Skip to main content

Data and information management guide

How to use, manage and protect traditional paper records, digital data, files, and research data confidently and effectively in line with legislation.

Introduction

Everyone in our University community interacts with data and information, whether you’re a researcher delving into scientific discovery, a professional services staff member running operations, or a student navigating daily life.

These pages provide guidance on managing all University data and information – from academic, administrative, and research activities to legal and regulatory compliance. It helps you handle data and information safely, reduce risks, and make the most of our resources, including traditional paper records, digital data, files, or research data.

What is data and information

Understanding and using precise terminology is crucial for effective communication, ensuring clarity, accuracy, and consistency in the interpretation and management of data and information.

Data

For example, data is defined as raw facts and figures like numbers, symbols, text, and images that can be quantitative (numerical) or qualitative (descriptive), such as student marks, website traffic, and lab results. Other key terms include:

  • personal data: that which can be used to identify a living person
  • special category data: personal data requiring extra protection under the Data Protection Act that specifically includes:
    • racial or ethnic origin
    • political opinions
    • religious or philosophical beliefs
    • trade union membership
    • genetic data
    • biometric data (where used for identification purposes)
    • data concerning health, sex life or sexual orientation
  • data subject: the individual the personal data relates to
  • management data: data collected to support decision-making and planning
  • research data: collected or generated to validate research findings

Information

Information is data that is processed, organised and structured to inform decisions and actions, like reports, minutes and contracts. Types of information include:

  • records: formal, fixed information that serves as evidence of activities or operations
  • archives: records preserved permanently for their historical value

Creating, collecting and classifying

Proper creation and collection of data and information are vital to its effective use. Ensure you have a legal basis for processing, minimise unnecessary data collection, classify your data and document your sources. For research data, ensure compliance with any specific requirements from funders and consult the Research Data Service for support.

Please see the Creating, Collecting and Classifying guide for more detail.

Storing

Store data on approved University systems like OneDrive, SharePoint, or Teams, ensuring it is secure, backed up, and accessible only to those who need it. Regularly review permissions, avoid unsupported cloud services, and follow the University’s Records Retention Schedule for data retention and disposal.

Please see the Storing guide for more detail.

Using

Use data responsibly by ensuring accuracy, minimising duplication, and adhering to legal requirements. Always use data from original sources and ensure that personal data use complies with data protection principles. Log data quality issues and refer to the business glossary, and ensure Freedom of Information are forwarded immediately to freedom-of-information@bath.ac.uk, and Subject Access Requests are forwarded immediately to dataprotection@bath.ac.uk.

Please see the Using guide for more detail.

Sharing

Share data and information securely and responsibly. Limit access to the necessary individuals and consider minimising or redacting information when appropriate. Avoid sharing data via email; use secure platforms like SharePoint, OneDrive and Teams. For research data, be aware of any funder policies requiring sharing and export control regulations that may restrict sharing.

Please see the Sharing guide for more detail.

Archiving and disposing

Dispose of data and information securely when it’s no longer needed, following the University Records Retention Schedule. Paper documents should be shredded, and digital files should be deleted properly. Archive records of lasting value and transfer them to the University Archives if necessary.

Please see the Archiving and Disposing guide for more detail.

Risks, sanctions and breaches

Data breaches, whether accidental or deliberate, can result in severe consequences, including fines. Report any potential breaches immediately to the Data Protection Officer to comply with legal obligations. Understanding and mitigating risks is essential to protect data integrity and University compliance.

Please see the Risks, Sanctions and Breaches guide for more detail.

Find out who to contact for support

Find the right team

On this page