These guidelines cover the use of external web services such as Google, Facebook and YouTube. These are occasionally called cloud services as there may not be a clearly identified location where information is being stored. There are seven key recommendations:
The University of Northampton (UON) recognises that staff and students are increasingly using services beyond those which have been provided corporately. There is a dimension of provision which ranges from:
Cloud services are often used to describe those which are provided outside of the institutional provision (1) but many include those paid by the institution (2) and those provided at no perceived cost (3 and 4).
The types of information being generated by staff and students may be categorised into:
Some of the services used in (3) and (4) provide additional functionality not provided institutionally (e.g., ability to collaborate with those outside of UON) and may be in regular use outside of the institutional setting.
Systems provided in (3) and (4) may be integrated with the UON identity management system (IDM) or more likely will mean that users will have to provision their own account and are likely to have access to this regardless of any UON action (e.g., at the end of an employee’s contract or when a student completes). Where there is lack of integration it means that there is no control over authentication / passwords from UON and that no assistance may be possible in the event of an issue in this area.
The use of multiple systems without clear navigation may provide confusion for end users who may have data located in many locations.
The nature of services provided in (3) and (4) further mean that there may be no control over the location of data storage which may mean external to areas with adequate data protection provisions (GDPR issues); the use to which that data is used for (e.g., data mining by the host); service support (data may be lost and not recovered); and continuity of service (e.g., the service may change to subscription model or be withdrawn at any point without notice).
If there are any questions in relation to any of the guidance above then please contact the University's Data Protection Office at firstname.lastname@example.org
This guidance was created by the University of Northampton's Records Management Office on 26th March, 2012.
It was reviewed and minor revisions were made by the Records Manager on 15th March, 2021