Data protection

Skip to main content
Next page Previous page


Data protection

The University holds a lot of sensitive information, much of which is in the form of personal data (names, addresses, etc.) of staff and students. Personal data is any information about an identifiable living individual, regardless of the format of the information. Certain obligations are placed on people and organisations that hold personal data in terms of how the information is stored and processed through the Data Protection Act 1998. The Data Protection Act defines certain types of personal data as 'sensitive' and greater security measures should be taken in relation to this data.

There have been lots of examples in the news where universities have fallen foul of data protection breaches. A recent JISC Legal study noted over 20 formal legal actions taken over Data Protection breaches relating to the loss of personal information through the use of mobile or portable devices during 2011. The University could be fined up to £500,000 by the Information Commissioner for a data security breach, and this could be coupled with reputational damage and a drop in admissions and research funding.

The following tips will help to keep personal or restricted data secure:

  • Do not communicate personal or restricted data via unencrypted email
  • Do not take personal or restricted data home
  • Do not store personal or restricted data on home computers, USB sticks or other peripheral mobile devices
  • Store all work related information on a secure University networked drive
  • If you do need to transfer personal or restricted data, ask for advice and help from the IT Service Desk on how to encrypt your files
  • Do not leave computers unattended when logged on (on Windows computers Ctrl+Alt+Del will give you an option to lock your computer whilst you are away from your desk)
  • Do not access personal or restricted data in public places or locations e.g. in libraries, Internet cafés or public wi-fi locations
  • Share personal or restricted data only with those with the right and need to view it
  • Never share or disclose your University of Bristol password or use it for non-UOB services
  • Take care when you print confidential information to networked printers, that you are able to pick up the material promptly

If you regularly create and store personal data you may want to contact your Departmental Data Protection Advisor or the Information Rights Officer. This information is also available through the companion InfoSafe App. The app is available for download and installation (for Android phones only). For more information about the app take a look at the InfoSafe site.

Try out the University's Data Protection Online Course to find out more.


Which of the following would be classed as containing personal data under the Data Protection Act? Check all that apply.

a) Yes - a job application contains information that is considered personal data. a) A job application has information that contains personal data.b) Yes - information in a sickness notification is considered to be sensitive personal data and so has additional constraints on how it is stored and shared.b) Sick leave notification has information that contains personal data that is considered to be sensitive and therefore has additional constraints on how it is stored and shared.c) Yes - trade union membership is considered to be sensitive personal data and so has additional constraints on how it is stored and shared. c) Trade union membership has information that is classed as sensitive personal data so has additional constraints on how it is stored and shared.d) No - referring to a person by name in minutes is not classed as personal data unless the meeting specifically discussed that person and minuted information about the contents of the discussion.d) If the minutes simply note that an individual attended the meeting this would not be classed as personal data.
Check your answer

Further reading

Guidance on processing personal data off campus (University of Bristol)