    Of key importance will be the nature, gravity, duration and the character of an infringement. It is also worth noting that actions taken by the controller or processor to mitigate any damage suffered by data subjects, along with the degree of responsibility for the technical and organisational measures implemented by Controllers and Processors to prevent the breach occurring will be considered during an investigation.

    The Regulation also allows supervising authority to take on a holistic approach to an investigation and consider factors such as infringement history including previous correction notices, level of co-operation, the categories of personal data affected, the manner in which the breach became known and was reported, the level of adherence to approved codes of conduct or certification mechanisms and any other aggravating or mitigating factors.

    Minimising Fines

    It is logical to suggest that an organisation which demonstrates they have a positive approach to ensuring security, with a range of technical, management and operational controls will receive a lower fine then an organisation that takes no measures, or blatantly disregards its obligations under GDPR. It is also worth noting that the Information Commissioner has made it clear that in terms of incident reporting, organisations that proactively report breaches will be given more credit than organisations who do not report a breach that is then discovered by a 3rd party.

    Question: Does your organisation currently document breaches? If they do, how are these reported?

    In summary, organisations can significantly reduce the likelihood of receiving a maximum fine by establishing a culture that promotes information security best practices and an ethos centred on protecting personal information. As we have seen with the results of the TalkTalk breach, the ICO is now entering a new phase of exploring the upper limits of the monetary fines available to them. It is highly likely that this current trend will continue into 2018 meaning that GDPR compliance should be high on the list of 2017 objectives for organisations that fall within its scope.