Protect your data
We do everything we can to keep you and our services safe, but it is also vitally important that you take steps to protect your data. We are reliant on your assessment of how important the information is to your department and your local knowledge of working practices and people.
The data that you are responsible for can take various different forms:
- Paper files and local systems
- Electronic files
- Files shared by a 3rd party (e.g. a research or commercial partner )
There are three main factors to consider when thinking about the security of your data: Confidentiality, Integrity, Availability.
Confidentiality - Ensuring that only those that need to access the information can do so.
In order to understand how confidential an asset (such as a file) or system is there are several factors you must consider:
- Does it hold sensitive data, such as personal information, commercial secrets or research data?
- Are you protecting the asset or system from accidental or malicious damage?
- Have you considered the physical security? (is it in a secure location? Are the doors locked? How do we dispose of paper copies?)
- Who needs access?
- Are passwords looked after properly?
- Are all people with access to the asset or system trained on best practice?
- Is all technology appropriately password protected or encrypted?
Integrity - Ensuring that information is accurate, fit for purpose and trustworthy.
- How important is the accuracy of this information?
- How much trust are you placing in the accuracy of your data or information?
- How can you make sure your information is as accurate as possible?
- If you have multiple copies of a file, edited by multiple people, how do you ensure which copy is correct?
- For example, if you take a copy of a student record and put it in a locked filing cabinet, how do you know it is still up to date?
It is important to think about how you are working and how you can maintain the integrity of your asset. Technology can be a particularly helpful tool here; collaborative tools, such as Google Drive, will manage version control for you and systems such as the University’s network Filestore is great for having a single (but backed up) copy.
Availability - Ensuring that information is available when, where and how it is needed.
- Have you considered the requirements of a range of users, including mobile working and different types of device? For example a student may expect to be able to to view past papers on their personal devices 24/7. The information being unavailable may not seem like the end of the world, unless they have an exam in the morning
- Have you spoken to those who require access to the asset or system and do you understand the consequences if they lost access to this data?
Policies and processes can help in ensuring availability, for example a department might put in place a process to ensure that all critical financial information is stored in SAP and/or on the networked filestore. While technology is a valuable tool in making data available, reliance on a single piece of equipment is generally not recommended; for example a desktop computer containing the only copy of irreplaceable data.