Data Protection Update

This is the second edition of the regular Data Protection Update for staff.  This edition includes top tips on using email; and on storing and accessing personal data for work purposes.  If you have any questions contact data.protection@hud.ac.uk or visit our data protection pages.

Emails

When sending emails that contain personal data (i.e. information that identifies an individual, whether that person is a student, member of staff or somebody else), please ensure that you check and double-check who you are sending the email to, that their email address is correct and that they do need to receive the information.  A large number of data breaches reported by the Information Commissioner’s Office occur as a result of information being sent to the wrong email address or as a result of the information having been copied to a wider audience than necessary. 

If you need to share personal data within the University, it is strongly recommended that email attachments should not be used.  Providing hyperlinks to the relevant information stored in UniShare or in the SAN is a more secure method of sharing as the recipient can only access the relevant information if they have the appropriate permissions.

If you do need to share personal data by email you should ensure that any attachments are encrypted or password protected. 

Other email tips:

  • Make sure that you keep to one subject per email where at all possible – start a new e-mail for any different issues. 
  • Don’t keep emails for longer than necessary
  • Emails that contain information that needs to be retained and may need to be accessed by other members of staff should be stored in the appropriate area on the SAN or in UniShare.

For further advice about using and storing emails, please contact recordsmanagement@hud.ac.uk.  

Where is your data stored?

The University’s Data Protection Policy and IT Security Policy require that no personal data is stored outside University systems.  This includes personal computing equipment.  Personal data must not be stored on removable media (such as USB storage devices, removable hard drives, CDs or DVDs) or mobile devices (laptops, tablets or smart phones) unless it is encrypted or password protected, and the key kept securely. A backup copy should also be kept on the secure University servers. 

If you need to share information that contains personal data internally, then there are alternatives to storing it on removable devices, including using UniShare or the University’s collaborative research resource, Box Zones.  Further information on file-sharing is available here.

Please contact IT Support (it.support@hud.ac.uk) for more information about secure ways to store and share personal data.

Accessing information

If working away from campus, you should only access University information via approved means, e.g. Unidesktop, UniShare or Box Zones.  Don’t download information to your personal computing equipment. As well as the risk to confidentiality and of duplication of data, your own systems may not provide the security features necessary to adequately protect such information in compliance with data protection law. 

Recent enforcement action by the Information Commissioner’s Office (ICO) has reinforced this issue and demonstrated how easily a breach can occur when an organisation’s procedures are not followed:  a barrister accidently uploaded personal data of clients to the public cloud due to changes in their personal computer settings following an upgrade to their operating system, resulting in a fine.

Please contact IT Support (it.support@hud.ac.uk) for further information about how to access University information securely when away from campus.

For further information on data protection, please visit the University’s dedicated webpages