Data protection for students

Key Points

City has temporarily moved to online teaching and we ask that students follow the guidance below for your own data security and so that City continues to comply with its data protection obligations.

Contact for data protection advice.

In general
  • Use City-approved software and applications as appropriate;
  • Ensure that computer and personal device operating systems and anti-virus software are up to date;
  • Be mindful of who is around you when you are working and what they might be able to see or hear;
  • Avoid saving data on local hard drives: this minimises the risk that a lost or stolen laptop will result in a data breach or the loss of your work. Please use your City OneDrive or Microsoft Teams accounts to store your work;
  • Please ensure that any assessments that you have completed are stored securely (for instance on your City OneDrive or Teams accounts, with password protection);
  • Use of public and/or unsecured WiFi is not recommended;
  • Be aware of the uptick in phishing and other social engineering attacks that prey on people's legitimate worries.
  • Use City email e.g. for course work. City’s email network is more secure than personal email accounts;
  • If you have a requirement to share personal data (any information about an identified or identifiable individual) for City-related activities, please be conscious of the impact on other individuals if the information were to go to the wrong person. Wherever possible it is better to store personal data in a single secure place and give others access to it as necessary.
  • If you do need to email  personal data:
    • Password protect it and share the password over the telephone or by text message or Teams chat;
    • Double check the recipient before you press Send on that email.
  • If you are conducting research that involves personal data, there are specific data protection protocols that you must follow. You should discuss this with your course supervisor.
  • Please be conscious that the contents of your City emails and chats may be discoverable under data protection and freedom of information legislation. Further information about this, and your rights, are available on the Information Commissioner's website.
File storage and data sharing
  • Use City file storage such as your City OneDrive and Microsoft Teams accounts. If you are conducting research that involves personal data, you should consult with your supervisor about data storage and handling;
  • Documents containing personal data should be stored (including on OneDrive), and sent/shared, with password protection. PDF documents can be password protected using the ‘Protect’ option under Tools.
  • If you need to share a password protected file, for instance via email, ensure that you send the password via a different means, such as Microsoft Teams (chat);
  • Passwords should be kept in a safe place. Don’t write them down in any manner that would make it easy to decipher and don’t tell anyone your login details or password – including IT.
Lectures, Tutorials and Meetings
  • It is courteous to ask permission of your lecturers, tutors and fellow students if you plan to record lectures or tutorials on your personal devices, and respect their wishes;
  • You should join lectures, tutorials and meetings using your City credentials and in line with City policies;
  • Take care to ensure that you cannot be overheard during calls/online meetings or tutorials, especially where you are discussing matters involving personal data.

For further information, please email


Learning Enhancement and Development have also developed the following guidance, which you may find useful:

I need to send a file which contains personal data to another student or a City member of staff, what should I do?

Rather than sending the data file it would be better to use an application such as Microsoft OneDrive to provide access to the file in-situ. If you cannot do this, do not send the data file to a personal email address as this would be considered a data breach. Ensure that the file is password protected before it is sent.

What should I do if I receive an email that includes an attachment which includes personal data?

Before opening any file you must be certain that it has been sent from a genuine source.  Special care should be taken to ensure that when the data is no longer required it is deleted from your local device. This includes any files that have been saved automatically as part of the download process.

You should also consider whether the data been sent to you in error. If so, delete it immediately and advise the sender that you received it and deleted it. They may need to log a data breach.

IT Advice

How can I access my files?

For information and guidance on working with remote tools such as Microsoft Teams and OneDrive Storage. Please see our Remote Working Guidance page.

Further guidance

Do review our knowledge base for guidance materials and answers to frequently asked questions. If you have any further questions, please don’t hesitate to contact the IT Service Desk on +44 (0)20 7040 8181 or via Service Now.