Data Protection & You
Clare Coyne : Data Protection Co-Coordinators
Secretaries Office : 928 7674
- The Data Protection Act 1998
- Policy for computer investigation
- Security Policy
- Disposal of computer equipment
The Departmental data protection officer is Mr. William Moore.
A meeting for University data protection officers was recently held. Issues surrounding data, its protection and users were discussed. This brief document is intended as a guide and points out areas which might be of urgent relevance to users within the division of medicine.
1) Who is responsible?
Individuals. Breaking the Data Protection Act incurs a £2,000 fine and a criminal record
2) The data protection principles
Personal data shall:
- Be collected and processed fairly and lawfully
- Be held for specific and lawful purposes
- Only be disclosed to those people who need to know
- Be adequate, relevant and not excessive
- Be accurate and up to date
- Be held under secure conditions for no longer than is necessary
3) Various rights of subject to access their own data
4) Data Systems
- What sort of data do you hold
- Where are they stored
- Are they accurate
- Are they held securely*
- How are they collected
- How are they destroyed*
If they are sensitive data, why do you need them?
5) Sensitive data
You must have the specific written permission of the data subject to hold sensitive data, unless you already have a legal requirement to process that data.
- Racial or ethnic origin
- Political opinions
- Religious beliefs
- Trade union membership
- Physical or mental health
- Sexual life
- Financial information
- Official secrets act
6) Data security
- Store personal data on secure server*
- Make use of central filing
- Donít create parallel files
- Avoid duplication
- Change passwords at regular intervals*
- Do not use global passwords
- It is a disciplinary offence to disclose your password
- Restrict access on the basis of authority levels
- Use password protected documents and screensavers
- Keep paper records under lock and key
- No backups to be kept at home
- Do not use e-mail for sensitive data
- Print the file e-mails centrally then delete
Donít forward e-mails containing sensitive data
Information also available concerning:
8) Matters relating to student confidentiality
9) Matters relating to reference (personal)
10) Matters relating to exam results
Use anonymised data
- Store names separately from other data
12) Matters relating to tape storage (Dictaphones)
13) Matters relating to exemptions
14) Matters relating to sending data overseas
15) Matters relating to external agencies
16) Matters relating to length of data storage (requirements)
- Contact your Data Protection Advisor for further information.
* Secure data
Servers running Windows NT 4.0 are considered secure by the University. If running any other type of server, please contact the computer unit and ask if unsure.
Contact your I.T officer or data protection officer for advice on how to do this safely.
* PasswordsAlthough changing passwords is fine and well, it is better still to use one password which would be impossible to guess at, ie: a complex alpha-numeric.