Internal, open access

Processing personal data and sensitive information off campus or on an external network

In order to ensure that it complies with the Data Protection Act 1998 and also that sensitive information is protected from unauthorised access, dissemination, alteration or deletion, the University has a policy on processing personal data and sensitive information off campus or on an external network, the Encryption Policy (PDF-369KB). It complements and supports the existing Data Protection Policy (PDF-181KB) and Data Protection Guidelines .

The policy applies to all University staff who process sensitive information off campus or on external networks. It covers the use of mobile devices (e.g. laptops, tablet computers, smartphones), portable storage media (e.g. memory sticks or CDs), remote computers, or other forms of communication (e.g. email).

Failure to comply with this policy may expose the University, its staff or students to risks including fraud, identity theft and distress, or damage the University's reputation and its relationship with its stakeholders, including research funders. The Information Commissioner can also impose monetary penalties of up to £500,000 on the University for breaches of the Data Protection Act 1998.

Policy statement

'If medium and high risk personal data or sensitive information is to be processed off campus or on an external network then it must be stored and transmitted in encrypted form.'

These terms are defined in the policy, together with some examples of medium and high risk personal data and sensitive information.

Guidance

Guidance to staff in how to adhere to this policy is given in the following sections:

  • How to encrypt:

- Files

- Storage (forthcoming)

- Memory/USB sticks

- Hardware devices (forthcoming)

 

Things to do now

Contact IMPS

Page navigation

 

Search Form

A-Z lists