You are here

Data Protection and Interception Statement for Informatics Managed Systems

Printer-friendly versionPrinter-friendly version

This statement relates to the automatic collection, storage and use of Personal Data by the managed systems of the School of Informatics, other than the teaching and HR databases and associated systems.

Personal Data (under the terms of the Data Protection Act 1998) are collected and processed by the School's managed systems for the following purposes:

  1. To ensure that the School's resources are accessible only to authorised users.
  2. For fault-finding and debugging.
  3. For auditing and security investigations.
  4. For planning and resource allocation.
  5. For accounting and charging.

Any other use of these data requires the Head of School's permission.

Our managed Linux desktops generally store data for 4 weeks, with mail logs retained for 6 weeks. These retention periods also apply to our multi-user machines such as the staff and student login machines, and most servers. Logs which contain personal data are accessible only to computing staff.

Some services have specific additional retention periods:

  • Our account mangement, authentication and directory servers necessarily hold personal data relating to user accounts for the entire time the accounts are valid. These are deleted after users leave, in accordance with University policy.
  • Our VPN endpoints retain connection data for 13 weeks, to aid with fault-finding and debugging.
  • Web logs are retained for 26 weeks.
  • Our mail relays retain traffic logs for 2 months.
  • Mail sent to the RT systems are kept for 1 month, and to the Informatics Database for 3 months.
  • Per-user printing statistics are kept for 6 months. Anonymous per-queue statistics are kept indefinitely
  • Content and version management systems will normally retain meta-information regarding pages and files for as long as they are managed by the system.
  • The Support Request Tracker page describes the processing of support tickets.
  • The ISS Request Tracker is separate to the Support Request Tracker. It stores tickets that are managed by ISS. The retention policy for ISSRT is based on a queue by queue basis and has been agreed with the Head of Knowledge Management. In summary, the intention is to keep all ISSRT tickets for approximately one year after a student has left his current course of study or one year after an application has been made.
  • AFS volume-use statistics are kept for planning and resource-allocation for a period of 6 months.

Most machines also send data to our central loghost for further processing, where they are accessible only to computing staff, and where the retention period is 120 days. Summaries are available to authenticated users. During this period, some data are extracted and anonymised for research and planning purposes.

All non-anonymous data are automatically deleted at the end of their retention periods.

Some of the collected data may include URLs, or otherwise identify web pages. This "interception" takes place under the terms of section 3(3) of the Regulation of Investigatory Powers Act 2000 for fault-finding and debugging, or under the associated "Lawful Business Practice" regulations with the Head of School's permission.

In addition to data on the use of MAC and IP addresses on the School's network, which are retained for 120 days, we also collect packet and error counts for all connected wall- and floor-ports, for fault-finding, planning and resource allocation. These are consolidated daily and then weekly, and can be viewed by following the links on our monitoring pages, available only to internal Informatics users.

Our teaching and HR databases and associated systems are operated in conformance with the University's central policies, available on the Records Management and Human Resources sites.

Self-managed machines are expected to follow the School's logging policy. Please contact these machines' managers for details.

Services which are provided centrally (for example, staffmail, wireless) follow University-wide policies, and the corresponding documentation should be consulted regarding their use of personal data.

See also the School's statement on "cookies and logging" in relation to our web pages.

Useful Links

Last reviewed: 
19/05/2017

System Status

Home dirs (AFS)
Network
Mail
Other services
Scheduled downtime

Choose a topic