Handling data securely

The University of Oxford uses a large volume and diversity of information to support its activities and to achieve its teaching and research objectives. All University Members have a personal and professional responsibility to safeguard any work related information that they create, or is shared with, or entrusted to them, whether intentionally or otherwise.

The information classification scheme and handling rules apply to all University of Oxford information and help to differentiate various levels of risk associated with data. There are three classification levels: PUBLIC, INTERNAL, CONFIDENTIAL that are used to categorize information at workplace. Different classification levels require application of different handling rules, and it is important that we are able to identify various data types quickly and easily so that it can be protected appropriately. It is also strongly advised to mark information, so that individuals you are sharing the data with will know how to protect it.

Here are some  GOLDEN RULES that can help you to keep data safe:

  • Share information with those who have a legitimate need to see it.
  • Respect all third-party rules relating to data that has been shared with the University.
  • Maintain a clear desk and always lock sensitive information away.
  • Only use authorized IT systems to work with or store information.
  • Only carry the information that you need when working off site.
  • Do not discuss sensitive aspects in public places.
  • Report lost or stolen information immediately. 
  • Delete information from portable devices as soon as it is no longer required.
  • Dispose of information appropriately.

All information you work with has value.  Protect your department’s data the same way as you would look after your own passport. You value your passport and look after it carefully. You would not leave it lying around for just anyone to take a look at (not with that photo anyway). The same goes for information and documents we deal with at work.

From a wider perspective, if you are interested in the EU approach for protecting information, please check the Council Decision of 23 September 2013  laying down requirements for safeguarding information.