Skip to content
St George's and City have merged. Find out more.

Here you will find best practice guidance in the handling, sharing, storage or disposal of personal identifiable information.

Before sharing confidential data outside of the university and if you are unsure of how to handle it, please seek advice from the Data Protection Officer (Claire Morrissey), Head of Information Governance (Geoff Gray) or General Counsel (Ken Morrison).

Email guidance

  • Always ensure personal identifiable data is sent in an appropriate, secure manner, eg double-check recipient email addresses before hitting ‘send’, consider whether password protection or encryption is required, check whether there is an alternative to using email.

  • Never use a personal email account to send or receive St George’s personal or business data.

  • When personal identifiable data is being conveyed within the body of an email, that email should be marked ‘Confidential’ in the subject line and at the top of the message itself.

  • When sending personal identifiable data by email outside of St George’s you must always use password protection or encryption.

  • Avoid discussing students (or other staff) via email unless it’s for official purposes and is something you would be happy to disclose to the person you are discussing. If you need to discuss a sensitive issue or situation with a colleague it’s always best to do so in person.

  • Be suspicious if any emails ask to check or renew your credentials even if it seems to come from a trusted source, please very authenticity even if appears to come from an "IT" source.

Email Etiquette

  • Writing emails in and for the workplace requires a different etiquette to that used when emailing or messaging friends, St George's email etiquette guidelines.

Information security compliance

  • Current St George’s policy is that you should not use cloud resources for which the university does not have a formal agreement to store documents containing St George’s personal identifiable data or business-critical information. IT/AV can provide advice on secure methods of sharing personal data with colleagues outside of St George’s.

  • Student data should never be taken off-site unless absolutely necessary, whether as a hard copy or stored on a portable device, such as a USB stick or laptop. If you are working from home you should arrange to access data via the university’s central systems, eg copy the file(s) to an appropriate St George’s network drive.

  • Access to secure resources should be restricted to authorised St George’s members only – never share your password for any of St George’s systems with anyone else.

  • Log out or lock your screen when leaving your PC unattended.

  • Ensure your display screen cannot be seen by others if working on confidetial documents.
  • When leaving your office, or desk if remote working, secure confidential documents.

  • Ensure confidential information is not left on photocopiers or printers.

  • Only use encrypted USB sticks.

  • Turn off smart phones, speakers or watches when discussing confidential information
  • Laptops holding confidential information must be encrypted.

  • Do not leave confidential information on whiteboards.

  • Only use the approved confidential waste service and while awaiting destruction ensure the confidential waste is securely stored.

  • Confidential information should be kept in locked draws or cabinets.

 

Find a profileSearch by A-Z