University of Bath

Data security

The University is obliged to collect and maintain certain data about all of its staff. Some of this data is both personal and sensitive.

For all employees

Firstly it is very important for you to check that the information held is correct, current and complete. Please do this through Employee Self Service.

The security of confidential information is paramount to Manager Self Service. Within the system, security has been designed so that each line manager can only view information about their own staff. None of this is new information, but previously had to be requested through HR. Line managers will not be able to access specific sensitive information such as bank details, payslip information and all equality monitoring information such as religion and belief

For managers

You will only be able to access Manager Self Service once you have completed the registration process, which will remind you of your responsibilities under the University's Data Protection policy and IT Acceptable Use Policy.

Access to Manager Self Service will have to be requested by your manager.

There is a critical responsibility for all line managers to handle their staff's confidential information as provided by MSS (and all other sources) appropriately at all times.

All the information that line managers access on their staff from Manager Self Service is confidential and must be kept confidential and managed in line with the Data Protection Act at all times. Information accessed from the system should only be used for a legitimate work purpose. For example, emergency contact information should only be used in genuine emergency situations. These requirements are the same as those that currently apply to the information provided through reports from HR.

Line managers using Manager Self Service must follow the IT Acceptable Use Policy at all times, making sure that they keep their passwords confidential.

Any breach of these requirements and responsibilities by line managers is potentially serious, will be investigated and could result in disciplinary action being taken against the line manager, up to and including dismissal.

Personal data held by HR and Payroll

All personal information for staff will be held securely and confidentially on iTrent in line with the Data Protection Act (1998). The University will only process personal data in accordance with our registration under the Data Protection Act.

The University is obliged under Inland Revenue requirements to retain information on your home and residential address. It also needs to maintain other contact details such as home / mobile telephone number and next of kin details so that it is able to contact you or your next of kin where this is required in an emergency.

The University has a duty under the Equality Act (2010) to monitor and review practice within the organisation to ensure fair treatment in employment practices. The Act has introduced what are now called protected characteristics (e.g. disability, gender, race, age, etc.). The University is only able to monitor against these characteristics if it has this information on its staff.

For this reason we ask staff to update this information, which will only be used for anonymised, high-level reporting and never at an individual level. We are asking staff to check that their personal information on the iTrent system is correct and to update it if it is inaccurate or not completed. This includes the new fields for the protected characteristics of, religion/ belief and sexual orientation. Within each characteristic staff have the option to indicate that they would prefer not to provide this information. It should also be noted that managers will not be able to view information on the protected characteristics of their staff from iTrent.