Policies

Data Protection Policy

The Data Protection Act (DPA 2018), along with the General Data Protection Regulation (GDPR), came into force on 25th May 2018; and modernises laws that protect the personal information of individuals in the UK.

The legislation places an ongoing accountability requirement on organisations to demonstrate (and document) that they have considered the privacy risks flowing from their processing of personal data. It also strengthens the requirements for organisations to have adequate and appropriate organisational
and technical controls in place to protect privacy.

In accordance with the GDPR and the Data Protection Act 2018 every data subject has the following rights:

  • The right to be informed about how their Personal data is to be used;
  • The right of access to their Personal data held by the University and other information;
  • The right to rectification if their Personal data is inaccurate or incomplete;
  • The right to request the deletion or removal of Personal data where there is no compelling reason for its continued processing;
  • The right to restrict processing in certain circumstances;
  • The right to data portability which allows individuals to obtain and reuse their Personal data for their own purposes across different services;
  • The right to object to processing in certain circumstances;
  • Rights in relation to automated decision making and profiling;

City is a data Controller in terms of the Data Protection Act 2018 and is registered with the Information Commissioners Office (ICO) with the registration number Z8947127.

Read the full Data Protection Policy document


Acceptable Use Policy

The University processes information in order to carry out its normal functioning. This may include confidential and personal information about businesses and individuals. Information is a valuable, costly, asset. Business continuance and academic progress is dependent on its integrity and continued availability. Steps will be taken to protect information assets from unauthorised use, modification, disclosure or destruction, whether accidental or intentional. This policy forms part of an information security management system (ISMS) which is a living document in support of these activities.

The Acceptable Use Policy sets out a set of unacceptable behaviours in Section 5 and later defines to a lesser extent behaviour, which is permitted on City, University of London IT systems. By stating what is unacceptable, users are then in a better position to use the provided systems in an acceptable and reasonable way. If users are in any way confused as to their responsibilities, they should seek guidance from the IT Service Desk.

This policy applies to staff, students, alumni, contractors, consultants, temporary and visiting staff, including interns, retired staff, honorary staff, volunteers and other workers of the University, including all personnel affiliated with third parties who interact with the information held by the University in all its forms and its related information systems. This includes, but is not limited to, any systems or data attached to the University computer or telephony networks, systems supplied by the University or communications set to or from the University.

This policy applies to all people and assets in the execution of the original and supplemental University charters where pertaining to IT. This policy is reviewed, maintained and updated by the Information Security Manager. This policy will be reviewed, at minimum, annually.

Read the full Acceptable Use Policy document


IT Conditions of use

The University processes information in order to carry out its normal functioning. This may include confidential and personal information about businesses and individuals. Information is a valuable, costly, asset. Business continuance and academic progress is dependent on its integrity and continued availability. Steps will be taken to protect information assets from unauthorised use, modification, disclosure or destruction, whether accidental or intentional. This policy forms part of an Information Security Management System (ISMS) which is a living document in support of these activities.

  • This policy details the conditions which apply to all computers and networks at City, University of London.
  • This policy should be read in conjunction with the IT Information Security Policy, along with the JANET Acceptable Use Policy.
  • All users should be aware that by registering with City or by using the City network you have agreed to abide by all Information Security Policies.

Read the full IT Conditions of use document


Information Security Policy

The University processes information in order to carry out its normal functioning. This may include confidential and personal information about businesses and individuals. Information is a valuable, costly, asset. Business continuance and academic progress is dependent on the integrity and availability of data. Steps will be taken to protect information assets from unauthorised use, modification, disclosure or destruction, whether accidental or intentional. This policy forms the key component of an information security management system (ISMS) which is a living document in support of these activities.

This policy applies to staff, students, alumni, contractors, consultants, temporary and visiting staff, including interns, retired staff, honorary staff, volunteers and other workers of the University, including all personnel affiliated with third parties who interact with the information held by the university in all its forms and its related information systems. This includes, but is not limited to, any systems or data attached to the University computer or telephony networks, systems supplied by the University or communications set to or from the University.

Report a Data Breach

Read the full Information Security Policy document


Cloud Policy

The University processes information in order to carry out its normal functioning. This may include confidential and personal information about businesses and individuals. Information is a valuable, costly, asset. Business continuance and academic progress is dependent on its integrity and continued availability. Steps will be taken to protect information assets from unauthorised use, modification, disclosure or destruction, whether accidental or intentional. This policy forms part of an information security management system (ISMS) which is a living document in support of these activities.

The cloud [1] (see reference section) computing and managed services are a constantly evolving environment, where it can be particularly difficult to secure data. It is for this reason two categories of data are defined in this document. ‘Sensitive’, is the term used for data containing personally identifiable or commercially sensitive data. ‘Non-Sensitive’, is the term used to describe data containing neither personal nor commercially sensitive data.

Read the full Cloud Policy document