• Home
  • Login
  • Welcome to the Staff Intranet
YOU ARE HERE: Skip Navigation LinksEdinburgh Napier Staff Intranet > Service Depts > Governance & Compliance > Governance Services > Data Protection > Security of Personal Data
 

Security of Personal Data

 

 

Further guidance on security of personal data is available in Section 7 of the Data Protection Code of Practice.

 Image of a safe
Security of Electronic Information Systems

For guidance on security of electronic information systems, please see the relevant details on the Information Services site.

 

Providing Coursework Marks to Students

It is much more secure to provide marks via Moodle than email. Instructions on how to do this can be found here. If you need more guidance please contact the Learning Technology Support Manager via: ISServiceDesk@napier.ac.uk

  

Manual & Physical Data Security Policy

In order to meet the requirements of Data Protection legislation, organisations are obliged to have in place a framework designed to ensure the security of all personal data.  The guidance note below sets out the University's policy on the security of manual and physical data.  Please note, this policy relates only to the retention and storage of non-electronically based personal data. All electronic data is covered separately by the University's Information Security Policy and its subsidiary policies.

 

Download the Manual and Physical Data Security Policy 


Security of Personal Information Checklist

This one-page checklist has been adapted from guidance issued by the UK Information Commissioner.

 

 Download the Security of Personal Information Checklist 

 

Password Protecting Documents

See below for guidance on how to password protect different document formats.

Password protect Word documents

Password protect Excel documents

Password protect PDF documents

 

Procedure for Breach of Data Security

 

It is important that action is taken as soon as possible following a data incident or breach to try to rectify the situation and mitigate any risks to data subjects. Tell your line manager, Governance Services or IS (as appropriate) - DON'T leave it...the sooner we know, the sooner we can do something about it!

 

Data Protection legislation governs the University's obligations with regard to personal data and these include a requirement to keep personal data secure. A breach of data security occurs where unauthorised or unintentional access to personal data is gained, whether this data is held in electronic or manual format. This procedure gives guidance on what to do in the event of such a breach occurring.

 

  Download the Procedure for a Breach of Data Security

 

If you send an email or email attachment in error the following are the steps you need to take to rectify it:

1) Re-open the email you've sent, click on 'Actions' on the toolbar at the top of the email, then select 'Recall this email'. Ensure the 'Delete unread copies of this email' (first option) and 'Tell me if recall succeeds or fails for each recipient' options are selected.

2) Copy the email from your sent items and paste it into a new email as an attachment and send this email to Unidesk@napier.ac.uk,  with a copy to dataprotection@napier.ac.uk,explaining what's happened and asking for the message to be deleted from the servers. The email should be titled "Data incident". It is important that a copy of the original email is provided as an attachment, not forwarded, as the attachment will contain metadata which will assist IS in finding it and removing it.

3) Complete the form at the end of the Procedure for Breach of Data Security and send this to dataprotection@napier.ac.uk

 

 Page last reviewed 26 August 2019

Edinburgh Napier University is a registered Scottish charity.
Registration number SC018373