Skip to navigation | Skip to main content | Skip to footer
Menu
Search the University of Manchester siteSearch Menu StaffNet

Steps to information security

13 Nov 2009

Barbara Frost appointed as Information Security Manager

Barbara Frost

The new post of Information Security Manager has been created to raise awareness of the need to consider information security across all aspects of the University's activities.

Barbara’s appointment is one of the measures by the University taken following a breach of the Data Protection Act with regard to student records which occurred in the Faculty of Life Sciences earlier this year.

As a result the University, was required by the Information Commissioner’s Office to sign a formal undertaking to:

  • ensure that personal data is kept secure
  • ensure that policies related to the sharing and publication of personal data are clear and understood by staff

The full text of this undertaking can be found at:

The University holds, processes and exchanges a huge amount of personal data in relation to current and former staff and students, research subjects, contractors, applicants and service users, both in electronic and paper form. All of this data must be treated in accordance with the principles of the Data Protection Act and all staff who handle personal data should be familiar with these principles. If you are unsure about what this means, you should speak to your line manager who can arrange further training if necessary.

The damage to the University’s reputation arising from a further data breach would be considerable and it is essential, therefore, that no further data breaches occur.

In addition to Barbara’s appointment, to address the issue, the University has made guidance available to staff in relation to data held electronically which can be found at:

All staff who deal with personal data should familiarise themselves with this guidance and take advantage of the services offered where appropriate.

Barbara says:”I will be working closely with senior managers and the University's experts in IT security and data protection, to develop an information security strategy, policies and procedures which will promote a culture of good information security practice throughout the University. One of the first priorities is to ensure that every member of staff understands that they have a key role in protecting the University's data from unauthorised access."

Barbara can be contacted at:

Further advice, including a guide to handling data under the Data Protection Act is available from the Records Management Office: