Thu, 19 Jan 2017 15:35:00 GMT
Tesco Bank, TalkTalk, Three Mobile, Sage, Morrisons. The list of organisations that have lost customer or employee information in recent months is growing longer by the week.
In addition to the bad publicity, there are serious legal penalties when things go wrong. Everyone has a part to play in ensuring that the same thing doesn’t happen here at the University.
There is a lot of information and advice available on the University website, to help you comply with your obligations:
- Data protection - contains helpful guidance and sets out the legal framework within which information must be processed, the data protection principles that must be followed and the University’s Data Protection Policy which must be applied by staff and students at the University
- IT security - common-sense steps we can all take to reduce the likelihood of a data disaster together with detailed guidance on passwords, security while off-campus, equipment disposal, viruses and encryption
- Using your own device policy - if you use your own devices (whether PCs, laptops, phones, or tablets) to access University systems or data, for example to read your work email, or to access files, all of the above University policies still apply. You need to make sure that you activate your device’s security features such as passwords, locking and tracking, and use up-to-date anti-virus software
- Data clouds are really useful if you have a requirement to create, edit and access your files from multiple devices, you wish to share files with others inside and outside the University, or you simply need to store very large amounts of data, but it carries a higher information security risk. The University is offering a pilot service called Box. For more information, please contact Alistair Reid-Pearson or Alan Radley
Please remember that all University data, including research data, should only be stored in University approved systems. Please note in particular that personal cloud services such as Dropbox are not compliant with UK data protection legislation or with University policies, and therefore should not be used to store sensitive of confidential University information.