University data and you

These pages remind you of your responsibilities when processing, accessing or otherwise using confidential, strictly confidential or secret University data or when gathering, storing and processing sensitive personal data for research projects. The University of Bristol owns and processes a great deal of data and loss or leakage could cause untold harm to the University, both in reputation and in financial costs.

Research into data breaches in HE institutions indicates that the majority of incidents are due to:

  1. Unauthorised access by insiders (accidental and malicious)
  2. Accidental exposure of data online
  3. Laptop theft

The majority of data leakage is down to human fallibility. For example, people routinely give passwords over the phone or in response to emails without verifying whether the request is genuine and many of the government's high-profile leaks have been down to laptops left on trains and CDs posted without thinking through the consequences of loss and disclosure of the data within. Also, data is often routinely shared with colleagues that do not have a right or need to have access to that data, or data is needlessly copied, creating further opportunities for loss or theft.

Note that common software can also cause data to be leaked - for example, beware if you routinely copy Excel graphs into Word on the assumption that nothing could possibly go wrong with such a common activity.

Keeping data secure requires common sense: you must take steps to protect your computer and protect yourself, but you also need to start thinking about the data that you and your colleagues use and how you use it. The following links provide  information on UOB data security and good practice:

You need to take immediate action if you think that your PC is infected with malware or your University password has been stolen.