Enterprise Architecture
Enterprise Architecture
Contact us

Data confidentiality and governance

The University protects restricted and confidential data, giving access only to those people who need it.

Data governance

Data governance is the system of decision rights and accountabilities for managing the quality, availability, documentation and security of an organisation's data assets.  In the University of Edinburgh, data governance is overseen by the Data Governance Group, which reports in turn to the BI/MI Programme Board.

The Data Governance Group recommends policies regarding data stewards, data confidentiality, protocols for requesting access to data and similar concerns.  The group also reviews the federated data model.

Data Governance Group (UoE SharePoint site- access required)

Data stewards

Three levels of data confidentiality

All administrative data is classified as either unrestricted, restricted, or confidential. 

Unrestrictricted data is available for anyone in the world to read. 

Restricted data is limited to people who need the data as part of their work. 

Confidential data imposes extra controls and is only available to a small number of relevant members of staff.

Personal information

The University maintains a record of all personal data, in compliance with data protection priniciples and law.  The Data Protection Officer oversees a comprehensive register of all personal information stored by the University. Privacy statements clearly explain the reasons and uses for storing personal information.

Most personal information is classifed as restricted.  Sensitive personal information, which includes information such as race, sexuality and religion, is classified as confidential.

University of Edinburgh data protection policy

Retention periods & anonymisation

The University has to hold some data for set periods in order to satisfy legal requirements; some other data has to be deleted to meet other legal requirements. These retention periods are defined on the Records Managment web pages.

The University also keeps some data for statistical and reporting purposes.  Any personal information in this data is carefully anonymised to protect personal details.

University retention schedules

Information Security

The University's Information Security service provides guidance on a wide range of security issues.  

It also looks after the University's Information Security policy and associated standards.

Information Security

 

This article was published on