menu icon mobile devices search icon mobile devicesSearch the site

Data security

Information security is important to protect highly restricted or sensitive information, for example where personal identifying information (PII), intellectual property, commercial interests, or national security is involved.

Sensitive information can be used to identify an individual, species, object, or location that introduces a risk of discrimination, harm, or unwanted attention.

The legal definition of sensitive personal data (sometimes referred to as special category personal data), comprises personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, information concerning health or relating to a natural person's sex life or sexual orientation and criminal records and proceedings.

Whilst adopting a proportionate risk based approach, the entire lifecycle of the research information needs to be considered, from creation to destruction. Minimum controls for highly restricted information to remain secure include user access controls, encryption, identifying and guaranteeing the location of the information, legitimate sharing / appropriate contracts.

Physical security, network security and the security of computer systems and files each need to be considered to ensure the protection of information and prevent unauthorised access, changes, disclosure or destruction of information. The Information Governance Office provides a review service which will be necessary if you are processing PII and need to carry out a Data Privacy Impact Assessment (DPIA). You are likely to need to carry out a DPIA if you are using new technologies and/or cloud based solutions, if your research data leaves the European Economic Area (EEA), or if the University of Manchester does not provide you with the required tools.

Guidance and support

IT Services provides guidance on:

Information Governance Office provides support and guidance to enable the University to create, use, archive and dispose of information safely:

Research Governance, Ethics and Integrity Team provides guidance and support to researchers in the area of research governance, integrity and ethics

Data Protection website (including definitions of personal data and personal sensitive data, and advice on processing personal data for research)

Data Protection online course (all staff who handle person identifying information of staff, students, research participants or others must complete the University's online data protection course)

Can we help?