Procedure for the security of voice recordings

• Where possible the name of the interviewee must not be recorded.
• The end-to-end data handling process must be documented in a system level security policy (SLSP).
• Where possible an encrypted device must be used for recording eg an Apple iOS device such as an iPod Touch, iPhone or iPad which has been enrolled onto the University Exchange email service to activate device encryption. Where high quality audio, twin microphones and more than one recording device (e.g. for backup) are required, and the device is not encrypted, data must be downloaded to an encrypted device as soon as possible. The advice of IT Services should be obtained before buying a recording device.
• The device used to make the recording must never be left unattended and must be locked away securely when not in use.
• Transcription of the voice recordings must be done in a secure environment.
• The identity of the participant must be anonymised in the transcript unless explicit consent has been obtained to maintain their identity.
• Transcripts must be securely stored, i.e. on University servers.
• Transcripts or voice recordings held outside of the approved University systems must be stored on an encrypted device for temporary storage only. They must be transferred to University systems and deleted from temporary storage as soon as possible. Information regarding hardware encrypted USB sticks can be found here.