Information Governance Office (IGO)
Up-to-date guidance and useful resources can be found on the Information Governance Office (IGO) web pages. They can be accessed by using the following link:
The University needs to hold and process large amounts of personal data about its students, employees, alumni, contractors, and research subjects, along with personal data about some other individuals, in order to carry out its business and administrative functions.
This data is subject to the General Data Protection Regulations (GDPR) and the Data Protection Act 2018 and concerns all administrative, academic, and commercial areas within the University.
The Information Governance Office is the point of contact for all enquiries related to:
- Data Protection
- Freedom of Information (FOI)
- Records management
- Information risk management
- Information security
- Business continuity
Much of the Workforce data you will access is personal data, some may be considered special category data. You also have a responsibility to ensure that any data you access is used and kept securely.
Expand the sections below to find information about the types of data you will access and guidance on storing it.
Expand the sections below to read more about the different types of data.
Much of the Workforce data you will be accessing is considered "personal data".
This includes any information relating to an identified or identifiable person, such as reference to their name, ID (employee) number, location, or address, as well as any "special category" or criminal offence data.
This type of data is defined as:
- personal data revealing racial or ethnic origin
- personal data revealing political opinions
- personal data revealing religious or philosophical beliefs
- personal data revealing trade union membership
- genetic data
- biometric data (where used for identification purposes)
- data concerning health
- data concerning a person's sex life
- data concerning a person's sexual orientation
Data relating to criminal convictions or offences is covered under separate rules (details below).
Criminal Offence Data refers to personal data that relates to criminal convictions and offences, or any related security measures.
It covers a wide range of information about criminal activity, allegations, investigations, and proceedings.
Data which is obviously about specific convictions or trials is covered, as well as any other personal data relating to convictions, offences, and related security measures, including:
- Unproven allegations
- Information relating to the absence of convictions
- Personal data of victims and witnesses of crime
- Personal data about penalties
- Conditions or restrictions placed on an individual as part of the criminal justice process
- Civil measures which may lead to a criminal penalty if not adhered to
You have a responsibility to ensure that any data you access is used and kept securely.
Please bear in mind that you are accessing personal data relating to your colleagues.
- Workforce data must be kept on secure University network storage and not on PC hard drives or any kind of portable storage device (such as laptops, USB storage, and removable hard drives), unless that device or file is encrypted
- Workforce data should not be shared outside the University
- Workforce data should never be shared with other individuals via unsecured means. Do not email files (even internally) unless they are appropriately protected or encrypted
Information Governance Guardians
If you have any questions relating to the classifications of data, or any questions around data you are processing, please contact your local Information Governance Guardian. The list can be accessed from the Information Governance Office web pages about Data Protection: