1. New Users
The SGUL Data Safe Haven is accessed using unique credentials that are completely separate to your standard SGUL network logon.
To access the SGUL Data Safe Haven you will need to submit the ‘Account Request’ form. The request must be authorised by the Principal Investigator (PI) or Information Asset Owner.
New users must have completed the appropriate information governance training prior to being issued with an account. You will be asked to confirm you have done this, and to indicate that you agree to abide by all the relevant SGUL policies, when you sign the SGUL Data Safe Haven Acceptable Use form.
Once your account request has been approved you will have to collect your credentials in person. They cannot be sent out to you.
If you would like to set up a new share within the Data Safe Haven you must complete the ‘New Share Request’ form.
If you need to be able to access existing research folders, i.e. data already in the Data Safe Haven, you will need to ask the owner of that share to complete the ‘Add New or Remove Existing User Request’ form.
2. Existing Users
If you already have an account for the SGUL Data Safe Haven and would like to request additional resources, or make changes to existing resources, you will need to submit the relevant request form.
To request the creation of a new share within the Data Safe Haven you must complete the ‘New Share Request’ form.
Access to existing shares
If you need to make changes to who can access a share that you own you must complete the ‘Add New or Remove Existing User Request’ form.
If you want to be able to access a share owned by another user, you must ask them to complete the ‘Add New or Remove Existing User Request’ form for you. Requests will only be accepted from the share owner.
Changes to existing shares
In order to make any changes to existing shares you must complete the ‘Request for Action on a Share’ form.
This form allows you to request a change to the share name, and to request that data be deleted, restored, archived or exported. Requests for changes will only be accepted from the share owner.
3. Acceptable use of SGUL Data Safe Haven
The SGUL Data Safe Haven may be used for authorised University business which involves the processing of sensitive personal data.
Users will be expected to sign the SGUL Data Safe Haven Acceptable Use form to acknowledge the conditions of use for this resource.
All use of the Data Safe Haven must comply with the SGUL policies listed here:
- SGUL Conditions of Use: Core regulations
- SGUL Data Protection Policy
- SGUL Information Security Policy: Guidance on proper and improper use of IT Services
Special consideration must also be given to the following IG Framework documents:
- SGUL Data Handling Guidance for Principal Investigators (SGUL-IG04)
- SGUL Information Governance Policy (SGUL-IG03)
- SGUL Incident Reporting Procedure (SGUL-IG15)
- SGUL Home Working Policy (SGUL-IG21)
4. Unacceptable use of SGUL Data Safe Haven
Data Safe Haven may not be used for any of the following:
The creation or transmission, or any other form of processing as defined by the Data Protection Act 1998, that is detrimental to the legitimate rights of individuals or likely to cause annoyance, inconvenience or needless anxiety. For the avoidance of doubt this includes but is not limited to the processing of racist, pornographic, sexist or terrorist materials.
The transmission of unsolicited commercial or advertising material either to other User Organisations, or to organisations connected to other networks.
Non-healthcare profit making activity that grossly abuses the service.
Other activities that do not benefit patient care or that do not support the professional concerns of those providing that care, where those activities constitute gross abuse of the service.
Gross abuse of the service by the unsolicited sending of inappropriate e-mail to large numbers of people.
Deliberate unauthorised access to facilities or services accessible via Data Safe Haven Deliberate activities with any of the following characteristics:
Flagrant wasting of staff effort or networked resources, through inappropriate and unauthorised use of Data Safe Haven facilities including but not limited to the following:
- Corrupting or destroying other users' data;
- Violating the consent, or wishes of data subjects in respect of processing personal or sensitive data;
- Violating the privacy of other users;
- Disrupting the work of other users;
- Using Data Safe Haven in a way that denies service to other users (for example, deliberate or reckless overloading of access links or of switching equipment);
- Continuing to use an item of networking software or hardware after the Head of IT Services has requested that use cease because it is causing disruption to the correct functioning of Data Safe Haven;
- Other misuse of Data Safe Haven or networked resources, such as the introduction of "viruses";
- Where Data Safe Haven is being used to transfer data to another network, any abuse of the acceptable use policy of that network will be regarded as unacceptable use of Data Safe Haven.
Note that this list is not exhaustive, and will be updated in the light of experience.
If you are in doubt about whether you may use Data Safe Haven for a particular purpose, you should seek advice from email@example.com.
It is not permitted to provide access to Data Safe Haven by third parties without the prior agreement of Director of Information Services or their delegated representative Head of IT Services.