IT Matters
Forwarding and replying to e-mails
Staff and students should consider whether or not those listed on a cc list, are aware that their e-mail address will be disclosed to the party you are corresponding with. In particular where e-mails are being forwarded outside the University it is advisable to ensure that those individuals listed in the cc list consent to their data to be used in this way.
External group emails
Recently, there has been a number of instances where the Data Protection Act has been unwittingly breached by staff members engaged in external communication. In particular, group emails have been sent out in such a way as to reveal the (email) addresses of all recipients to each and every member of the group. Such a revelation constitutes a clear breach of the Act.
Staff are reminded, therefore, to ensure that the 'bcc' (blind carbon copy) facility is used when sending out group emails to enquirers and prospective/current/former students.
Photographs, Videos and closed-circuit Television
Images of identifiable individuals constitute personal data in terms of the Act. Photographs should not be displayed in departments, used in teaching material, promotional material, prospectuses, etc., displayed on web sites, or in any other way made public without the permission of the individual (s) concerned. The same restrictions apply to video images (or audio recordings) used, in example in teaching or promotion. The University employs CCTV as part of its security systems. This will be administered within the Code of Practice on the use of CCTV issued by the Office of Data Protection.
Web Pages Used To Collect Personal Data
Where the University uses web pages to collect personal data, it should ensure that at the point of collection (i.e. on the relevant web page) the following information is provided to the data subject:
- The purpose for which the data is collected
- Those to whom the data is likely to be disclosed
- An indication of the period for which the data will be kept (e.g. "while we process your application", "for the duration of your studies" etc,)
- Any additional information that may be required to ensure that the processing is ‘fair’.
- The ability to opt out of any parts of the collection of, or use of the data that are not directly relevant to the intended transaction. (E.g. where an individual provides their name and address to an institution in order to obtain a prospectus. If the institution runs a follow up scheme designed to discover why candidates did not come to that institution, and the individual should be notified of that scheme and be able to opt out of it).
Should the University wish to subsequently use personal data for purposes not disclosed to the data subject at the time of collection, then further consent must be obtained from the individual concerned.
World Wide Web
Personal data, when released on the World Wide Web, by definition goes beyond the European Economic Area (E.E.A), including countries that do not have data privacy regimes considered adequate by the EU Commission.
The University may include non-sensitive staff data, specifically contact names, University telephone numbers and email addresses on Institutional Internet and Intranet web pages, such display facilitates the normal organisational functioning and management of the Institution.
In the event that any member of staff has a reason for such contact details not to be made publicly available s/he should contact their Line Manager in the first instance. The University will not use any further personal data on the Institutional Internet or Intranet web pages without the explicit consent of the subject.
