Security of Personal Data
Further guidance on security of personal data is available in Section 7 of the Data Protection Code of Practice.
Security of Electronic Information Systems
For guidance on security of electronic information systems, please see the relevant details on the Information Services site.
Providing Coursework Marks to Students
It is much more secure to provide marks via Moodle than email. Instructions on how to do this can be found here. If you need more guidance please contact the Learning Technology Support Manager via: ISServiceDesk@napier.ac.uk
Manual & Physical Data Security Policy
In order to meet the requirements of Data Protection legislation, organisations are obliged to have in place a framework designed to ensure the security of all personal data. The guidance note below sets out the University's policy on the security of manual and physical data. Please note, this policy relates only to the retention and storage of non-electronically based personal data. All electronic data is covered separately by the University's Information Security Policy and its subsidiary policies.
Download the Manual and Physical Data Security Policy
Security of Personal Information Checklist
This one-page checklist has been adapted from guidance issued by the UK Information Commissioner.
Download the Security of Personal Information Checklist
Password Protecting Documents
See below for guidance on how to password protect different document formats.
Password protect Word documents
Password protect Excel documents
Password protect PDF documents
Procedure for Breach of Data Security
It is important that action is taken as soon as possible following a data incident or breach to try to rectify the situation and mitigate any risks to data subjects. Tell your line manager, Governance Services or IS (as appropriate) - DON'T leave it...the sooner we know, the sooner we can do something about it!
Data Protection legislation governs the University's obligations with regard to personal data and these include a requirement to keep personal data secure. A breach of data security occurs where unauthorised or unintentional access to personal data is gained, whether this data is held in electronic or manual format. This procedure gives guidance on what to do in the event of such a breach occurring.
If you send an email or email attachment in error the following are the steps you need to take to rectify it:
1) Re-open the email you've sent, click on 'Actions' on the toolbar at the top of the email, then select 'Recall this email'. Ensure the 'Delete unread copies of this email' (first option) and 'Tell me if recall succeeds or fails for each recipient' options are selected.
2) Copy the email from your sent items and paste it into a new email as an attachment and send this email to Unidesk@napier.ac.uk, with a copy to email@example.com,explaining what's happened and asking for the message to be deleted from the servers. The email should be titled "Data incident". It is important that a copy of the original email is provided as an attachment, not forwarded, as the attachment will contain metadata which will assist IS in finding it and removing it.
3) Complete the form at the end of the Procedure for Breach of Data Security and send this to firstname.lastname@example.org