What's the background?
We need to work together to ensure our University staff, students and confidential information all remain secure. We need to do this for ourselves; to understand how to work securely and to support one another, but also to be legally compliant.
The greatest number of data breaches happen because of what’s described as ‘human error’.
We know there are many working situations that make it difficult for us to behave securely – including heavy workloads, complex systems and poor awareness or training. This guide is part of a growing range of measures that will help make it easier for us all to work more securely by improving our information and records management.
Here are our top tips to help you protect the information that matters. This is the first in a series of articles on information management good practice to be published during November to coincide with the publication of our new Records Retention Schedule.
What are the key points?
There are three easy stages to remember:
- Think about why you are creating a record and what information it contains
- All information should be managed in line with IG05 Information Classification Policy
- Name records in a recognisable and consistent way: see more information on file naming conventions here
- Include the review or disposal date in a record folder name or mark it on the physical copy
- Records that need to be seen by others for business reasons should be moved to a shared University Information system, such as department shared drives (M: Drive), H: Drive, OneDrive, SharePoint.
- Please be aware of the University's IG03 Information and Records Management Policy
- Ensure only those who are allowed to see the record have access to it.
- Ensure records are protected from unauthorised change and stored in the right format, system or physical environment.
- Check the University Records Retention Schedule to see how long you need to keep the record
- Contact the University Archives (Modern Records Centre) if you think the record has historical value
- Review records regularly and dispose of any that are no longer required – annual reviews are recommended
- Check the University’s IG03 Information and Records Management Policy if you need to dispose of confidential or sensitive records
Help and support
If you think you detect any unusual online activity, please report it immediately.
Who needs to know this?
This information concerns us all. If you use a Warwick staff card, a Warwick email address, access one of our staff or student record systems or share your Warwick work with colleagues within or beyond the University, you are involved in activities that must be kept secure.
Data Protection Officerdpo@warwick.ac.uk
The University of Warwick
Coventry CV4 8UW