Security of personal data when working out of the office

When personal data, and particularly sensitive personal data, is retained in University offices, the location allows for the use of numerous security measures to prevent unauthorised access. For instance, cabinets, drawers and doors can be locked, computers password-protected and data held on remote secure servers.

When circumstances dictate that you work away from the office it is less likely that you will be able to rely on all of these safeguards. Therefore, you should bear in mind the following points:

  1. Never needlessly transport personal data off-site or from one site to another within the University.

  2. If you need to work with personal data away from the office, it is highly likely that you could access this data via a VPN connection and need not actually remove any data to take off-site.
    http://www.aber.ac.uk/en/is/computers/vpn/

    You should still be mindful of the importance of password protection and other security measures such as screen locking when away from your PC or laptop.

  3. If, for some reason, the use of VPN is not possible and data does need to be taken off-site, then any files or documents which contain sensitive personal data or large amounts of personal data (e.g. relating to more than 20 people) MUST be encrypted. Details of how to encrypt files can be found here:
    http://www.inf.aber.ac.uk/advisory/faq/796/

    Alternatively, if using a USB pen drive, then this could also be of a type that is encrypted.

  4. Do not e-mail personal data to any account in order to work with it off-site.

  5. Do not move personal data off-site unless it is relevant material which needs to be processed by you in the short term and don’t copy data in bulk when you only need a portion of it.

  6. You should not normally process AU personal data on a non-AU computer.

  7. Do not use a non-AU e-mail account for work purposes.

  8. If you can avoid taking personal data off-site, please do so!