"Sensitive" means different things depending on your context.
At work, it's the University definition that matters, but from your personal perspective, consider the impact on your friends or family, or people you work, live or correspond with, if data from any of your devices is stolen and misused for harm.
- Legal definition
- Any data covered by the Data Protection Act 2018 (DPA) and UK General Data Protection Regulation (UK GDPR)
- University defintion
- Anything covered by the laws above, plus anything that if revealed, could cause a business problem for the University. (See details below.)
- Personal definition
-
A personal definition is up to you. We suggest that you consider data as "sensitive" wherever it's loss could cause damage or distress to people.
University definition
The University defines "Sensitive", by showing examples of what would count, but examples are only illustrative. For some kinds of information you are using, you need to work out whether it is senstive or not based on the impact it would have on the business or on a person should the information become exposed, revealed or lost.
These are the examples of what counts as senstive, taken from the relevant policy in University Records Management. Follow the Related Link below, for a full statement of that policy.
- Personally identifiable information relating to staff, students or others:
- lists from student records (EUCLID), performance data, grading, marks or assessments
- financial records (e.g. bank account data)
- information about people's health, or about any protected characteristics
- Data and/or correspondence about proposed changes to high profile strategies, policies and procedures (e.g. changes to UG admissions policy) before they are publicised.
- Information that if compromised, would disadvantage the University in commercial or policy negotiations before contracts have been finalised.
- Correspondence provided to the University in confidence.
It is defined more fully in the "Policy on taking sensitive information and personal data outside the secure computing environment". ( See the "related links" on this page ).
We recommend you encrypt anyway
From a personal view, we recommend that you encrypt any and all of your mobile devices. Once you get used to it, encryption is not hard. It just makes sense to protect, for your sake, for the sake of The University, and even for the sake of your friends.