Security of Personal Data
Further guidance on security of personal data is available in Section 7 of the Data Protection Code of Practice.
For guidance on security of electronic information systems, please see the relevant details on the Information Services site.
In order to meet the requirements of the Data Protection Act, organisations are obliged to have in place a framework designed to ensure the security of all personal data. The guidance note below sets out the University's policy on the security of manual and physical data. Please note, this policy relates only to the retention and storage of non-electronically based personal data. All electronic data is covered separately by the University's Information Security Policy and its subsidiary policies.
Download the Manual and Physical Data Security Policy
This one-page checklist has been adapted from guidance issued by the UK Information Commissioner.
Download the Security of Personal Information Checklist
Procedure for Breach of Data Security
The Data Protection Act 1998 governs the University's obligations with regard to personal data and these include a requirement to keep personal data secure. A breach of data security occurs where unauthorised or unintentional access to personal data is gained, whether this data is held in electronic or manual format. This procedure gives guidance on what to do in the event of such a breach occurring.
Download the Procedure Guidance for Breach of Data Security