Dos and Don'ts For Data Protection
- When you process personal data you must ensure that it is accurate, relevant and not excessive in relation to your needs.
- Do not process personal data unless you are sure that you, your department or the University has obtained the consent of the individual concerned or that it is necessary to process the personal data in performance of a contract with the person, or to meet a legal obligation.
- Do not disclose any information (including giving references) about an individual to an external organisation without first checking that the individual consents to such disclosure, or, in the case of the police, checking with the Registrar and Secretary or, in his absence Information Assurance Services.
- Do not write any comment about any individual that is unfair or untrue and that you would not be able to defend if challenged. You must assume that anything that you write about a person will be seen by that person.
- Be vigilant if you are undertaking work off-campus using personal data such as individualised research data, reference requests or examination scripts or results. Strict security measures must be applied to the transportation and storage of all such data.
- Ensure that all personal data is kept secure, not only from unauthorised access, but from fire and other hazards.
- Use the office shredder or the contract shredding service to dispose of any document containing personal data, whether or not you consider it to be confidential.
- Apply password protection to computers, screensavers and documents. Where possible keep your office door locked and your desk clear of personal data when you are absent.
If anyone asks to see the data that the University holds about them (other than that which you would normally provide to them in the course of your duties) they must be referred immediately to Information Assurance Services.
- Glossary of terms.