Confidential data:

• when stored on central filestore is on secure machines maintained in secure physical environments.
• should not be held on local disk storage (e.g. C: drive) of a desktop machine.
• should not be held on a laptop unless this is absolutely unavoidable and encryption used to protect the data.
• should not be stored on mobile phones or PDAs.
• when stored on a memory stick must be encrypted.
• should not be stored or exchanged on portable media such as: floppy disks, CDs, DVDs, unless individual files are appropriately encrypted.
• when exchanged with external Organisations (or individuals) must be encrypted.
• when sent via email should be encrypted and sent through University managed e-mail services.