Our plans to improve the management of information

padlock

Dr Tony Strike shares a programme of work crucial to improving the handling and management of information across the University.


Developments

Since GDPR came into force last May, many of you have been working to tighten up the way in which we all handle information. As a University community, we regularly collect, retain and process information about staff, students and others for academic, administrative and research purposes. It is vital that we meet the legal and regulatory obligations for holding and processing both personally identifiable information and other types of information. More important than regulatory compliance, we share a responsibility to protect each other’s personal data. This update is to thank you for what you have you have already done and to set out clear future actions.

The University’s Information Management Group has initiated a programme of work designed to raise awareness and improve practices relating to the management of University information, records and data. There are several strands to the programme.


Do the training

All staff have a responsibility to abide by our information handling policies and good practice. The University has two mandatory online training modules designed to help you achieve this. They are called Protecting Information and Protecting Personal Data. Almost 90 per cent of staff have now completed this training. If you have not yet completed these courses you should do so now to retain your access privileges.

Complete the training


Know your Information Champion

We have introduced a network of Information Champions, at least one for each department, who support and promote work in this area. They have an important role to play. They are in a position to understand departmental needs and requirements and act as advocates for guidance, policies and initiatives. Information Champions have been undertaking training on the use of new resources (see below) and have access to expertise within the University to address specific issues or areas of concern relating to areas of information management, the management of personal data and record keeping.

Find your Information Champion


Visit the Information Governance web pages

The University is introducing new policies and procedures relating to the handling of University information. All staff have a responsibility to protect personal information; and you must abide by the policies and procedures. Find out how your personal information is processed, how we protect your rights and how we expect anyone who deals with personal information to handle that information appropriately by looking at this site.

GDPR and data protection

Get involved

Working together we can enhance our understanding of the University’s information, identify potential risks and areas where we can improve practice, and increase robustness in our handling of University information. Personal vigilance is our most powerful means of ensuring we respect the information we each hold. Here are three ways you can get involved via your Information Champion.

Finalising retention periods before disposal of records

The Information Management Group is reviewing the retention and disposal arrangements for the different types of records, data and information it holds. This is being undertaken in consultation with functional leads across the University and will be reviewed by both Departmental and Faculty representatives to ensure accuracy and useability. This will be brought together in a straightforward schedule that can then be applied to the most commonly held records and data held by the University. If you are responsible for retaining records for the University then get involved in the consultation by asking your Information Champion for a copy of the schedule, and let us have your feedback.

Testing the classification of information

An easy to use classification scheme will set out three levels of grading (green, amber and red) for different types of information we create, process or hold in our roles, depending on the information’s sensitivity or confidentiality and the risk associated with poor or inappropriate handling. The handling scheme sets out how the three different categories should be dealt with when creating, storing or sharing information in different situations, including when using University and external IT facilities. This simple to use guidance is being rolled out across the University via the Information Champions with web resources, training and guidance to get feedback on its practicability.

Updating information asset registers

The University is developing an Information Asset Register as a tool to allow departments to record and understand the information it holds. It will allow departments and the University to improve understanding of what information is held, where it is held, who has access to it, and how long it needs to be kept for. If you keep records then check with your Information Champion whether the information you hold should be on your Department’s Asset Register. Where possible information should kept in core University systems and accessed there rather than held separately.

Contact your Information Champion

Keep in touch

If you have questions or concerns do talk to your Information Champion or Departmental Manager.

You can also contact Anne Cutler, Data Protection Officer, email: a.cutler@sheffield.ac.uk

or Matthew Zawadzki, University Records Manager and Archivist, email: m.zawadzki@sheffield.ac.uk