Guardians of UCT data | Computer Security Incident Response Team

Have you ever stopped to think about how much sensitive information passes through your hands at UCT? Whether it’s student marks, research data, financial details, or even everyday internal communications, this data is essential to the university's operations. Every message you send, document you share, or system you log into plays a part in keeping that information safe.

Protecting UCT’s data isn’t just ICTS’s responsibility, it’s yours, too. From students submitting assignments to researchers managing large datasets, and staff handling administrative records, everyone who interacts with UCT information serves as its guardian. While some information is publicly available, much of what we work with is confidential or restricted. Mishandling or exposing sensitive information can have serious consequences, from reputational damage and financial loss to breaches of compliance with laws like the Protection of Personal Information Act (POPIA). Being a guardian means acknowledging the trust placed in you and taking intentional measures to protect the university's most valuable digital assets. This includes using secure platforms, carefully managing permissions, and encrypting sensitive files to maintain the trust of our community.

Why responsible data handling matters

Data is one of UCT’s most important resources. When someone handles sensitive information carelessly, such as student records going missing, sharing a research paper too broadly, or allowing unauthorised access to financial details, the consequences can be serious and long-lasting.

Taking care with information helps to protect individual privacy, ensures UCT follows important laws like POPIA, and maintains the university’s reputation as a trusted place to study, work, and collaborate. When each of us handles data responsibly, we not only keep the university safe, but we also support the community that relies on this information every day.

Know your data

To protect information effectively, it’s important to understand levels of sensitivity. Data generally falls into four categories:

Public: Information that can be shared freely, such as university websites, event announcements, or course outlines.
Internal: Intended for members of the university community only, like staff meeting notes or internal newsletters.
Confidential: Sensitive information that requires careful handling, such as HR records, student exam papers, or research datasets.
Restricted: The highest level of sensitivity, including financial records, medical files, and personal student information, where unauthorised access could have serious consequences.

Knowing the classification of the information you handle helps you to choose the right protection methods.

Safe ways to share and collaborate

Sharing data is part of everyday academic and administrative life, but it must be done responsibly.

Use secure platforms like Microsoft Teams, OneDrive, and SharePoint for collaboration.
Manage document permissions carefully by giving access only to those who need it.
Encrypt sensitive files before sharing. Tools like AES Crypt are available for document encryption.
For email, use Microsoft Purview Message Encryption to send encrypted messages that only intended recipients can access. This tool also supports encrypting Microsoft 365 documents, such as Word and Excel files, as well as PDFs, adding an extra layer of protection. Remember to never send an encrypted document and its password together in the same email. Send the password separately, via a secure channel.

Important: Should you accidentally send confidential information to the wrong recipient, you must immediately report it to ICTS.

Compliance and trust

UCT has established clear policies and guidelines for the responsible use of technology, information, and online communication. The university is required to comply with the Protection of Personal Information Act (POPIA), which sets standards for handling personal information securely. To support data protection, UCT has implemented an Information Security Management System (ISMS): a framework that governs how information is stored, shared, and protected across different platforms and formats.

Following these policies and frameworks helps to ensure compliance, safeguard sensitive information, and maintain the university’s ability to operate securely and effectively.

Recognising and reporting incidents

Even with careful handling and best efforts to protect data, mistakes can happen. If you accidentally share confidential information, notice unusual activity, or suspect a potential security issue, report immediately to the IT Helpdesk by logging an online call or sending an email to icts-helpdesk@uct.ac.za.

View additional guidance and resources on information security, on the UCT CSIRT website. Quick reporting helps ICTS to act fast, reducing risk and protecting university data.

Together, we are all guardians of UCT data.