Data protection for remote working
Updated on 18 January 2021
With remote / home working it is important to remember to keep your, and others’, data secure and to make sure personal data is stored, shared, and used lawfully and appropriately
Using corporate systems
The University has made a substantial investment in secure and licenced online systems, and we have data-sharing agreements with these platforms.
Other platforms that are nominally free may not be as secure and may use or share your personal data - and that of your students/partners - to other companies, as a cost of using these tools.
If using plug-ins, apps or other software always read the terms and conditions of any tools you use and be aware of the potential risks to your and others’ personal data.
Our approved systems include, but are not limited to:
- H: and S: shared drives
- Microsoft 365 Outlook and Teams
- University website and communication tools
- Learning Spaces blog (WordPress)
- Help4U, Library Chat
- Company portal (mobile devices)
Learning, teaching, and research
- My Dundee – Blackboard
- Blackboard Collaborate
- Yuja (video stream)
- Questionmark, Turnitin
- JISC Online Surveys
- Microsoft 365 tools – Word, Excel, Analytics
- Discovery (Pure)
Video conferencing / communication tools
The University supports the use of tools in Blackboard and Microsoft 365. We recommend using Blackboard Collaborate for teaching and Microsoft Teams for video or other meetings.
Hardware and devices
Desktops and laptops
Staff should be using University managed devices to conduct University business, and this is essential when processing, storing or communicating personal data. If you are transferring personal data, particularly special category (sensitive) data, you should do so via encryption. Sending links to files in Teams or OneDrive is much more secure than transferring the file over email.
We recognise that most students will not be using managed devices provided by the University. Students should maintain their own devices to a very high level of security which includes downloading the latest software updates, installing anti-virus protection where required, and use a strong password. A strong password should be at least 14 characters long and can include a mix of letters and numbers. Length is regarded as the most important part of password strength.
Physical security of these devices is important and they should be kept securely at home, not left unattended, and locked when not in use.
Files and data should be stored on University systems preferably OneDrive, or H: or S: drives. Students should use our remote desktop connection service to access H: drives. Staff should use the VPN on their Managed laptop.
Students who are handling significant or high-risk data sets must have a managed device, contact firstname.lastname@example.org
All personal devices used for University business must be secured using a significant passcode and/or biometric access.
If you are a staff member using tablets or phones you should download and use Company Portal. You should use the apps in the Company Portal to access tools for University business and email.
Students who do not have access to the Company Portal who are working with higher risk data should contact the University IT through email@example.com and they will help arrange access.
Research data and ethics
The University has updated its ethics procedures to reflect changes made due to the coronavirus pandemic.
Research data should be stored on JISC Online Surveys, Microsoft Stream, or OneDrive. Devices should have an encrypted hard drive. Managed devices are encrypted by default, if you are using an unmanaged device please contact IT for advice on encryption.
File storage and retention
Files should be stored securely on University core systems, not on local drives, and only kept as long as needed. At the end of a project, the handing over or secure destruction of data is the responsibility of the owner or user.
For further guidance on retention contact Information Governance.
Take care to ensure that you choose the correct recipient of your email and that you are aware of who is in your Teams group or chat and whether your channel is private or not. Chats attached to video meetings can be seen by all members of the channel.
We have recently minimised data incidents due to incorrect email recipients, and particular care will be required in new online environments that the correct individuals are enrolled and shared files are limited to the correct group and not open to all.
You may be at home with family members who do not work for or work elsewhere at the University. Take into consideration whether they can hear discussions you may not feel it is appropriate for them to hear.
If you suspect a data incident or breach please contact information governance immediately firstname.lastname@example.org