Skip to content


Durham University made to sign a DPA Undertaking

News release: 1 March 2012

Durham University breached the Data Protection Act after disclosing personal information in training materials published on its website, the Information Commissioner’s Office (ICO) said today.

The personal data was contained in screenshots used to demonstrate the use of particular University systems and included details such as names, addresses and dates of birth of up to 177 former students and staff. The information – which had not been anonymised – was made available on the University’s website in February 2011. The University discovered the error in July 2011 and removed the material before reporting the matter to the ICO.

The University has now committed to ensuring that all staff receive appropriate training on how to follow the organisation’s data protection guidance. It will also make sure that documents containing personal data will not be published on the University’s website.

Steve Eckersley, Head of Enforcement said:

“All documents should be checked for personal information before being made available on a website. This case also highlights the importance of organisations having comprehensive data protection training in place for all staff.”

Posted in Data Protection Act.

Tagged with .


Subscribing to this blog via RSS

Some people find that the problem with blogs is that they forget to visit them often enough. However, if you would like to automatically receive updates to this website into Outlook, ensuring you never miss a post, it can be very easily sorted.

In the top right hand corner of this blog, you will see this icon: RSS Feed Icon

Continued…

Posted in Admin.

Tagged with .


New Working from Home Guidance

The Governance Team has uploaded a new document containing up-to-date information on working from home to the ITMS intranet.

The information is aimed at all staff working from home or away from the University and contains Dos and Don’ts for protecting information and corporate assets.

Continued…

Posted in Information Security.

Tagged with .


New encryption software for files containing sensitive data

ITMS has reviewed and approved a new product for members of staff needing to send personal data or confidential information outside of the University. The software is available from the ITMS Service Desk for installation onto DMU computers.

AES Encrypt is simple and fast to use – simply right click on a file and add a password and the software will create a new file that cannot be opened without the password.

Continued…

Posted in Data Protection Act, Information Security.

Tagged with , , .


Announcing Zend – Secure Data Transfer

Back in November 2011, I wrote a post about needing to be careful when sending sensitive data outside of DMU. Since then, the Governance Team has been working hard to try and meet the needs of staff and one of the things we’ve come up with is Zend.


Zend Screenshot

Continued…

Posted in Data Protection Act, Information Security.


Careless Talk Costs Lives

I’ve just had a timely reminder from our Head of Security about the need to ensure the security of personal information from people that are not entitled to have it. A member of the public – from what I’m told a very friendly and well-mannered person – was enquiring at the University as to whether a particular student had a specific medical condition. Fortunately, staff were on the ball and didn’t pass on anything that they shouldn’t have.

The title of this post comes from the World War 2 propoganda campaign run by the British government. It was designed to shock people into realising the possible consequences of revealing information to people they didn’t know, in case they were spies. I would hope that nothing we hold in the University would be quite so risky to our students or staff that it would cost lives, but it is nevertheless true that there can real and serious implications if personal information gets in to the wrong hands.

With it being the start of 2012, it seems like a good time just to reinforce the message that we need to be very careful not to share personal information with third parties unless we are sure that it is appropriate to do so.

If you think you or your staff could benefit from some training about when it is permissible to pass on information to third parties, please ensure that you check the Staff Development Matters booklet for details of upcoming courses on the Data Protection Act, and if you’re not sure about anything Data Protection-y, please get in touch with the Information Governance Manager (dpa@dmu.ac.uk) and ask!

 

Posted in Data Protection Act.

Tagged with .


DPA FAQ’s and Do’s and Don’ts

There are now DPA FAQ’s and ‘Do’s and Don’ts’ available on the DMU Intranet.

See https://sites.google.com/a/myapps.dmu.ac.uk/isas/policies 

 

Posted in Data Protection Act.

Tagged with .


Bcc and Outlook

The Bcc (Blind Carbon Copy) function in Outlook allows users to email multiple recipients but recipients can only see their own email address.

When should Bcc be used?

Bcc should be used when you need to communicate information to multiple recipients where it would be inappropriate for them to know the identity of other recipients. Consider whether your email contains sensitive information, especially as defined in the Data Protection Act. For example, should you send an email that identified all the recipients as having a disability? What about one that identifies the recipient as members of a particular ethnic group? Or religious group?

Revealing this sort of information could cause a breach of the Data Protection Act that could lead to compensation claims and/or reputational damage to the University and possible disciplinary action for the staff concerned.
Continued…

Posted in Data Protection Act, Email.


Better EU Data Protection

European Commission has signalled its intention to reform the 1995 Data Protection Directive. All EU countries are obliged to comply with the directive – the Data Protection Act 1995 is the UK’s version – and thus any reform will have inevitable consequences for domestic data protection law.

The latest announcement, following a meeting between the EU Justice Commissioner and Germany’s Federal Minister for Consumer Protection, is available here:
http://europa.eu/rapid/pressReleasesAction.do?reference=MEMO/11/762&type=HTML

The key points are: Continued…

Posted in Data Protection Act.

Tagged with .


Sending Sensitive Info outside DMU?

One thing that often frustrates me is the perception that data protection is limited to an”I can’t give you that; Data Protection Act” mentality. It’s a perception that certain parts of the press like to make out is only rivalled by the twins spectres of political correctness and health and safety “gone mad”. Like many things that you supposedly couldn’t make up, this perception is substantially fictional.

Far from being this restrictive straitjacket, the Data Protection Act is the enabler that allows us to give out information, that allows us to send it to other organisations with whom we do business, that allows us to stick it in a database and churn out exciting statistics and KPIs. However, it does we have to make sure that when we do these things, we are able to justify them legally.

Continued…

Posted in Data Protection Act.

Tagged with .