7.1 Personal, sensitive and confidential information
During the course of their work or studies, staff and students (particularly research students) may handle information that comes under the Data Protection Act 1998, or is sensitive or confidential in some other way. For the rest of this section, these will be grouped together as protected information.
Safeguarding the security of protected information is a highly complex issue, with organisational, technical and human aspects. The institution has Data Protection guidance, and if your role is likely to involve handling protected information, you must make yourself familiar with and abide by these.
7.1.1 Transmission of protected information
When sending protected information electronically, you must use a method with appropriate security. Email is not inherently secure. Advice about how to send protected information electronically is available from Digital Services.
7.1.2 Removable media and mobile devices
Protected information must not be stored on removable media (such as USB storage devices, removable hard drives, CDs, DVDs) or mobile devices (laptops, tablet or smart phones) unless it is encrypted, and the key kept securely.
If protected information is sent using removable media, you must use a secure, tracked service so that you know it has arrived safely. Advice on the use of removable media and mobile devices for protected information is available from Digital Services.
7.1.3 Remote working
If you access protected information from off campus, you must make sure you are using an approved connection method that ensures that the information cannot be intercepted between the device you are using and the source of the secure service.
You must also be careful to avoid working in public locations where your screen can be seen.
7.1.4 Personal or public devices and cloud services
Even if you are using approved connection methods, devices that are not fully managed by Staffordshire University cannot be guaranteed to be free of malicious software that could, for example, gather keyboard input and screen displays.
Advice on the use of personal devices to access institutional services is available from Digital Services.
Do not store protected information in personal cloud services, such as Dropbox or Google Docs. Use of Staffordshire University’s OneDrive is permitted.
7.2 Copyright information
Almost all published works are protected by copyright. If you are going to use material (images, text, music, software), the onus is on you to ensure that you use it within copyright law. This is a complex area, and copyright guidance is available. The key point to remember is that the fact that you can see something on the web, download it or otherwise access it does not mean that you can do what you want with it.
7.3 Others’ information
You must not attempt to access, delete, modify or disclose restricted information belonging to other people without their permission, unless it is obvious that they intend others to do this, or you have approval. Where information has been produced in the course of employment by Staffordshire University, and the person who created or manages it is unavailable, the responsible line manager may give permission for it to be retrieved for work purposes.
7.4 Inappropriate material
You must not create, download, store, or transmit unlawful material, or material that is indecent, offensive, defamatory, threatening or discriminatory. Attempting to undertake these tasks is also considered a breach of University regulations.
Staffordshire University has procedures to approve and manage valid activities involving such material for valid research purposes where legal with the appropriate ethical approval. For more information, please refer to the Ethics committee.
There is also an exemption covering authorised IT staff involved in the preservation of evidence for the purposes of investigating breaches of the regulations or the law.