Working from home with confidential information 

Confidential information

All staff are required to handle confidential information appropriately at all times. This includes personal data (anything identifying individuals, such as staff, students or research participants), and any other University information that is not suitable for the public domain. Appropriate measures need to be taken to protect confidential information against unauthorised access, exposure, use, disclosure, loss or destruction (both intentional and unintentional).

Working from home presents new and enhanced risks to confidential information and it is vital that staff take all necessary steps to ensure that they comply with University policy and legal requirements. This applies to information held in both digital and paper formats.

If you believe that confidential information you are working with has been compromised in some way, e.g. through unauthorised access or disclosure, it is important that you notify data-protection@bristol.ac.uk without delay. The IT Service Desk should also be informed if it is an IT issue.  

Confidential digital information

Guidance for staff on the different services, tools and applications they should be using to access, store and work on University information can be found on a separate page containing IT advice for working from home.

To help ensure security, staff should use University provided devices when working with confidential information. They should only use personal devices if this isn’t possible and they have been authorised to do so, in which case they should avoid downloading the information onto the device and use a secure means to access it on the University network. The University’s Mobile and Remote Working Policy outlines requirements when using personal devices for University work, and it’s important that staff are familiar with it.

It is also important that staff only make use of approved and supported services and applications for accessing, storing, sharing, discussing and working on confidential information. Using other services not provided by the University can jeopardise the security of the information.  The different Office365 applications (including OneDrive, Teams and Skype for Business) are all designed to facilitate secure homeworking, and the University provides several approved video-conferencing tools.

Confidential information in paper documents

Staff should avoid holding paper documents containing confidential information at home whenever possible. Instead, holding the information digitally on a secure device will help to avoid some of the risks associated with hard copy documents.

Any documents containing sensitive information need to be appropriately stored and secured when not being used. This amounts to ensuring they are beyond the reach of any unauthorised parties, including family members or housemates. Organisations have received large fines when paper documents containing confidential personal data were taken in burglaries at employees’ homes.

Staff need to ensure the security of hard copy documents when in transit, e.g. moving between the office and home environments. They also need to be careful to appropriately dispose of documents containing confidential information, i.e. by securely shredding and not disposing of them in regular household waste.

Other considerations for homeworking

Working from home presents challenges that may not be encountered to the same degree when working at University premises. The requirement to ensure the security and confidentiality of information includes the need to avoid it being accessed, seen or overheard by other parties. Whereas family members or housemates may be trusted, it would still be a breach of legislative requirements and University policy if they were exposed to sensitive University information, including personal data.

Staff need to ensure that confidential information on screens and paper documents cannot be viewed or overseen. It is also necessary to ensure that sensitive matters, including personal data, cannot be overheard when being discussed during phone and video calls.

Further information

Further guidance exists on processing personal data off campus.

Please contact data-protection@bristol.ac.uk for further advice.