You are here
Guidance on data security
The University needs to protect sensitive information such as:
- personal data relating to students, e.g. their marks
- certain research data, e.g. relating to human subjects
- sensitive information about University business.
Sometimes this is for legal or ethical reasons, sometimes for business reasons.
Here's what you can do to protect the data that you handle :-
- Consider whether you can reduce the amount of sensitive data you take outside the University and its network without adversely affecting your work - e.g. access and process the data remotely via an ssh login or via the remote desktop service.
- If you have any mobile device (smartphone, tablet, laptop) which you use to access University data, you must ensure that it is both password/PIN protected and protected by encryption. This applies regardless of whether the device was purchased by the University, is personally owned or belongs to a third party. This protects against less casual access by someone else if you lose the device. Information about how to encrypt your devices, for various operating systems, is provided below.
- Passwords used to access University systems or data must not be used to access external services such as Facebook, personal emails etc.
- Use strong passwords, and configure your machines appropriately -- e.g., if you habitually sleep your machine rather than shutting it down, so that if it were lost or stolen it might be in the sleep state, make sure it asks for the password on waking.
- Follow the College policy on Encryption of devices.
Above all, please be aware of the issue and use your common sense.
Available techniques for improving data security
- Encryption - see our encryption overview and the IS encryption overview.
- Encrypting individual files - gpg or p7zip (Linux, DICE), 7-zip (Windows), iZip (MacOS X)
- Password protect individual files
- Antivirus - MacOS and Windows
- Strong passwords
- Virtual private network (VPN)
- How to secure a mobile device
- Remote wipe of mobile devices
- Enabling encryption on computers
- (University advice page) Encryption and travel
Further advice on typical use cases
The following are a list of typical use cases and issues you should/may like to consider for each case :-
- Storing sensitive data on a laptop
- Storing sensitive data on a smartphone/tablet
- Storing sensitive data on an external disk/usb key
- Transferring sensitive data by email
- Accessing sensitive data remotely from home or public machines
- Storing sensitive data on a work PC
- Storing sensitive data on a Cloud service
Further information
- The University's Policy on taking sensitive information and personal data outside the secure computing environment.
- The Information Commissioner's guidance on data protection.
- University guidance on information security.
- The University's phishing guidance.
- Guidance from IS on sharing and preserving research data
- The College policy on Encryption of devices.
Last reviewed:
10/01/2023