University Secretary
View the answers
What is sensitive personal data and how does this differ from personal data?
Sensitive personal data is specifically defined in the Data Protection Act 1998 as that which relates to a person's racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health, sexual life, commission or alleged commission of any offence, the proceedings and outcome of any proceedings arising out of the committed or alleged offence.
Personal data must be processed and kept safely, but sensitive personal data must be stored more securely and used with greater security than personal data, due to the nature of the information held. This means that paper copies of the information must be kept in a locked cabinet when not in use and electronic copies should be password protected.