Do you have any advice on GDPR?
Data Protection – Best practice while working remotely
Worcester’s commitment to the protection of data is a vital component of how we all work. This applies onsite and equally when offsite in remote locations. It’s very important to remember that when we are not in the office, and where we might be working in different ways that we still adhere to the same stringent processes that protect people and data.
- You can access personal data while working at home, as you would do in the office, if you need this to do your job.
- You should not share this data with any unauthorised third parties, including the people you share your home with.
- You may print documents with personal data or confidential information to enable you to do your job, but you MUST ensure that you do not mislay it. When you have finished using it ensure safe and secure disposal by shredding or careful cross cutting by hand.
- Where possible ensure that you lock personal data away when not in use, or when you are absent from your home workspace.
- Apply password protection to computers, screensavers and documents and remember to log out/close any applications when you finish working.
- You can share data securely by:
- Via voice calls, either phone, Skype for Business or Teams – this also allows you to stay in touch
- Using Onedrive to share information securely
- Using a shared folder on the O drive
- You can use email but be mindful that anything sent by email is more vulnerable to cyber-attacks. In addition, anything you put in writing is subject to disclosure under data protection law. We therefore recommend that you keep personal data sharing by email to a minimum and use one of the other methods listed above.
If you are using your personal device to work remotely please ensure that when accessing any University files stored in OneDrive, SharePoint or those located on the O: drive, you must not download said files to your device. Work on these from within the Microsoft Office 365 applications or your web browser and save them back to the location they are stored in.
Further advice on remote working including instructions to add the O: drive to your personal device are located on the IT Service webpages found here or you can contact the IT helpdesk on 01905 85750 for further information.
If you are working on a personal device that is used by other members of your family or household you should endeavour to have a different account on that device for your work that they do not share. Where this is not possible - such as on single account devices - be very mindful to close any browser sessions you have open that connect to Worcester before handing the device to someone else. You should also be mindful that any cached credentials would give that person access to your accounts (email etc.) and that these should be cleared before the other users access the device.
Suspected Data Breaches
Any suspected data breaches MUST be reported as soon as you become aware of them, the sooner we are made aware the better chance we have to rectify the position.
You should report any suspected data breach, as usual, to email@example.com and for this period we also request these are also sent to firstname.lastname@example.org and email@example.com.
We have 72 hours to investigate incidents and report them to the ICO so your urgent action is required.
You can find more information about Data Breaches via this weblink
Please also ensure that you pass on any requests for data made by individuals or organisations (Subject Access Requests or Freedom of Information requests) urgently as we are obligated to respond to these within strictly prescribed deadlines.
Please send requests to firstname.lastname@example.org
Further guidance can be found at: //www2.worc.ac.uk/informationassurance/information-security.html and //www2.worc.ac.uk/it/remote-working.html
For any other queries in relation to personal data and working remotely that aren’t addressed here or via the above weblinks please contact the Information Governance Officer, Gemma Harris by email to: email@example.com