Protect your sensitive data
The University produces, stores and transmits large quantities of data.
The data that many of us deal with at the University can be classified into two categories, 'public data' and 'sensitive or private data'. Data that is considered sensitive is vital to the University’s business operations and any handling of this data must be considered by all University staff and students.
What is considered public data
These are some examples of information that are considered public and not private or sensitive information:
- University policies
- Course and degree information
What is considered sensitive data
These are some examples of information that is considered sensitive and if disclosed to the public would cause damage to the University:
- Publically identifiable information
- Medical and health information
- Student records
- Financial information
- Intellectual property
- Research data
What should you do to protect sensitive data?
All University staff and students have an obligation to protect sensitive information from unauthorised access, possible corruption or accidental loss. If we do not adhere to this principle, the potential impacts as a result of sensitive data loss could result in reputational damage to the University and have an adverse effect on UWA's world-class research and teaching standards.
Here are some steps that we all need to consider and practice to safely manage our own and the University's sensitive data:
Sharing and transmitting sensitive data
On a daily basis we all need to share information to achieve our objective of delivering and supporting world-class research, teaching and learning. If you have a requirement to share data with anyone it is important that you stop and think before you share it.
Sensitive information can harm the University if it gets in the wrong hands, so it is important to always stop and think what information we are sharing and what means we use to share this information.
If you need to transmit sensitive data via removable media or email to external recipients the following simple steps should be followed:
- Ensure that the sensitive data is encrypted before transmitted via email or stored or removable media.
- Ensure that the encryption key for the sensitive data is not transmitted together with the sensitive data.
- The encryption key should be transmitted using a different medium from the authorised recipient, such as over the phone or in person where possible.
- Ensure that only the authorised recipient of the sensitive data has access to the encryption keys required to read the data.
Storage of sensitive data
It is important that we consider how and where we store sensitive data and who has access to this data. It is important to remember that storage of sensitive data on personal computers, personal devices and public computers should be avoided at all times. The University offers a number of services to staff and students to facilitate safe and secure storage of all University data.
Accessing your sensitive data
Many of us have access to large volumes of University data, and in many cases we have a number of ways in which we can access this data. At all times we need to consider how we access and view this data, especially when we are travelling and not on the University network.
We should avoid using public computers and public Wi-Fi networks to access sensitive data. Public computers can contain hidden programs designed to secretly record sensitive information such as passwords or other sensitive personal information. In other cases public open Wi-Fi networks can be used by hackers to intercept traffic and steal personal information.
For more information and tips for how to stay secure when travelling, refer to Travelling with electronic devices.
For more information on how to keep your personal device secure, refer to Secure your devices.