OneDrive Terms and Conditions for Staff

These Terms and Conditions apply to all University staff. Make sure you read the full Terms and Conditions (see Related downloads) before using OneDrive - University of Leeds. These Terms and Conditions do not apply to students.

General Terms

  1. You must comply with the University’s Information Protection Policy at all times. 
  2. By using OneDrive - University of Leeds for University data you are personally responsible and accountable for complying with the University’s Information Security Policy and these Terms & Conditions of Use.
  3. If you access OneDrive - University of Leeds from computers or other devices in public areas you must ensure that information you are viewing can't be seen by others who are not entitled to view it.
  4. Computers and portable devices must not be left unlocked and unattended whilst connected to OneDrive - University of Leeds .
  5. You should keep private (personal) and University data separate and clearly labelled.
  6. Except in cases where you are working collaboratively with people outside the University, you should not give access to University data to non-University personnel.
  7. When you leave University employment you won't be entitled to have access to official University data or OneDrive - University of Leeds.  You will be contractually obliged to delete any University data you have access to unless you have permission to retain such data in accordance with the University’s Data Retention Policy.
  8. Downloading University data to a device using the OneDrive for Business app is only permitted if device security controls listed are being fully met.

Confidential and Highly Confidential information

  1. You can store classified information on OneDrive, but only for as long as necessary to share it. You must restrict access to only the people who really need it for operational reasons. 
  2. You can store highly confidential information on OneDrive, but only if it is encrypted, and then only for the shortest possible period for business operation. Your M: drive is still the recommended location for storing highly confidential information.

Working with people outside the University

  1. If you give external collaborators access to University data you must keep it to the minimum necessary for the purpose of the collaboration. 
  2. You are responsible for making sure that an official University non-disclosure agreement / confidentiality undertaking[1] is in place before allowing shared access to Classified University data when collaborating with external partners.
  3. When working with external parties you are responsible for highlighting any data which is University classified. You must make sure they understand the controls which they have to apply and can apply, as a condition of access, in order to protect that information before you share it with them.
  4. You are responsible for making sure that they comply fully with requirements of the Data Protection Act 1998 by adhering to the University’s Code of Practice on Data Protection.  In doing so they are to ensure that they do not allow access to any personal information (as defined by the Act) to any person outside of the University[2] or to anyone else who is not authorised to receive it.

[1] Please consult with the University Legal Advisor's Office

[2] Collaborative research projects involving personal work-related data, where data subjects have consented to the research, are excluded from this requirement.