Frequently Asked Questions
How should I store sensitive data?
Sensitive information, particularly information containing personal data, should be stored securely at all times. If you have physical documents, keep them in a locked cabinet, desk, or store room. Electronic documents should be kept on a drive or in a folder with access restrictions. Access to both sensitive physical and electronic documents should be limited to staff who need the information to carry out their work.
For more information on storing records appropriately, please see our Good Practice Guide on Filing and Storage Solutions.
I’m starting a research project. What should I do with my research records when the project is finished?
Get in touch with RIMS as soon as possible, ideally before the project is complete, and we will work with you to create a bespoke records retention schedule for your project records.
You must ensure that the Research Data Management team is aware of your project, as it is their job to add your data to the University's data registry. The Research Data Management team will also provide advice/options on storing your electronic data records. If you have paper records to store, contact the University Records Centre.
I am moving office, but I do not have space for all of my records and paperwork. What do I do with this information?
Establish if your office has a records retention schedule. A retention schedule lists all the records you create, and how long they should be retained. If you do have a schedule please contact the Records and Information Management Service to discuss updating the schedule. We will work with you to determine if records should be kept, or sent to the University Records Centre.
If you do not have a retention schedule, please contact the RIMS as soon as possible ahead of your move. We will work with you to create a usable schedule.
More information on retention schedules can be found under our Guidance on Records Retention.
Do not leave your documents or records behind in the old office or in a bin bag/box outside your office. If your records contain personal data on staff, students, or stakeholders, you will be in danger of breaching the GDPR without adequate security and disposal processes in place.
The University has procedures in place for the proper disposal of confidential waste in all formats. For further information on using these various services, please see our A to Z topic on Paper Waste Disposal and Confidential Information Destruction.
Is there anything that I need to consider when working from home?
You are responsible for the safe-keeping and security of any personal data that you process while working at home.
If you are using mobile devices to transfer data from the office to your home, e.g. on a CD, memory stick, tablet, or laptop, these devices should be securely encrypted. IT Security has a confidential data policy, which includes information and guidance on encrypting various devices. Do not leave devices containing personal data unattended in cars, briefcases, restaurants, pubs, etc.
When logging in to the University network from your home computer/tablet/laptop, please use the VPN; this ensures secure, encrypted access to University systems and personal data. IT Services provides guidance on using the VPN client off-campus.
If you are backing up personal data, or destroying it, ensure that this data is handled securely and confidentially.
For further guidance on security policies please visit IT Services Information Security. For practical advice on device encryption and security, please contact Information Security Coordinator Chris Edwards, at Chris.Edwards@glasgow.ac.uk.
How does the University manage electronic records?
At this time, the University does not have an organisation-wide approach to electronic records management.
IT Services maintains an electronic document and records management system (EDRMS) called Documentum for the storage and use of some electronic records. The EDRMS does not manage all e-records at the University, but more information on the system and on using it for your records, can be found via the IT Services website.
If your department is interested in using the EDRMS, please get in touch with RIMS. We will help you create an appropriate retention schedule, and ensure that good records management practices are carried over to your electronic records.
How can I learn more about records management?
The DP & FOI Office, in conjunction with Employee and Organisational Development, provides twice annual trainings in records management, data protection and FOI. Information on dates and sign-up is found via the EOD website.
We also offer bespoke training sessions on records management for staff and students. We can provide full 2 hour sessions, or brief overviews for presentation at staff meetings or lunchtime drop-ins. Presentations can be tailored to managing records in an administrative and/or research context.
If you would like to arrange a training session, please contact firstname.lastname@example.org or call 330 6494.