From time to time there are unfortunate incidents at the University that Security Services respond to. The type of incidents vary from serious criminal offences involving staff or students through to intelligence received. Incident reports are sent via email to a controlled distribution list.
The information within the incident reports is stored and shared in accordance with the University Information’s security policy. We do not routinely record data on personal characteristics such as age, race, gender etc. These are special categories of personal data and are not required for most purposes. Names, where applicable, are recorded in incident reports and where people are unknown to us, for example a suspected thief, identifying characteristics will be recorded (e.g. white female, 40-50 years old, brown hair etc) to aid future identification.
All of our data is collected in accordance with General Data Protection Regulations and therefore governed by law. We only collect data that is necessary for work purposes and incident reports are kept for a maximum period of three years.
Security Services monitor all incident reports and collate these in to categories to enables the university to track crime, and incident report types (e.g. fire alarm activations). These figures are used to consider trends and emerging issues and plan appropriate responses. No personal information (including the use of personal characteristics) is used in the collating of this data.
Requests to be added to distribution lists will need to positively confirm compliance with information security policy and provide a sound reason based on organisational responsibility. Please submit requests to Security Services.
Further advice and information on the policy including online training can be found here.
http://www.bristol.ac.uk/infosec/policies/
