Top tips for getting data protection right


May 10th, 2024

In our hybrid work environment, keeping staff and student personal data secure is crucial.

Safely sharing and storing information helps to prevent data breaches which could lead to harm and reputational damage or may result in other consequences.

Follow these six key tips when handling personal information:

  1. Take care with emailscheck twice, send once!
    • Once you press send, your control of the email is lost
    • Think about what you need to put in an email (body and title) and avoid putting personal data in the title of your email
    • Avoid copying to multiple people
    • Think carefully before adding new people to an email chain – consider what information is already in that email chain
    • Remember to use BCC rather than CC when emailing large groups and especially when emailing personal email addresses, to protect privacy
    • Are you using auto complete? Consider turning this off to avoid picking the wrong recipient
    • Be wary when considering whether to attach a document to an email. Remember, once attached and sent, the document is out of your control! Consider using a sharing link (see Section 3 below) and if you must attach, check that you have attached the right document and it is being shared with the right audience
    • Clear your sent items (and deleted items) on a regular basis
  1. How well do you manage your spreadsheets?
    • Remember – what is hidden can be unhidden. Sending a spreadsheet with hidden rows/columns can be unhidden
    • Are you sharing a spreadsheet with colleagues? Consider sharing via Office 365 rather than attaching to an email. This means there is one central copy and you can decide if people can view or edit the document
    • Only include personal data that is truly necessary in spreadsheets to minimise risk
    • Read more tips – Data Protection: how secure are your spreadsheets?
  1. Sharing information
    • Consider how you are sharing information with colleagues or externally
    • If you need to share documents containing personal data, give access rather than attach to an email. You can share from Office 365 which means the document remains in your control and, most importantly, you can update or revoke access at any time
    • Consider where you share from, your OneDrive is useful for short-term sharing but is linked to you and if you would like or need colleagues to help manage they are not able to do so from your OneDrive. Consider a secure Teams site
    • Password protect documents if you really need to send them via an email
    • Only share personal data internally on a need-to-know basis
  1. Physical security matters too!
    • Do not leave printouts or devices containing personal data unattended
    • Lock filing cabinets and offices containing personal information
    • Securely destroy (shred) papers with personal data when no longer needed
  1. Report Incidents

If something goes wrong, do not be afraid to report it to the Information Compliance Team so we can help mitigate the error. We are here to help and support.

  1. Remember there are guidance and resources to assist you in our SharePoint Site.

Here you will find policies and guidance to support you when considering data protection in your day to day role. Some key resources:

If you need some help on how to share files in Office 365, our DTS colleagues can provide advice and guidance, or check out the Office 365 SharePoint site for further information.

Properly protecting personal data is everyone’s responsibility and integral to our roles at the university. By following these tips we can work together to uphold data protection.

As always, reach out to the Information Compliance Team with any questions or concerns.

Need to talk to us?

Email DPO@nottingham.ac.uk and a member of the team will get in touch.

Tracy Landon, Data Protection Officer

Leave a Reply

Other

University a key partner in British Academy Early Career Research Network

Nottingham is now a key partner in the British Academy’s Early Career Researcher Network (BA ECRN).  […]

Changes to Medilink from Tuesday 28 May 2024

From Tuesday 28 May 2024, Medilink will operate as two separate services. Medilink 1: Operates between […]