Working from Home and Data Protection FAQ

0 min read

28 April 2020

faq

1. Do the College Data Protection related policies and SOPs apply if I am working at home?

Yes.  The College remains Data Controller for the processing of personal data as per GDPR and the Data Protection Act (2018).  While we have moved ‘on-line’, the appropriate data protection guidance remain operational. Policies and SOP’s are available on the Learning Engine.  

2. I don’t have a College PC or laptop. What advice can you give me for using a personal device?

  • Staff should observe the following guidance when using personal devices:
  • Make sure all latest updates have been run on your device to enhance security.
  • Use Microsoft Office 365.
  • Avoid downloading personal data to your home computer.  If there are occasions where you need to download, you must delete as soon as the work activity has been completed.
  • Do not use your personal email addresses for College related activity.  We cannot stand over the security of these providers.
  • Do not use your College email address for personal activity such as online shopping etc
  • Log out of your College account before letting family members use the device.
  • Continue to be on your guard for phishing emails.

3. What software can I use?

Staff should only be conducting SERC business on College approved platforms e.g. Microsoft 365.

4. Can I still send information to third parties?

Yes.  The College is still open for business.  Guidance on securing information remains unchanged. When sending information to external organisations, do not feel under pressure to send information unprotected. 

Remember we are responsible for protecting our information, including when we transfer it.  Suggestions on how you can protect information being sent externally:

  • Send information via One Drive
  • Password protect documents
  • Use secure portal provided by third party

5. Can I record on-line sessions (teaching and corporate)?

Not all sessions need to be recorded however, in certain circumstances, you may use this facility.

In terms of teaching, recordings can be made when the session is intended for reflective learning, for assessment purposes or to permit flexibility for the benefit of students who may not be able to attend during the timetabled session.

In terms of corporate activity, recordings should only be carried out for the purpose for the note taker and non-attendees. 

Notifying attendee of recording:

  • Students/staff have been issued with a Privacy Notice providing them with an expectation of how their information will be processed. 
  • Staff must not use recordings beyond these expectations.
  • Attendees must always be reminded in advance that a session is being recorded.
  • You may wish to remind them of items which could be caught on camera in the background of their home environment e.g. pictures etc.

6. Managing the recording

  • Recording should only take place after cameras/microphones have been disabled of those who do not wish their data to be recorded.
  • In the event that a student does not wish to be recorded, it should be arranged that the recording is stopped while that student is speaking or have a conversation once the class is over.
  • Monitor the Attendee List to ensure only expected participants are present

7. How should I communicate with students?

The College has approved software to allow staff to communicate with students:

  • Microsoft Teams- Allows voice/webcam call
  • On-line Application Portal- Allows tutors to send texts/emails to class groups
  • Outlook- Email only

In line with College safeguarding policies and SOP’s, the College does not endorse unapproved platforms for contacting students, for example:

  • WhatsApp
  • Zoom
  • Closed social media groups

8. What can I do to protect hard copy data?

  • Avoid printing information containing personal data.  If it is necessary that you print, you must shred documents once you have finished with them.  Under no circumstances should personal data be put into your household bins.  These are not secure.
  • These documents should be protected from view from other members of your household with appropriate security applied to them.
  • Keep a record of hard copy information you have removed from the College prior to closure and communicate this to your line manager.

9. What else can I do to safeguard information?

Conversations: Staff are asked to be mindful of their surroundings when having either telephone/online conversations where personal information is being discussed.  Many staff may have “smart speakers”, such as Amazon Alexa, Echo, Google Home, located in various rooms within their house, and the unpredictable recording facility on these devices these may have data privacy implications for College information.

Staff are asked to be mindful of the location and activation of these types of devices when conducting College business from home, such as discussing personal data on the telephone.

Photo fun: The circulation of photos/selfies has been used by people looking for light entertainment while they are unable to socialise as normal.  You may want to share pictures with family and friends of your ‘world of home working’ however always be mindful of what information you are sharing and which could inadvertently be made public. 

Examples of things to avoid sharing:

  • documents/emails/images on your screen which identify individuals
  • papers with personal data on them
  • diaries with your list for the day which may contain personal data

You could display the College website homepage as it is naturally in the public domain already

 

 

 

 

 

 

 

 

 

 

 

 

What software can I use?

Staff should only be conducting SERC business on College approved platforms e.g. Microsoft 365.

 

Can I still send information to third parties?

Yes.  The College is still open for business.  Guidance on securing information remains unchanged.

When sending information to external organisations, do not feel under pressure to send information unprotected.  Remember we are responsible for protecting our information, including when we transfer it.  Suggestions on how you can protect information being sent externally:

·       Send information via One Drive

·       Password protect documents

·       Use secure portal provided by third party

 

Can I record on-line sessions (teaching and corporate)?

Not all sessions need to be recorded however, in certain circumstances, you may use this facility.

In terms of teaching, recordings can be made when the session is intended for reflective learning, for assessment purposes or to permit flexibility for the benefit of students who may not be able to attend during the timetabled session.

In terms of corporate activity, recordings should only be carried out for the purpose for the note taker and non-attendees. 

Notifying attendee of recording:

·       Students/staff have been issued with a Privacy Notice providing them with an expectation of how their information will be processed.  Staff must not use recordings beyond these expectations.

·       Attendees must always be reminded in advance that a session is being recorded.

·       You may wish to remind them of items which could be caught on camera in the background of their home environment e.g. pictures etc.

Managing the recording

·       Recording should only take place after cameras/microphones have been disabled of those who do not wish their data to be recorded.

·       In the event that a student does not wish to be recorded, it should be arranged that the recording is stopped while that student is speaking or have a conversation once the class is over.

·       Monitor the Attendee List to ensure only expected participants are present

Text Box: The following are relevant features of Teams regarding privacy and safeguarding: • Any attendee from inside the host organisation (SERC) can start or stop a recording. This feature is not available to guests from external agencies or anonymous attendees. • All internal attendees can replay the recording. • External guests cannot replay recordings. • Recordings are securely stored on Microsoft’s Stream cloud platform. • Be aware not to accidentally share the Teams screen within the current meeting session, as your private chat/files could be visible, and this may constitute a breach. A guide to Recording Teams Meetings is available here.

 

 

 

 

 

 

 

 

 

 

 

How should I communicate with students

The College has approved software to allow staff to communicate with students:

·       Microsoft Teams

o   Allows voice/webcam call

·       On-line Application Portal

o   Allows tutors to send texts/emails to class groups

·       Outlook

o   Email only

In line with College safeguarding policies and SOP’s, the College does not endorse unapproved platforms for contacting students, for example:

·       WhatsApp

·       Zoom

·       Closed social media groups

 

What can I do to protect hard copy data?

·       Avoid printing information containing personal data.  If it is necessary that you print, you must shred documents once you have finished with them.  Under no circumstances should personal data be put into your household bins.  These are not secure.

·       These documents should be protected from view from other members of your household with appropriate security applied to them.

·       Keep a record of hard copy information you have removed from the College prior to closure and communicate this to your line manager.

 

What else can I do to safeguard information?

Conversations:

Staff are asked to be mindful of their surroundings when having either telephone/online conversations where personal information is being discussed.  Many staff may have “smart speakers”, such as Amazon Alexa, Echo, Google Home, located in various rooms within   their house, and the unpredictable recording facility on these devices these may have data privacy implications for College information.

Staff are asked to be mindful of the location and activation of these types of devices when conducting College business from home, such as discussing personal data on the telephone.

Photo fun:

The circulation of photos/selfies has been used by people looking for light entertainment while they are unable to socialise as normal.  You may want to share pictures with family and friends of your ‘world of home working’ however always be mindful of what information you are sharing and which could inadvertently be made public.  Examples of things to avoid sharing:

·       documents/emails/images on your screen which identify individuals

·       papers with personal data on them

·       diaries with your list for the day which may contain personal data

You could display the College website homepage as it is naturally in the public domain already

 

ICO Guidance – ‘Working from Home Securely’

The Information Commissioners Office has published guidance on measures we can all take to protect personal data while working at home.

https://ico.org.uk/for-organisations/working-from-home/how-do-i-work-from-home-securely/

Page Tags

SERC
Previous Article
Next Article

Latest News

Keep up with the latest from SERC

Goldilocks and the Three Bears graphic

Christmas may be over but Panto is still in Season

** Catch Goldilocks and the Three Bears on our YouTube channel**
13 hours ago
Gabby Harrison

SERC Apprentice Set for Young Chefs Olympiad in India

Apprentice get sets for culinary adventure in India
16 hours ago
Staff from Inspire with students at Bangor Campus

Get set for Refresher Week Fair 14 – 16 January

Time to Refresh
1 day ago