Introduction:
University Jewish Chaplaincy recognises the need to build on the use of modern technology in order to arm our chaplains with the latest technologies that will enable them to empower our young people with a strong Jewish education that will long outlive their time at university. Computer based data protection covers a wide range of areas including; web-based security, mobile learning and local security. It is important that as an organization we recognize the constant and fast passed evolution of technology.
University Jewish Chaplaincy holds personal data of staff, students and lay leaders. We recognise that some of this information is sensitive and could be used by another person or criminal organization to cause harm or distress to an individual. The loss of sensitive information can result in media coverage, and potentially damage the reputation of the organization.
All University Jewish Chaplaincy staff members have a shared responsibility to secure any sensitive information used in their day to day professional duties. Everybody needs to be made aware of the risks and threats of technology security and how to minimize them.
As a result of the new Government Data Protection Regulation. The penalties for data breaches are far more severe than previous legislation and could lead to heavy fines and other punitive action.
Section One – Work Computers:
This section will cover the acceptable usage of any computer that is used for work that relates to University Jewish Chaplaincy.
- All physical computing hardware should be kept safe at all times, it should be kept either on person or locked in a cupboard or room.
- All computers must be password protected.
- Computer software should always be up to date.
- All computers must have some level of firewall protection, inclusive in this should be security-related updates and patches to operating systems.
- Computers should not be left unattended and unlocked at any time.
- Where necessary, obtain permission from the owner or owning authority and pay any relevant fees before using, copying or distributing any material that is protected under the Copyright, Designs and Patents Act 1998.
Section Two – Sensitive Data:
This section will cover safe storage of sensitive data held on work computers.
- Sensitive files should be encrypted or at very least have a level of password protection or ‘administrator-only’ permission.
- Sensitive data should not be stored on flash drives or external hard-drives.
- Personal or confidential information should not be sent via email or any file transfer mechanism. (unless encrypted)
- Keep your screen display out of direct view of any third parties when you are accessing personal, sensitive, confidential or classified information.
- Do not introduce or propagate viruses.
- Data should be deleted routinely as and where necessary.
- When no longer needed for service the device should be disposed of in a manner that ensures it is totally destroyed.
- If the device is being passed on to a different member of staff, It is essential that any hard drives which may have held personal or confidential data are ‘scrubbed’ in way that means the data can no longer be read. It is not sufficient to simply delete the files or reformat the hard drive. Whoever you appoint to dispose of the equipment must provide a written guarantee that they will irretrievably destroy the data by multiple over writing the data.
Section Three – Smart Technology:
This section will cover safe storage and usage of Smart Technology.
- Mobile Phones and Tablets should always be password protected.
- Photographs and Videos stored on Mobile Phones and Tables should be routinely downloaded onto a computer and deleted from the device.
- Emails that are stored, sent and received from Smart Devices should have an extra layer of security.
- If the device is being passed on to a different member of staff, it should be totally wiped.
- In the event of loss the Smart Device in question should be remotely wiped at the earliest possible opportunity.
- When no longer needed or being passed on to a different member of staff, It is essential that any hard drives which may have held personal or confidential data are ‘scrubbed’ in way that means the data can no longer be read. It is not sufficient to simply delete the files or reformat the hard drive. Whoever you appoint to dispose of the equipment must provide a written guarantee that they will irretrievably destroy the data by multiple over writing the data.
- Smart Devices should never be lent out without proper supervision.
Section Four – Social Media:
This section will cover safe usage of Social Media.
- Keep passwords strong, this includes changing them every six months.
- Only add people to your network that you know.
- Adjust privacy settings, restrict access to photos, personal information, and specific group interests.
- Know how to block or delete unknown users.
- Be aware of zombie accounts.
- Remember, if it goes online it will stay online.