All reasonable steps should be taken to ensure that personal data is secure. The following steps are suggested: –
- Access to computer files should be restricted using privilege levels and passwords.
- Regular password changes should be enforced and the number of attempted logins limited.
- Equipment should be sited in a secure location where access can be restricted to authorised personnel. Members of the public should not be able to view terminal screens.
- Terminals should not be left unattended and should be logged off at the end of the session.
- Redundant data should be wiped or overwritten.
- Appropriate back up and storage should be observed.
- Memory sticks and external hard drives should be locked up after use.
- For large amounts of sensitive data, it might be necessary to keep a copy in a fireproof safe at a separate location.
- Network systems can be accessed by experienced persons. Whenever possible, personal data should be encrypted to prevent unauthorised access.
- Computer printout containing personal information should be shredded before disposal; it should not be used as scrap paper.
If you want to learn more UIS have developed online cyber security training. You will also find guidance on the handling of various kinds of data on the University Information Compliance Office’s web site
