Rules Reminder Sheet for DARS Users
This article will be updated on a regular basis. Updates may be required in response to updates to DARS or changes to business processes or errors.
Refer to DARSWiki Conventions for information on icons and other conventions that may apply to this User Guide.
Ensure you are familiar with the Data Protection laws before adding data to records in DARS. Refer to DARSWiki FurtherHelp for further information and relevant links. Please think twice before printing this article. If a printed copy is necessary, ensure it is printed double-sided and always recycle old versions.
Author(s): Kathryn Grant (Legal Services), Sarah Cowburn (Council Secretariat), Dan Keyworth (UODO)
This document outlines the Data Protection and Data Security rules for DARS Users.
You can download the DARS Rules for Participation and the three template Confidentiality Agreements (for use when providing data to external individuals or organisations) from the Shared Resources page on the Advancing Oxford site, listed under 'University Downloads
RULES REMINDER SHEET FOR DARS USERS
Familiarise yourself with the DARS Rules for Participation and attend all required training. Look up and be aware of the specific rules in the key areas – the University is entitled to suspend access to DARS for any breach of the Rules by a user.
- All information in DARS is treated as highly confidential and should not be divulged, shared or given to any other person including after your employment with the University terminates.
- The permitted purpose should govern your use of DARS and all data subjects should be made aware of it: https://www.alumni.ox.ac.uk/data_protection
- Data subjects can object to the holding of their data and ask to be removed from the System – pass such a request on to the DARS Helpdesk immediately.
- You must follow the obligations outlined in Rule 7.
- Keep your password and login details private – they should not be shared.
- If you are leaving your desk either log out of DARS or lock your computer.
- DARS must not be accessed in a public place and data from DARS must not be sent to personal email accounts. DARS must not be used on personal computers or portable devices without the express written consent of the Head of DARS Support Centre.
- Data should only be downloaded, exported or printed from the System if it is strictly necessary to do so. If data is taken from the System it should be encrypted or password protected if held electronically, or stored in locked filing cabinets if in hard copy.
- No information should be transferred on CDs or by normal email attachments – use encrypted USB sticks or secure ZIP files.
- Follow the steps outlined in Rule 7.3.3 in respect of information to be provided to data subjects and the wording which must be used in footers.
- Follow Rule 7.12 in respect of abiding by a data subject’s mailing preferences and applying the appropriate solicit codes.
- Particular care should be taken in handling sensitive personal data, data in relation to children,spouses/partners and other family members, financial information and commentary and free text.
- Information a data subject is not aware of, financial details outside of the financial tabs, information about convictions, explicit reference to a person’s religion (without consent) and credit or debit card details must not be stored.Development & Alumni Relations System (DARS).
- Care should be taken over the phrasing and wording used to record information and contact – potentially all data is disclosable to the data subject if it is requested.
- Refer to Rule 10 when considering whether to export data from the System and follow the rules outlined there in respect of gaining approval and using the Confidentiality Agreements.
- If you receive a request for information under the Data Protection Act 1998 or the Freedom of Information Act 2000 you must inform your Head of Development (or equivalent) and the Head of DARS Support Centre immediately and follow any subsequent instructions from them (see Rule 12).