Personal Information on Portable Computers and Media


There have been a number of recent well-publicised cases where CDs or laptops containing personal information have either been lost or stolen. The Information Commissioner now takes the view that 'where such losses occur and where encryption software has not been used to protect the data, enforcement action will be pursued.'


Personal Information may only be created, processed or stored on portable computers or portable media where all of the following criteria have been satisfied:

  • That alternative means of working have been explored.
  • There should be an important operational or business reason to handle the information this way.
  • That you have the authority to do so.
  • The information must be protected using an approved encryption system.

Where appropriate such information must also be securely deleted or destroyed once it is no longer necessary to process it in this way. This policy applies equally to printed (hard) copies of personal information.

Practical Advice

  • Take care to keep laptops, data stick etc in a secure place and not left unattended.
  • If you are accessing personal information on your home computer ensure that you follow the university guidelines on security (see link on top right)
  • Limit the amount of personal information you access or remove from campus to only what you need.
  • If sending information to others by email, cd or as a hard copy follow the principles of Data Protection (see link on top right)
  • Where personal information is stored within a portable computer, other electronic media or sent by email to an outside body ensure it is encrypted.
  • The alternative methods of working are outlined in our 'Working from Home' pages (see link on top right).

The CiCS Helpdesk is available to advise on these issues or, if required, upon recommended encryption software.

Please fill in the form below (follow link) to request advice.

Advice on Personal Information or Encryption

If Personal Information is Lost

In the event of any loss or theft of any computing device or media containing Personal Information you must inform your Head of Department and the Director of CiCS immediately. If this occurs out of hours then please contact Security Control (0114 222 4085).