Student and Registry Services


Sharing data and encryption

13 September 2019

Each month we provide some data protection advice that we all need to be aware of as part of our day-to-day work. If you have any questions, or if there is anything that you would like to see covered, please email srs-compliance@ucl.ac.uk or l.minks@ucl.ac.uk.

Here in SRS, we all share data with our colleagues all the time. It takes a matter of seconds to forward an email and only a few clicks to attach and send a spreadsheet or pdf. Email is undoubtedly a quick and convenient tool, but it may not always be the best way to share data.

We all have a personal responsibility to handle people’s personal data with care, and this includes being mindful of what we’re sharing, how we’re sharing it and who we’re sharing it with.

What to share

When sharing data, consider the following:

  • Am I sharing too much data? Ensure that you share only what is necessary.

  • Do I really need to send identifiable personal data? Consider if you can use anonymisation

  • Could pseudonymisation be used to minimise the amount of data?

  • Be mindful of what you are sending, especially if you are forwarding a long chain of emails that may contain personal data.

How to share

Always consider if email is the best way to share data. It may be more secure to share the data using SharePoint or OneDrive, or via your local S: Drive.

When sharing personal data, especially special category data, you should use Encryption. Please take a look at the information on UCL’s encryption webpage which provides a lot of useful and practical information.

Who to share with

  • Double-check your email recipients! A number of people may have the same or similar names. If you are unsure, the staff directory

  • Be careful when clicking ‘reply to all’.

  • Consider using BCC rather than CC (see UCL’s guidance on using email)

Remember, if data is sent to the wrong person this is a data breach that must be reported to the UCL Information Security Group (ISG).