Every process in a university is dependent on the collection and management of information. It supports research and teaching, funding applications, administration and compliance with the requirements of bodies such as HESA, the funding councils and law enforcement and border agencies. The management of information is paramount to the successful and continued operation of the institution.

Information legislation provides key frameworks and boundaries for our actions in respect of the University’s information resources. Understanding what is required in the protection of information and the circumstances in which information may be requested, disclosed or withheld, informs processes and procedures and ensures that the University and its staff do not take actions which could attract significant institutional and personal penalties. Understanding the appropriate ways to mitigate problems should they arise helps to minimise the potential for harm to the University, its students, stakeholders and other partners. Such awareness is fundamental to the successful operation of a modern organisation.

This is resource is designed to help members of the University community understand the broad requirements of information legislation. It examines the main themes and requirements contained in the legislation and provides notes on thematic areas relevant to the University. There is also a summary of the main points provided at the end of each section. The appendices to the resource contain the main policies and procedures concerning the University’s compliance with information legislation.

There is no way to cover the intricacies and detail of the law in a short resource such as this. However, it should provide an awareness of the issues and highlight those circumstances in which it is prudent to seek extra guidance before proceeding. That guidance is available via the University’s Head of Information Governance and the Director of Legal in the first instance. Please remember that part of the role of Information Governance is to absorb as much of the burden of information compliance upon the University as possible and to help ensure consistency in the University’s approach to the requirements of the of the law. A section containing useful contacts is provided below.

Comments and requests for additions to this resource are welcome. Please contact



In the course of its activities the University of Dundee collects, processes and manages vast amounts of information, all of which has value. That value may be based on its importance to research, to teaching, to the management of the institution, to individuals or to society more broadly. It is incumbent upon every member of University staff to recognise information as a valuable institutional resource and to manage it appropriately.

The management of the University’s information does not take place in a vacuum. Many different obligations are imposed upon the University in respect of its collection and reporting. This resource deals with one aspect of the University’s obligations; those imposed by information legislation. Whist they are not the only consideration when working with information, they provide important frameworks and parameters for our activities and allow for significant penalties to be imposed upon the University and on individual members of staff should our actions contravene the rules they contain. To that end, I request that each member of staff familiarise themselves with the materials contained in this resource and that, should they ever have any doubts concerning the management of information or the requirements of information legislation, they seek guidance from the University’s Head of Information Governance.

Dr Jim McGeorge, Secretary of the University


(c) All rights reserved. Any request to use the University's Information Compliance FAQs may be sent in writing to the Head of Information Governance