Frequently Asked Questions about Data Security
What is personal data?
What is personal data and what is sensitive personal data?
The following definitions are taken from the Data Protection Acts 1998 and 2003.
Personal data
“Personal data” means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller.
Sensitive personal data
Sensitive personal data is defined in the Data Protection Acts as any personal data as to:
- the racial or ethnic origin, the political opinions or the religious or philosophical beliefs of the data subject,
- whether the data subject is a member of a trade union
- the physical or mental health or condition or sexual life of the data subject,
- the commission or alleged commission of any offence by the data subject, or
- any proceedings for an offence committed or alleged to have been committed by the data subject, the disposal of such proceedings or the sentence of any court in such proceedings.
The Data Protection Acts require additional conditions to be met for the processing of such data to be legitimate. Usually this will be the consent of the person about whom the data relates.
For more detailed information please visit the Data Protection Commissioner web site at:
What are my responsibilities when dealing with personal data?
Responsibilities when holding such data
Any staff member of NUI Maynooth who is involved in the collection, storage or processing of personal data has responsibilities under the legislation.
Any staff member involved in the processing / storing of personal data should make sure:
- To obtain and process personal data fairly
- To keep such data only for explicit and lawful purposes
- To disclose such data only in ways compatible with these purposes
- To keep such data safe and secure
- To keep such data accurate, complete and up-to-date
- To ensure that such data is adequate, relevant and not excessive
- To retain such data for no longer than is necessary for the explicit purpose
- To give, on request, a copy of the data to the individual to whom they relate, such a request is known as an “access request”
What are the individual's rights?
The individuals for whom the university stores personal data have the following rights:
- to have your details used in line with data protection regulations, to have their personal data obtained and processed fairly, kept securely and not illegitimately disclosed to others
- to information about your personal details
- to access your personal details
- to know if your personal details are being held
- to change or remove your details if inaccurate
- to prevent use of your personal details. For example, one might want to have the data blocked for research purposes where they are held for other purposes
- to object
- to freedom from automated decision making
Please note:
Under the Freedom of Information Act (1997 and 2003) records containing personal information may be released to a third party, where the public interest to it requires.
How can I physically secure my PC?
When you leave your desk / office ensure that your lock the office, if this is not possible then log off of the Pc or use a password protected screen saver. Terminate any active sessions to University servers (such as the Student Administration server). In general do not leave your PC unattended without securing the session by passowrd or better signing off.
Laptop users are urged not to leave the laptop unattended or visiable e.g. car, plane or train.
Physical security safeguards should include the following considerations:
- perimeter security (monitoring of access, office locked and alarmed when not in use);
- restrictions on access to sensitive areas within the building (such as server rooms);
- computer location (so that the screen may not be viewed by members of the public);
- storage of files (files not stored in public areas with access restricted to staff with a need to access particular files); and
- secure disposal of records (effective "wiping" of data stored electronically; secure disposal of paper records).
What are other threats to my data?
There are many other reasons why personal data can be compromised. Computer viruses and spyware are the most common.
To avoid computer viruses and spyware it is highly recommended that all computer users (at home as in the office) have a quality anti virus software installed and insure that the anti virus software is updated on a regular basis (min. once a week).
It is also important that the installed software, operating system or application, is patched on a regular basis. Software supplier provide software patches on a regular basis especially if they are aware that a bug in their software which may cause security risks.
What about using USB Memory Sticks or other Portable Devices?
USB sticks are very handy if files need to be transferred from one computer to another. The advantages of USB sticks are that they are easy to use, small, work almost with all computers and operating systems.
But these advantages bear risks at the same time. Data copied from an encrypted laptop onto a USB memory stick are, in general, not encrypted. Because USB memory sticks can be so small nowadays, they are easily lost.
Files on USB memory sticks can carry a computer virus and therefore be extremely careful before accepting a memory stick from someone. It is highly recommended always scan it before attempting to read any data from it.
As well as USB memory sticks some MP3 players and smart phones can be used to store data. All risks with the USB memory stick can be associated with those devices as well.
How secure is my email?
In general emails sent and received are not encrypted; this counts for the attachments of the e-mails too. Because of this it is not recommended to send personal data in an e-mail or as an attachment in an e-mail.
E-mails attachments can carry viruses and spyware. It is recommended that on each computer which is used for sending and receiving e-mails a quality anti-virus software is installed and configured to updated at least once a week and to check all incoming e-mails.
How secure are Mobile Phones?
Smartphones can be configured to access e-mail accounts and store data.
The contents of e-mails on the smartphones, as soon as they are read on the the phone, are saved on the phone. Even without any network access the e-mail can be accessed again.
On some smartphone models the memory of the phone can be used to save files. If the files are transferred onto the phone they are not encrypted.
How do I report an incident?
Information will be available shortly.