Confidential data policy

• Policy on Confidential Data in the University
• Authorisation of Confidential Data Use and Storage

Confidential data guidelines

An overview of best practice guidelines for handling information particularly when it is of a confidential nature.

Confidential data:

• when stored on central filestore is on secure machines maintained in secure physical environments.
• should not be held on local disk storage (e.g. C: drive) of a desktop machine.
• should not be held on a laptop unless this is absolutely unavoidable and encryption used to protect the data.
• should not be stored on mobile phones or PDAs.
• when stored on a memory stick must be encrypted.
• should not be stored or exchanged on portable media such as: floppy disks, CDs, DVDs, unless individual files are appropriately encrypted.
• when exchanged with external Organisations (or individuals) must be encrypted.
• when sent via email should be encrypted and sent through University managed e-mail services.

Detailed guidelines

• Central systems 
• Desktop computers
• Laptop computers
• Other mobile devices
• Memory sticks
• Other mobile storage media
• Data exchange with external organisations
• Email