Risk assessment for the security of data

The University needs to keep both personal and non-personal data secure. A risk assessment for the security of data is to make sure that there are controls in place to prevent data being lost.

This document sets out the recommended approach to these risk assessments, your personal responsibilities, common factors and how to get help.

In particular Under the Data Protection Act with regard to personal data, the University must ensure, "Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data."

The purpose of a risk assessment is to ensure that where appropriate measures do not exist, controls are put into place to prevent the loss of data occurring. It is vital that the risk assessment reflects individual circumstances and real practices.