The University holds a large amount of information, both in hard and soft copy. This includes personal and sensitive personal data, and also non-personal information which could be sensitive or commercially confidential, for instance financial data. Care should be taken to protect this type of data, to ensure its integrity and to protect it from loss, theft or unauthorised access.
In the event of a information security incident (also known as a data protection breach), it is vital that appropriate action is taken to minimise associated risks. A risk analysis should be performed factors which need to be considered are:
- the number of individuals affected,
- the type of data involved (personal, financial, etc.),
- the impact on individuals.