You are here
Guidance on data security
The University needs to keep certain sensitive information protected: sometimes this is for legal or ethical reasons, sometimes for business reasons. Relevant information includes:
- personal data relating to students, e.g. their marks
- certain research data, e.g. relating to human subjects
- sensitive information about University business.
If you ever access any such information this web page is for you.
The recent survey on access to mobile data revealed that many staff access such data in ways which are unnecessarily and worryingly insecure. There are a number of things you can do. Please consider which of them apply to you, and act accordingly:
- Consider whether you can reduce the amount of sensitive data you take outside the University and its network without adversely affecting your work. E.g. if you make a copy of sensitive data for a particular occasion, remember to delete it afterwards.
- If you have any device (smartphone, laptop...) which you use outside the University and its network to access sensitive data, ensure that it is password/PIN protected, and that you are following the College's policy on encryption of devices.
- If you have a laptop which contains sensitive data, encrypt its hard disk (or store sensitive data on an encrypted volume or encrypted USB key). This protects against less casual access by someone else if you lose the device. Information about how to do this, for various operating systems, is below.
- Use strong passwords, and configure your machines appropriately -- e.g., if you habitually sleep your machine rather than shutting it down, so that if it were lost or stolen it might be in the sleep state, make sure it asks for the password on waking.
Above all, please be aware of the issue and use your common sense.
Available techniques for improving data security
- Encryption - see the IS encryption overview.
- Encrypting groups of files on Linux and DICE
- Encrypting individual files - gpg or p7zip (Linux, DICE), 7-zip (Windows), iZip (MacOS X)
- Password protect individual files
- Antivirus - MacOS, Windows
- Strong passwords
- Virtual private network (VPN)
- How to secure a mobile device
- Remote wipe of mobile devices
- Enabling encryption on computers
- Encryption and travel
Further advice on typical use cases
The following are a list of typical use cases and issues you should/may like to consider for each case :-
- Storing sensitive data on a laptop
- Storing sensitive data on a smartphone/tablet
- Storing sensitive data on an external disk/usb key
- Transferring sensitive data by email
- Accessing sensitive data remotely from home or public machines
- Storing sensitive data on a work PC
- Storing sensitive data on a Cloud service
- The University's Policy on taking sensitive information and personal data outside the secure computing environment.
- The Information Commissioner's guidance on data protection.
- University guidance on information security.
- Guidance from IS on sharing and preserving research data
- The College policy on Encryption of devices.