The Department takes data security and privacy seriously. We are all responsible for knowing and understanding the Information Governance (IG) requirements which pertain to our jobs every day.
To further support this commitment, the Department has appointed several individuals to help promote and monitor compliance with Information Governance (IG) requirements. These include:
- Nicola Small (the Senior Information Risk Officer);
- John Briggs (IT/IG Head); and
- Phil Nieri (IG Manager).
In addition to these individuals, I would like to remind you that the University Information Compliance Team (ICT) is always available to assist with data privacy issues and concerns. ICT provides an advisory service, supporting data privacy work across the University. They review reported security incidents and breaches and process Freedom of Information requests. They can also help provide guidance on the University’s privacy-by-design review requirements for new Department studies and trials.
The ICT exists to help manage the risk to individuals, the University and to support our Department with discharging its responsibility under the data protection policy which states “Heads of Department [or equivalent] are responsible for ensuring that the processing of personal data in their department conforms to the requirements of data privacy legislation…”
The risk of harm to people as a result of a data breach is significant and this is equally true for the reputational and regulatory risks to the University.
The Information Commissioner’s Office has broad powers with the ability to levy fines of up to 4% of the University turnover. It also has the ability to order departments, or the entire University, to stop processing personal data altogether. Since the introduction of GDPR it has been necessary for us to report some breaches to the ICO and your support in reducing the risk of any further breaches or regulatory action is much appreciated.
Thanks in advance for your continued support.
Head of Administration and Finance