We've put together our seven golden rules for protecting information, and protecting yourself.
Take a look at the explanations for each one, and then head back to the main Using and Protecting Information page to find out more about how to manage your information.
This information can also be found in the Protecting Information booklet, which is available in print format, or can be downloaded here:
Most data is lost through human error. Any loss of data can have significant financial and reputational implications for the University.
Think carefully about how you collect, handle and share data. See the information about the Information Classification Handling Scheme for more information.
This caution should be applied to all data, whatever its format (eg printed, electronic, hand written).
The Data Protection Act 2018 and UK GDPR place a number of requirements on us related to the handling of personal data.
Data stored in only one place is always vulnerable to loss or corruption.
Ensure your data is backed-up and is recoverable.
Ideally, use the networked filestores provided by the University or the University's Google Drive service to hold your data. For critical data, consider making multiple back-up copies in different secure locations.
Making a mistake when sending email is easy, but it can be a serious issue.
The most common way to lose control of confidential data is to email it to the wrong person.
There are three key questions you need to consider before you send:
Consider whether you should point the recipient to the document in a secure location (eg the University's Google Drive service or shared filestore) instead of sending an attachment.
Passwords are a critical part of your online identity and should not be shared.
They provide access not just to the network, but also to your email and networked filestores that may contain personal, sensitive or confidential information such as research data, student records, or salary information. Never share your password with anyone.
IT Services staff will never ask you to reveal your password by email, in person, or on the phone - neither should any other reputable organisation.
Don't use your University IT account password for any other services you use (eg Facebook, Twitter). This minimises the impact if your passwords to other services are discovered.
It can be a challenge to keep track of the different passwords required to access websites, services and systems, so we recommend using a password manager.
Find out more about password management on the IT Services website:
Google Mail's spam service stops most spam, phishing and other scam email from reaching your inbox. However, because scammers constantly change the messages they are sending, the first few messages sent in any run will get through. The messages may ask you to open an attachment, follow a link or reply with personal information. Be wary of any email or phone call asking you to share personal information - it may be a scam.
If in doubt about an email, contact the IT Support. If in doubt about a phone call, take the company name and end the phone call without giving out any details - you can check whether it’s genuine and call back if necessary.
If your computer, phone or other device gets lost or is infected with a virus, you can easily lose information.
To avoid losing your device, don’t leave it unattended. Always use a screen lock to minimise problems if it is lost.
To avoid virus infection, always keep software up to date, and ensure you have anti-virus protection.
When you're using your computer, you may see pop-ups asking you to install a new piece of software, accept a download, or similar. Stop and assess what you're being asked to do - if you say no now, you can always change your mind later.
If you are using any device (eg a phone, laptop or tablet) to store or share confidential data, it must be encrypted in case of loss or theft.
Encryption is an important tool to help you protect confidential data.
For advice, please see:
To arrange to have your laptop encrypted, please contact the IT Support.
When online, treat others as you would in person. Ensure that the language and tone of all communications are appropriate.
Do not post or publish anything that could be offensive or bring the University's name into disrepute. Remember that emails or documents containing personal data may be requested by the individual concerned as a Subject Access Request under the Data Protection Act 1998.
Staff and student disciplinary procedures may be invoked in cases of inappropriate use. If illegal activities are found, external law enforcement agencies will become involved.