Internal, open access

Working from home

This guidance applies to all staff who work from home either occasionally or as part of their contract.

The Freedom of Information (FOI) Act, Environmental Information Regulations (EIRs) and Data Protection (DP) Act give the public rights of access to information held by the University; this right of access includes information on the University's main sites, for instance at Whiteknights campus and London Road, but it also covers information held by staff at home.


Freedom of Information (FOI) and the Environmental Information Regulations (EIRs)

Staff working at home should:

  • Be aware that all information held as part of your employment with the University falls within the scope of FOI and the EIRs, either paper or electronic
  • Be prepared to retrieve all relevant information subject to a FOI/EIR request, within a reasonable time in order that the University can meet the statutory 20 working day deadline for responding
  • Be aware that FOI and EIRs cover all media and formats, including both electronic and paper. This means that electronic files on your computer, manual records that you take home with you and even records held by portable devices, such as memory sticks or laptops, all fall within scope of the Acts
  • Have undertaken FOI/EIR training: Freedom of Information online course.

In accordance with the University's guidelines on accessibility this online training module is also available as a PDF: .


Data Protection (DP)

Staff working at home should:

  • Ensure that any processing they undertake is covered by the University's data protection policy
  • Take 'reasonable measures' to protect the information at home from unauthorised loss, access or amendment. Unauthorised access to University information can cause reputational, commercial and competitive damage
  • Follow ITS guidance to ensure security, including:
    1. Accessing Remote Drives and using the Virtual Protocol Network (VPN)
    2. Anti-Virus software and what you need to know
    3. More Help - PC Security which gives advice on using anti-malware
    4. which gives guidance on encryption
    5. Installing/Configuring a Firewall
  • Check the Guidance on Remote Working (PDF-68KB) sometimes known as the "Dos and Don'ts of Homeworking"
  • Have measures to avoid unauthorised access to the personal data, for instance good password practice; this includes unauthorised access by family members
  • Consider what practical measures are needed to ensure the home environment is secure, ie not leaving papers in household areas where disclosures can take place
  • Take precautions against theft and loss, particularly on the journeys to and from work
  • Assess the risk involved with the loss of personal data, particularly sensitive personal data, by addressing the following questions (contact IMPS for guidance):
    1. How serious would the consequences be if someone gained unauthorised access to this information?
    2. How likely is it that someone could gain access to this information?
    3. What security procedures and measures are in place and are they appropriate?
    4. If not, what is the cost of implementing appropriate security procedures and measures
  • Take security precautions that are proportionate to the sensitivity of the data held. For instance, anonymised personal data with a low level impact on privacy will need less security protections than sensitive personal data, ie personal information that concerns health (mental or physical), sexuality, political opinions, alleged offences, racial/ethnic origins or religious beliefs. It may be commensurate to encrypt laptops/files if you are processing sensitive personal data
  • Have undertaken Data Protection training: Data Protection online course.

In accordance with the University's guidelines on accessibility this online training module is also available as a PDF: .


Records Management

The 'master copy' of the information should be stored at the University, not at home, because:

          • Information stored on University's corporate systems is secure
          • Anyone who needs to refer to the information can be sure it is the most up to date
          • Enables quick response to requests under DP, FOI or the EIRs
          • Loss of this information could have serious repercussions for the University
          • If the official University record is held somewhere other than at the University, ie at an employee's home, it may not be able to be recovered, and this could affect business continuity

Follow the good practice on records management:

  • Name files, electronic and paper, in a way that is meaningful to your colleagues and easy to electronically order and retrieve.

For example, when using dates in the name of a file concerning committee papers consider using the reverse naming convention to make it easier to sort large numbers of files:

'20070401_ISC_agenda' rather than '1Apr2007ISCAgenda'

'20070401_ISC_mins' rather than '1Apr2007ISCmins'

  • Avoid long, complicated numbering or coding that may be easy to misfile.

For example, '90890845221lt.doc' is easy to overlook or misfile because it is so generic, the numeric code is not immediately obvious and the term 'lt' may not be identified as shorthand for 'letter'.

  • Mirror folder names across your email system and shared drives to help retrieval and aid consistent file naming.
  • Dispose of records in a timely manner and according to your records retention schedule. Contact your local IMPS Contact about advice on this.
  • Avoid duplication - create records only where necessary.
  • Identify a 'custodian' who will keep the 'master copy' and destory 'convenience copies' when you have finished with them.
  • Avoid storing copies of university information on home PCs. Use VPN and secure drives.
  • Use version control for documents to minimise confusion about top copy.

For example,




Consult further guidance on the Information Management & Policy Services webpages.


Related matters and policies

  • University Records Management Policy (PDF-98KB)
  • Information Security Policy (PDF-66KB)
  • Guidance on Remote Working (PDF-68KB) sometimes known as the "Dos and Don'ts of Homeworking"
  • ITS guidance on encryption of mobile devices and security as given in
  • Health and Safety guidance on home working: 'If staff choose to use DSE at home to suit their personal circumstances and/or convenience then the DSE workplace requirements do not apply, even though it is obviously advisable to follow the guidelines given relating to posture, etc. However, on the rare occasions where staff are formally required to work at home as part of their work duties, then the workstations used do require assessment if the use would render the employee a User. In such instances the employees concerned should complete the DSE checklist (Appendix 3) and return it to the Area DSE Assessor or the Area Health and Safety Co-ordinator.'

Things to do now


Contact IMPS

Page navigation

See also


Search Form

A-Z lists