Data encryption

Storage and handling of Sensitive and Highly Sensitive Electronic Data

  • All users must manage the storage and transmission of data files in a manner which safeguards and protects the confidentiality, integrity, and availability of such files.
  • Sensitive and highly-sensitive data should only be stored on University PCs, laptop computers, servers.
  • Sensitive or highly-sensitive data should not be stored on any other device - whether owned by the University or not. In particular sensitive or highly-sensitive data should not be stored on home computers, family computers, memory sticks, mobile phones, PDAs, CDs/DVDs, iPods, MP3 players or cameras.
  • University laptop computers should be kept securely and out of public sight or access.   Laptops should not be left in motor-vehicles overnight.
  • We strongly recommend that sensitive and highly-sensitive data is only stored on University file-servers. The University provides a share (M: Drive) that allows data to be securely stored on a departmental or group basis.

Best Practice for Users:


  • Users should use “strong” passwords – Tips for creating a Strong Password
  • Usernames and passwords should only be entered on a trusted computer which has been patched up-to-date and which has appropriate anti-virus software installed. This is particularly relevant when accessing data and services remotely
  • Users should take great care to ensure their passwords are not compromised. They should also be aware of widespread fraudulent activities occurring on the internet which are designed to dupe people into disclosing their usernames and passwords to third parties. The most common of these is called ’Phishing’.  Please note that ISS will never ask you to provide password details by email.

Backing-up Sensitive Data:

  • All University staff have a responsibility to ensure that sensitive and highly sensitive data created or stored by them is backed-up.
  • Staff must ensure that back-up copies of data are kept securely on a University server - Please refer to our Backup webpage


Sensitive and highly sensitive data stored on laptops should be encrypted to prevent unauthorised access and to minimise risk in the event of laptop loss or theft.  Please refer to our Encryption web page for further information on encryption methods