Did you know that the Information Commissioner's Office can fine organisations up to £500,000 for serious breaches of the Data Protection Act?

When handling someone else’s personal information, consider: if this was your personal data, would you be happy for everyone else to see it?

Keep personal data and other confidential information securely

  • In locked cabinets or drawers: remove the keys and keep them securely.
  • Protect electronic documents with strong passwords combining upper and lower case letters and numbers or symbols.
  • Lock your computer screen [press Windows key and L] or log out when you are leaving your desk.
  • Don’t leave paper records containing confidential information where others can see them when they come into your office.
  • Never take personal or confidential data off campus e.g. on smartphones, tablets, laptops or memory sticks unless it is securely protected e.g. in encrypted format.
  • Don’t keep data on your computer hard drive. Use your “home” drive or a restricted access folder in your shared drive as these are backed up.
  • Protect your Heriot-Watt University passwords and don’t share with others.

Take control of your communications

  • Use only your University email account for work emails.
  • If you have to send confidential information by email, encrypt or password protect the email and attachments.
  • Double check your recipient’s email address before you press the Send button to ensure the message gets to the right person and not their namesake!
  • Don’t respond to email requests for your password or bank details.
  • Be cautious about opening email attachments even from colleagues– if in doubt scan for viruses.
  • If you use social media for work, use the privacy settings to protect personal and confidential data.
  • Check that you don’t surrender IPR to the service provider.
  • Keep back up copies of important records on University systems as external services can and do disappear!

Destroy information confidentially when no longer needed

  • Use the University’s records retention schedules which set out what information needs to be kept for how long. Ask us for advice and help.
  • Never dispose of information which is not intended for publication in the waste or recycling bin. Use your School/Section shredder or confidential records destruction service instead.
  • Ensure that information is completely erased from obsolete computer hardware and portable storage devices. Deleting the data is not sufficient. Ask your local IT team for the best method of removing data permanently.

Find more information about our policies, procedures and guidance on information security.