Data security is relevant to protect intellectual property rights, commercial interests, or to keep sensitive information safe.
Arrangements need to be proportionate to the nature of the data and the risks involved. Data that contain personal information should be treated with higher levels of security than data which do not, as the safeguarding of personal data is dictated by national legislation, the Data Protection Act 1998, which states that personal data should only be accessible to authorised persons. Personal data can be stored in digital files, or can exist in non-digital format: patient records, signed consent forms, interview cover sheets containing names, addresses and signatures.
Security can be made easier by:
Attention to security is also important when data files are to be destroyed.
Security of computer systems and files
Data security and cloud storage
Cloud-based storage such as Google Drive, Dropbox, OneDrive, iCloud or YouSendIt are easy to use, but not necessarily permanent or secure. Cloud-based storage is often based overseas and therefore not covered by UK law and could be in violation of the UK Data Protection Act 1998, which states that personal and sensitive data should not be transferred to other countries without adequate protection.
Cloud data storage should be avoided for high-risk information such as files that contain personal or sensitive information, information that is covered by law or that has a very high intellectual property value. While file encryption can be used to safeguard data files to a certain degree, it would still not meet the requirements of data protection legislation.
Alternatives are secure FTP servers, content management systems set up and controlled by an institution or secure workspaces. See our guidance on file sharing.