Keeping personal and confidential data secure

(Golden Rule No. 6)

Information for University staff

It is your responsibility to ensure that personal or sensitive University and/or third party data, which is created by you or entrusted to you, is kept secure. Follow these guidelines to ensure you fulfil your contractual and legal responsibilities.

Email

• Do not auto-forward your emails or send them to external email accounts. Use Outlook Web Access or the University's Remote and Mobile Access Service to access your University emails.

Transporting data

• If you are carrying paper documents, only take the ones that you really need and keep them with you at all times in a locked bag or case. All such documents should be returned to the University, or other suitable premises, for storage outside office hours.
• Do not carry personal or confidential data on a laptop unless it is encrypted*. If your data is not encrypted use a hardware encrypted memory stick (available through the IT Shop) but ensure that this is not the only source of that data.
• Make sure that a formal confidentiality (non-disclosure) agreement is in place if you need to exchange personal or sensitive data with external agencies.
• If you have to access personal or confidential data or documents whilst in transit make sure that the information cannot be seen by others.

Passwords

• Always use a strong but memorable password. Guidelines for choosing and managing passwords are available online.

Personal computers

• Do not create or retain personal or confidential data on privately-owned computers. The data could be available to unauthorised people if the computer has to be repaired, or after its disposal. Always use the University's secure Remote and Mobile Access Service, or the University's VPN service.

Lost or stolen computers, storage devices or documents

• Immediately report the theft or loss of PCs, laptops, data storage devices or paper documents containing personal or sensitive data, regardless of whether the contents are encrypted.

* The University is sourcing an encryption solution which will become the University's encryption standard. This should be available in March 2010. Currently there are a number of encryption products being used in faculties. For information and advice regarding these products please contact the ISS Help Desk on ext 33333 or via email helpdesk@leeds.ac.uk