Skip to main content

Information Governance

Information Governance

Data Protection Act

The current Data Protection Act is set to be replaced by the General Data Protection Regulation (GDPR) in May 2018. The GDPR framework offers greater protection for the personal data of individuals and tougher punishments for non-compliance.

The University is currently working to ensure all Schools and departments understand their responsibilities under GDPR. Please remember that GDPR builds upon the existing data protection measures that staff and information processes and systems should already be compliant with. There will be further advice and guidance issued around GDPR over the coming weeks and months.

Data Protection Subject Access Requests

If you would like a specific piece of information about yourself, the easiest thing to do is to contact the person holding the information and ask them if they will provide you with a copy.

If they are unwilling to do this, you should complete a Data Protection Subject Access Request form and send it, with a cheque for £10 made payable to the University of Salford and proof of your identity (any original documents will be returned, but photocopies will be accepted) to:

Information Governance Officer
Legal and Governance Directorate
Maxwell 6th floor
University of Salford
M5 4WT

On receipt of your request we shall instigate a search of the Student Administration Department/Human Resources and your school/professional services division. If there are any other departments or systems you would like searching, please indicate in your application.

Making requests on behalf of the Data Subject and requests from solicitors

Requests for personal information from solicitors regarding their clients will be treated as Subject Access Requests. Similarly if you are making a request on behalf of the data subject, otherwise, or with the permission of the data subject, please ensure that you provide the following documents:

  • A letter clearly stating the information you require
  • Proof of identification from your client (i.e. copy of passport, driving licence, university card)
  • Written authorisation signed by the data subject
  • A cheque of £10 made payable to the University of Salford

Please send to:

Information Governance Officer
Legal and Governance Directorate
Maxwell 6th floor
University of Salford
M5 4WT

On receipt of the request we shall instigate a search of the Student Administration Department/Human Resources and your school/professional services division. . If there are any other departments or systems you would like searching, please indicate in your application.

Please note that some kinds of personal data are exempt from the provisions of the Act, and there are some exceptions to the data subjects’ right of access, these include where third parties are involved but where any exemption occurs, you will be informed.

Data Protection request versus Freedom of Information request

It is important to distinguish requests made by individuals under the terms of the Data Protection Act from those made under the terms of the Freedom of Information Act. Basically, if an individual wishes to see information we hold that specifically describes themselves, then this is a Subject Access Request made under the terms of the Data Protection Act.

If an individual is asking for general information about the University, its activities, or any other material held in our records, then this is a Freedom of Information Request. If it is not possible to tell exactly what sort of request is being made, or a request appears to cover elements of both laws, all data protection subject access requests and freedom of Information requests should be directed to the Information governance team, Email:, Tel: 0161 295 3152.

Freedom of Information

The Freedom of Information Act 2000 came into force in 2005 and its purpose is to promote transparency and accountability by allowing individuals the right to access “recorded” information held by public organisations.

In accordance with the Act the University has made available a Publication Scheme. This document details the types of information the University routinely publishes and how to access it.

A considerable amount of information can also be found on the University webpages. Please consult the University webpages and the University Publication Scheme for information you require.

If you are unable to locate the information you require, you may submit a formal request for information. Please submit your request in writing to, stating your name, address and information you require.

Alternatively if you wish to submit your request by post, please send to:

Information Governance Officer
Legal and Governance Directorate
Maxwell 6th floor
University of Salford
M5 4WT

What is Information Security?

Access to information and IT systems is essential for the University to function competitively in the higher education environment. Information Security is the corporate framework of culture, policies, organisational structure and operating environments used to ensure confidentiality, integrity and availability of our information.

The Senior Information Security Officer based with Legal & Governance Directorate works together with all University departments and Schools to develop policy, advice and guidance on information security issues – whether new information systems, projects to share information with external partners or major revisions to existing information systems and procedures that hold personal information i.e. confidential information.

This can be achieved by implementing controls in:

Physical security

Responsibility of Estates with each resident School and department

Personnel and training security

Responsibility of Human Resources

Policy/procedural security

Responsibility of Senior Information Security Officer and Business Owners

Technical security

Responsibility of Digital IT and System Owners (outside DIT)

All these measures must be implemented in tandem rather than being a one-off, as you can see in the diagram below.

Information Security Onion

How to report a data breach or security incident

The University ITSERT need to know about incidents involving:

  • unauthorised access to or disclosure of personal data or Confidential University information
  • lost or stolen laptop, smart phone, memory stick or other IT equipment containing University confidential information

The Information Governance Team are part of a co-ordinated team across Legal & Governance and Digital IT called the IT Security Emergency Response Team (ITSERT) who respond to and manage investigations into data breaches and security incidents.

Please contact with details or telephone 0161 295 5910/0161 295 2259.

You should always report your concerns because misuse could damage the University network, be illegal or have a negative impact on the University's reputation. All of these can have a negative effect on your studies or job with the University. By reporting your concerns, you are providing the best opportunity to prevent any recurrence and to limit damage to the University and its data subjects as quickly as possible.

Under the forthcoming General Data Protection Regulation there will be a strict time limit for the University to notify the Information Commissioner about serious personal data breaches – we can only meet the time frame, if you tell us about the incident or breach immediately!

Records management

Records management is the process by which the University manages all the elements of records whether externally or internally generated and in any format or media type, from their inception/receipt, all the way through to their disposal. Good records management:

  • ensures that you can find the information you need at the time you need it;
  • provides evidence of your work;
  • supports decision-making;
  • ensures that you are complying with legislation such as the Data Protection Act 1998 and the Freedom of Information Act 2000.

Benefits of effective records management practice

  • Saves time - It is currently estimated that 20 - 60% of staff time is spent looking for information. Good records management will enable information to be retrieved quickly and reliably, thus reducing this time considerably.
  • Saves space - Destroying information that is no longer required liberates space in the University which can be used as teaching space or office space.
  • Reduces administration costs, both in staff time and storage.
  • Removes doubts over authenticity of documents and reduces risk of legal liability to the University.
  • Enables timely responses and cost efficiency to information requests made to the University.
  • Removes duplicates.
  • Ensures that documents important to the University's history are retained permanently.

How can I implement records management?

All staff can help implement good records management by:

  • ensuring you create and maintain a full and accurate record of your activities;
  • following agreed filing procedures in your office;
  • listing your files as they are created and keeping the list up to date;
  • regularly reviewing and disposing of your files according to the records retention schedule (under review, so in the interim contact the Information Governance team);
  • keeping files neat and tidy and not letting filing backlogs build-up;
  • ensuring files are not open for over three years and opening new files when existing ones become too large to use;
  • being aware that the public may request to see virtually all of your records under the Freedom of Information Act 2000, the Environmental Information Regulations and the General Data Protection Regulations.

Additional guidance is available from the Information Governance Team.