You may have read news reports last week of a data security breach at the University of Greenwich, highlighting again the risk to universities of handling sensitive personal data about students, staff and other individuals.
Staff are reminded to take great care when uploading information to websites, intranet sites, shuspace, social media or JISCMail lists and when disclosing information about individuals to external organisations:
- If you need to share data with external partners, choose the right method so that personal data is not put into the public domain.
- The majority of security incidents here are due to human error; take the time to check before you press “send”. Don’t rush; check yourself or ask a colleague to. Don’t be afraid to challenge colleagues if you think something is wrong.
- We have a number of incidents each year relating to email and post, such as reaching the wrong recipients, too many recipients, or including information about other individuals. In an organisation of this size, there are likely to be staff and students with similar, or even identical, names.
Our data security breach management procedure deals with security incidents involving personal data. The procedure is all about managing the incident, containing the breach, recovering the data and helping those affected. Please ensure that you report any incidents to the Information Governance Officer (x3361) immediately, whether you have made an error, you have found a problem, or a student has reported a concern to you.
There’s a wealth of resources available to staff relating to data protection at Sheffield Hallam, including policies and guidance.
If you need any further information, please contact Helen Williamson, Information Governance Officer (x3361) or Andy Fearnley, IT Security Officer (x2071).