'Information Champions' - Information Security

By Louise Rudge

In the June issue of the BBS Newsletter, you may recall Ian and I updating you about the University’s ‘Information Champions’ Network established to encourage good practice relating to data protection. In particular, we drew your attention to:

  • the importance of being mindful of the Data Protection Act when handling personal information, and;
  • UoB’s new on-line data protection ‘toolkits’. 

As a reminder, information regarding the basic principles of data protection, some useful data protection resources, and our contact details for further information/queries, are detailed at the end of this article.

For this article we would like to take the opportunity to highlight the importance of information security.  For instance, did you know?

  • according to a study of 500 dry cleaners nationwide as many as 22,266 USB memory sticks are left in clothes and handed to dry cleaners annually (study undertaken by internet security firm ESET). 45% of devices are never reunited with their owners
  • Adur District Council was fined recently by the Information Commissioner’s Office (ICO) after it inadvertently, having failed to use ‘BCC’, released resident’s private information by accidentally sending an e-mail to 15 residents

In fact several recent incidents involving email and security of data at other organisations have resulted in ICO fines. The financial costs, coupled with the detrimental reputational impact of data breaches, highlight the need to take information security seriously.  The majority of infringements are related to email misuse – largely emails to the wrong person, using ‘To’ rather than ‘Bcc’, or attaching an incorrect document.  Please always double check before hitting send. 

Working remotely is also an area that can lead to potential information security incidents. Breaches are easily avoidable by employing the following ‘safe’ ways of working;

  • do not email personal data to your personal email address;
  • do not upload personal data on to your personal laptop/mobile device/memory stick unless you have followed IT Services guidance e.g. on encryption, and;
  • always remotely access University files via Citrix or another recognised safe method of accessing files. IT Services can advise further.

As promised, here is a reminder -

1. ‘Toolkits’

‘Data Protection Toolkit’ - with a Higher Education-centric focus, this is aimed at anyone whose routine work involves handling personal information and so is generalist in content. It covers the basics of data protection - collecting and handling personal data, records management, storing and transferring personal data – in addition to Freedom of Information and Subject Access requests:

https://intranet.birmingham.ac.uk/legal-services/documents/staff/Data-Protection-Toolkit-V1-0.pdf

‘Human Research and Data Protection Toolkit’ - provides tailored advice for those dealing with research data:

https://intranet.birmingham.ac.uk/legal-services/documents/staff/Research-Toolkit-V1-1.pdf

2. Data Protection principles -

Personal data must be:

  1. Processed fairly and lawfully
  2. Processed for limited purposes
  3. Adequate, relevant and not excessive
  4. Accurate and up to date
  5. Not kept for longer than is necessary
  6. Processed in accordance with the data subject’s rights
  7. Kept secure
  8. Not transferred to other countries without adequate protection

3. BBS ‘Information Champions’

  • Ian Hamley, Operations Manager – Room 122A, University House, I.Hamley@bham.ac.uk
  • Louise Rudge, Deputy Operations Manager – Room 122, University House, L.Rudge@bham.ac.uk

Colleges

Professional Services