Guidance for Students

Records and Information Management

The University is responsible for the good management of your records and information from registration through to graduation and beyond as an alumnus of the University.

• Records and Information Management is the process by which an organisation manages all the elements of records and information whether externally or internally generated and in any format or media type, from their inception/receipt, all the way through to their disposal.
• Implementing good records and information management practices:
  • will ensure that the University produces and manages information that is authentic, accurate, credible and reliable
  • will assist the University in complying with the Freedom of Information (Scotland) Act 2002, the Data Protection Act 1998 and the Environmental Information (Scotland) Regulations 2004
  • provides evidence of people’s rights and entitlements,
  • providing evidence of decisions made and the reasons why.
    

Data Protection Act

• The Data Protection Act 1998 [DPA] gives rights to all individuals about whom the University holds personal information, called personal data in DPA terms, and gives responsibilities to the University regarding that information.
• The University is committed to a policy of adhering to the eight basic Principles of the DPA snd protecting the rights and freedoms of individuals with respoect to the handling of that personal information.
• The University sets out the purposes for which it holds and processes personal data in its Notification to the Information Commissioner. 

Personal Data

• Personal data can be an image/picture, document, or statement, or record in a filing system, from which you as an individual person can be identified from that information where;
  • you are the focus of the document or record,
  • the information is particularly relevant to you,
  • the information includes significant biographical facts and opinions about  you,
  • the information affects your privacy in your personal, family, educational or professional life.
• Examples of personal data include the contents of an individual student file, or appraisal assessment, or home phone number.
• The mere mention of your name in a document, for example as a record of attendence at an open meeting, is not enough to make the information in that document personal data about you. 
  

Processing Personal Data

• In brief, the University will process or use personal data about you for academic, administrative, management, pastoral, and health and safety reasons. 
• The personal data section of the University Calendar describes in some detail the reasons why and how the data about you, as a student, has to be collected and processed and secured by the University.

Access to your Personal Data

• Academic departments are responsible for providing assessment information to students.
• The University's Senate Office  provide detailed guidance to academic departments on the management and retention of information and records relating to teaching material and assessment performance. 
• The DPA provides a formal procedure, called the Subject Access Request, for an individual to request details of information about themselves that is held by the University. 
• It is University policy that academic departments are responsible for releasing information on assessment (including examination marks) to students.  Students should only need to submit a Subject Access Request to the Data Protection Office for assessment information if they require their personal file, minutes of examiners' meetings, or advice on data protection issues; or where more complex DPA issues are evident.

External agencies

• Schedule III(3) of the DPA allows authorised agencies, such as the Police & Hospitals and other emergency services, to request information from the University about a specific student in emergency situations in order to protect the vital interests of that student or another individual - such as medical emergencies, accidents, and next-of-kin requirements.
• Section 29(3) of the DPA provides authorised agencies, such as the Police, with the mechanism to request, and the University the authority to either release or decline to release, information about a student without the explicit consent for the purposes of the prevention or detection of crime and the apprehension or prosecution of offenders.

Monitoring

• The University operates CCTV and similar equipment to monitor safety and security, and may monitor telecommunications, data communications, and other communications as permitted by the relevant legislation and University regulations. 
• The University's IT Services undertake monitoring of IT systems and services according to its regulations and policies.
• A brief summary of the legislative framework for monitoring and interception of communications is available.

Freedom of Information

• The Freedom of Information [Scotland] Act 2002 [FOISA] and the Environmental Information [Scotland] Regulations [EIRs] provide a general right of access to most of the recorded information that is held by the University. The information may be about its activities, decisions, priorities, and plans. The Acts set out a number of exemptions/exceptions to this right of access.
• The University's Publication Scheme lists the main categories of information published therefore, if you are seeking access to information, you may initially wish to search the Scheme.
• There are seperate, but broadly similar, legislation that covers England, Wales and Northern Ireland.