School of GeoSciences

School of GeoSciences

Data security and Encryption Requirements and Guidelines

Please ensure that you are aware of your responsibilities to comply with the 8 principles of the Data Protection Act

Requirements and Guidelines on Data Security

These are now collated at College level and can be found at CSE Computing Guidance on Data Security
These include guidelines on Encryption

University wide general advice

University wide Guidelines and Policies

These can be found at

Providing restricted access to sensitive information and personal data

  • All personal data or sensitive business information, if taken offsite, sent offsite, sent via email or via the web must be encrypted or password protected before it leaves the University computing environment. Passwords should NOT be transmitted via email, and should be transmitted separately, eg by phone.
  • Consider whether some personal data ( eg names and addresses of candidates) need to be sent at all. Any personal data that you send can also be anonymised. 
  • As well as the two points above, providing web access to sensitive information and personal data requires appropriate measures to be taken to restrict access to identified, relevant individuals.  Methods for restricting web access on our School file space to such information must be used in order that the School and University does not compromise its obligations in upholding the Data Protection Act 1998.
If you are unsure as to how to go about any of this, speak with the School IT Team before making any such information available, in order that you can ensure that you comply with the University's Policy on Taking sensitive information and personal data outside the University's secure computing environment

Data protection for student research projects

This brief guidance document sets out ten steps to responsible data use. Its purpose is to introduce students to how data protection affects their research projects.