Information Security Common Mistakes #2

illustration

In order to raise awareness about Information Security and how it affects you at Lancaster, ISS are publishing a series of common mistakes and how to avoid them. This week, Common Mistake #2 - Inappropriate Data Handling



Did you know that here at Lancaster we have 4 classifications of data?


  • Ordinary - Information that has no constraints on its publication.
  • Confidential - Information of internal interest or being prepared for publication. Recipients may forward to others within the control of the University.
  • Restricted - Information which is for circulation to named recipients only.
  • Personal data - Protected by the Data Protection Act. Access should be by relevant staff only and the information can be circulated to named recipients only.

Do you know what processes you should follow before you share some types of information with others outside the University?


Guidance on sharing data with external bodies is given in the University Guide to Data Sharing with External Bodies.


Would you know what sort of data should be:

  • kept in locked storage?
  • shredded/put in confidential waste?
  • encrypted if stored on a mobile storage device e.g. USB stick?

Further guidance on how to share and store information securely is available in Classifying and Using Data at Lancaster University - the ISS Guide to Data Sharing.


See the ISS Common Mistakes webpage for the list of mistakes.