At Imperial College London, our department and individual system owners have ethical, legal and moral obligations when setting up systems to host sensitive data. Example of systems deemed sensitive include:

  • financial systems that record bank, credit card, salary and other personal information;
  • health and human resource details, such as disabilities, criminal records and sexuality;
  • clinical trial and medical based systems with identifiable patient data;
  • laboratory and research systems recording details of animal-based work;
  • intellectual-property systems.

Requests for hosting should clearly state whether the system will hold sensitive data and consider how this data will be secured and plans for the application of all necessary protections. We will use the information provided to build systems with appropriate access and security measures. Secure management of data and access permissions within these systems and compliance with all Information Systems policies, including the Data Protection Act is the responsibility of the system owner.

Data protection

Compliance with the Data Protection Act

When setting up and using databases of personal data, you must register the new database with the College Data Protection Officer and act in compliance with the Data Protection Principles to ensure that personal data is held and processed securely and the rights of individuals concerned are preserved. 

Relevant policies

Please familiarise yourself with the following Imperial policies on this issue: