Conditions of Use Conditions of Use

As a user of the UEA Hobsons admissions systems, Apply Yourself (AY), Connect, including Events and Interviews (E&I), and AppReview, you have access to sensitive personal information, as defined by the Data Protection Act.  This information is confidential.  You must adhere to the University regulations governing the use of computing facilities, the Data Protection Policy and in particular to the regulations concerning confidentiality.  Information used other than in the prescribed course of the admissions process is an abuse of these policies and will be dealt with under the disciplinary procedures.  In addition, the processing of personal data without the consent of the Data Controller (the University) may be a criminal offence under the terms of the Data Protection Act. 

The University's Data Protection Policy states that 'All staff working with personal data must, at minimum, complete the online data protection training module as soon as possible after commencement of their duties.'  Users of AY, AppReview, Connect and E&I who are not members of staff at the University, must be aware of and adhere to the University’s Data Protection Policy.

Access to and disclosure of information must only be made on a need-to-know basis.  Users must therefore not inquire, investigate or view the information contained within the provided Hobsons admissions systems, Apply Yourself, Connect, E&I or AppReview unless directly required to do so for a specific work-related task.  Appropriate measures to keep information secure have been taken by the University.  These measures provide an audit trail which will allow inappropriate use to be identified. 

Measures must also be taken by users to ensure that information, accessible from Apply Yourself, Connect, E&I or AppReview, is kept secure:

1. The screen must be secured by a password screen lock when systems are loaded and the user is not present in the room.

2. Offices which have access to Apply Yourself, Connect, E&I or AppReview must be locked when they are loaded and when no one is present in the room.  This can be via key, numbered key pad or swipe card.

3. Any spreadsheet or report on a PC containing confidential or personal data must be encrypted with a password.  

4. Data should not be stored permanently on a PC or on portable media.  Should data be required to be transferred temporarily via a flash drive; the memory stick must use encryption technology of at least 128bit e.g. 256bit AES Encryption.  The files transferred to the device or portable media should be securely wiped immediately after file transfer.  The transferred file should be kept only for as long as required by the business process it is supporting or as determined by the department's record retention schedule, whichever period is shorter.

5. Should a laptop be required to access Apply Yourself, Connect & E&I or AppReview, then no data shall be stored permanently on the laptop.  When the laptop is no longer required the laptop shall be wiped fully of all the confidential or personal data before being passed to someone else to use.

A user’s username and password is personal.  It must not be disclosed to others, or be passed to anyone else for them to access Apply Yourself, Connect, E&I or AppReview using your password. 

All passwords used to access Apply Yourself, Connect, E&I or AppReview must be between 8-30 characters, contain at least 1 uppercase letter (A-Z), 1 lowercase letter (a-z), 1 number (0-9), and 1 of the following special characters: !@#$%^&*()_+|~-=\`{}[]:";'<>?,./ Spaces are not allowed.