Protecting information in your role

The key points you need to know about following Information Policy in your role at the University.

Everyone

Everyone is responsible for handling University information correctly.

Always ask yourself:

  • Do you know how best to protect yourself, your information and the University?
  • What type of information are you handling - is it confidential?
  • Do you know what security measures you should be taking with confidential University information?
  • Are you laying yourself open to identity theft?
  • Could you become responsible for a "reckless disclosure" of confidential information?

What do I need to do?

Heads of Department

You are responsible for ensuring University information is properly managed within your department.

What do I need to do?

  • Understand University information policies and procedures and how University information is managed in your department
  • Be familiar with your specific responsibility for requesting an IT investigation or data access:
  • Be alert to anything that exposes your department to risks of inappropriate use of information and devices
  • Ensure your staff participate in training
  • Ensure your staff handle University information and manage their devices appropriately

Managers

You are responsible for ensuring that you and those you manage are working appropriately with the University's information.

What do I need to do?

  • Understand University information policies and procedures that apply to your activities and how University information is managed in your team
  • Be alert to anything that exposes your team to risk of inappropriate use of information, including how devices are used by your staff
  • Ensure your staff participate in training and handle University information and manage their devices appropriately

Academic staff and researchers

You have access to confidential and research information and are responsible for ensuring strict safeguards are in place to protect yourself and others, such as students and research subjects, from loss, accidental exposure or theft of research information.

What do I need to do?

  • Understand which University information is confidential and how to protect it from inappropriate disclosure
  • Ensure you manage your devices so that University information is not exposed inappropriately, including when travelling in the UK and abroad
  • Ensure members of your team adhere to policies and guidelines, including students working with you
  • Understand the particular responsibilities associated with managing research data and complying with funder requirements; more guidance is available at Information policy for researchers (link to follow)

Support staff

You are likely to work with confidential University information (for example financial records, exam information, student lists, staff records).

What do I need to do?

  • Understand which University information is confidential and how to protect it from inappropriate disclosure
  • Double check who you are sending emails to before you click Send. Common risks are using Cc instead of Bcc in the address or circulating email threads with confidential information in them

IT system administrators

You are responsible for ensuring that all the systems you manage are operated correctly and securely in accordance with University and departmental policies, including the information stored on or handled by them.

What do I need to do?

  • A method statement for System Administrators is under development. This will provide detailed guidance on your responsibilities. In the meantime, if in doubt ask the IT Support Office for help
  • Understand University information policies and procedures and how University information is managed in your department so that you can manage your systems appropriately
  • Be alert to anything that exposes your systems to risks of inappropriate use of information and devices
  • Manage your systems and information securely and in accordance with the Information Security Policy and other information policies
  • Report any security incidents promptly to York CERT (Computer Emergency Response Team)

Students

You need to know what acceptable use of University IT systems means and how to protect yourself from potential harm when using social networks.

What do I need to do?

Understand the following documents:

Learn how to use social media effectively: the Student guide to social media (developed by Leeds, York and Manchester University libraries) provides useful advice and a list of dos and don'ts:

Understand how to use social media safely:

Ensure you manage your devices so that University information is not exposed inappropriately, including when travelling in the UK and abroad:

If you are undertaking original research, you will need to understand the particular responsibilities associated with managing research data. More guidance is available from your supervisor and at Research data management.