Information Security and Data Protection training

In the University, we handle large volumes of information daily, including personal information about staff and students, financial information, and research data. All users are expected to contribute to the safeguarding of information so we all need to understand what information security means in practice.

Take mandatory online information security training now (staff) [Please be aware that the quiz has been removed from the training for technical reasons and is not currently required. It will be replaced in an updated version of the course.]

Take online information security training now via ELE (Postgraduates and associates)

Why do we need Information Security training?

The University has a range of controls in place to protect the information we hold, people can be the weak link in IT security so one of the key controls in ensuring everyone understands what their responsibilities are and how we can all reduce the risks to the information used every day from being lost, stolen or corrupted.

Phishing emails and social media scams continue to exploit the human element so knowing what to do will help prevent a security incident from happening, and if the worst should happen, how to contain the risk and protect individual’s information.

Researchers need to use personal data and access to these datasets and funding increasingly requires security awareness training, therefore the courses are not only mandatory for all staff in LearnUpon but are also available for postgraduates in ELE.

The online training as well as additional resources and guidance and advice on the IG pages will provide the information you need to ensure all University information is protected.

The Information Security Awareness course provides all staff and research postgraduates with an overview of the main issues relating to holding and using data securely.

The course will take about 45 minutes to complete and can be done in stages if you wish. Topics covered are:

  • Reasons why we need to protect information
  • Physical security and good practice
  • Accessing and sharing information
  • Threats and protection
  • Working away from your desk
  • Your responsibilities

Information Security for Research Data is a supplementary training module for research postgraduates and staff who work with research data. The 15-minute training covers topics including:

  • Processing personal data in accordance with the Data Protection Act
  • Contractual issues about how research data is to be processed and stored, including technical considerations
  • Considering how you will collect, process and store (including backups) research data

Both courses contain links to a number of webpages providing further information.

  • Staff are required to complete the University of Exeter’s online Information Security Awareness course which can be accessed via LearnUpon
  • An additional short Information Security for Research Data course is also required for researchers, this course is available to all staff
  • Researchers that do not have access to Learn Upon are required to complete both courses via ELE.

The Training and Development Unit organise internal Data Protection & Freedom of Information training throughout the year. To find out when the next session is please visit the Training and Development Unit website.

This workshop looks at the practical implications of the Data Protection (including the new General Data Protection Regulations coming into force in May 2018) and Freedom of Information legislation.

During the workshop we will discuss the main principles of the law and encourage you to relate them to your work. The aim of the workshop is to increase your knowledge and understanding of the legislation and to provide practical advice on how to be compliant. The course is an introductory-level workshop explaining the key elements of the legislation and the key implications for your work.

At the end of this session it is intended that you will have:

  • Gained a basic understanding of the relevant legislation.
  • Increased your awareness of the right of access to information.
  • Developed your knowledge on what rules of good information handling consist of.
  • Developed your knowledge and understanding of some simple techniques to help manage information.

If there is a specific need for a training session for your office or department this can be organised, please contact the Information Governance Team to discuss your needs.

In the past bespoke sessions have been organised for the Academic Office, Resident Tutors, Postgraduate Research Students, the Finance Department, Registry Services and the Development and Alumni Relations Office. The content of training sessions is altered for each session to ensure that it is relevant to the attendees.

We are also happy to attend team / college / department meetings to discuss particular issues and provide relevant guidance.

Areas we can cover include:

  • Data Protection and the new legislation that comes into force in May 2018, the General Data Protection Regulation (GDPR)
  • Freedom of Information
  • Information Security (please contact IT for technical security)
  • Privacy by Design and ensuring your project is legally compliant

Please select the following links for presentations and guides that may be of use:

Guide for Staff - Data Protection and Freedom of Information guide

Generic Records Management Service Presentation