22 December 2008

Security of staff data away from the workplace

Following some well publicised cases of personal information being lost or left in public places over recent months, the University has produced guidance notes, including ensuring the use of an approved encryption system, which aim to prevent similar situations occurring for information about University of Sheffield staff.

Guidance for users of staff data

Staff data/records should not be taken away from the workplace in hard copy or electronic copy, except where there is an important operational or business reason.

Should it be necessary to take electronic staff data/records away from the workplace, please follow the guidance provided by the Department of Corporate, Information and Computing Services at http://www.shef.ac.uk/cics/remote/information.html.

The volume of data/records should be kept to a minimum and, where possible, hard copy records should not be originals.

Staff taking or sending data/records away from the workplace are personally responsible for their security. They should exercise this responsibility by, amongst other things:

  • Ensuring that it is kept in a secure place eg locked in the boot or glove compartment of a car;
  • Not leaving it unattended in public places or on public transport;
  • Limiting to a minimum the amount of personal data or information that is sent by email or extracted from a remote database;
  • Ensuring that any external organisation to whom the data or information is to be sent will treat it with the appropriate confidentially;
  • Ensuring the data or information is either returned to the University, deleted (if electronic) or securely destroyed (if hard copy), when it is no longer required off campus.

If you are aware of a situation where the above has been breached or data/records lost, please immediately inform your Head of Department, the Director of CiCS and your Faculty HR Adviser. If you need to inform someone out of hours, please contact Security Control (0114 22 24085).