Skip to content

Sending Sensitive Info outside DMU?

One thing that often frustrates me is the perception that data protection is limited to an”I can’t give you that; Data Protection Act” mentality. It’s a perception that certain parts of the press like to make out is only rivalled by the twins spectres of political correctness and health and safety “gone mad”. Like many things that you supposedly couldn’t make up, this perception is substantially fictional.

Far from being this restrictive straitjacket, the Data Protection Act is the enabler that allows us to give out information, that allows us to send it to other organisations with whom we do business, that allows us to stick it in a database and churn out exciting statistics and KPIs. However, it does we have to make sure that when we do these things, we are able to justify them legally.

In a University, we process personal data for all sorts of legitimate purposes and sometimes we have to send it or access it from outside of our hallowed walls. When we do so, we need to be sure that we’ve ensured an appropriate level of security for our information to mitigate against the risks of anything happening to our data.

The ITMS Service Desk can set up secure FTP space (FTP just means an Internet-accessible folder) into which you can put your information. Only those with appropriate levels of authentication can access it. This means that if you need to send sensitive information to a partner organisation, rather than sending it by email, which could theoretically be intercepted, you just need to supply a user name and password to the partner organisation and know that you’ve provided a much better level of protection to your data.

We know that a few members of staff would like to use the technology Dropbox to enable them to access the information online. We don’t allow the use of Dropbox because there are concerns about the levels of encryption provided and the fact that the US Government could potentially access it without asking because of the Patriot Act – not ideal if you’re storing sensitive research data about people whom you’ve promised confidentially. Again, secure FTP could be the answer. We’re always looking to improve these sorts of services, but if this sounds like something you might be interested in, give the Governance Team a buzz to discuss it.

Posted in Data Protection Act.

Tagged with .