Versions Compared

Version Old Version 5 New Version Current
Changes made by

Laura Ward

Laura Ward

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

👋 Introduction

Whilst most TRE Users have their own unique log in and TRE workspace, to complete their project data analyses, as of 2024, we have introduced a ‘view-only’ option for becoming a TRE User. View-only users TRE Users have approvals in place to see the project data solely through screen sharing online or in person, with a standard userTRE User. View-only Users will not have dedicated TRE accounts for login (i.e. do not have their own workspaces), and interactions with the data by sharing login details with other Users are strictly prohibited. We expect both types of users Users to uphold best practices to ensure the security and confidentiality of the sensitive data. This How-to article provides best practices to safely conduct screen sharing sessions using Microsoft Teams. It outlines potential risks and the necessary steps to mitigate them, ensuring the security and confidentiality of sensitive data.

\uD83D\uDCD8  Objective

This How-to article provides Trusted Research Environment (TRE) users with guidelines and best practices to safely conduct screen sharing sessions share online using Microsoft Teams . Teams is (the approved video conferencing platform of the University of Dundee, whilst we appreciate our Users may use alternative software, our guidance sits within the University of Dundee’s recommendations. This article ). It outlines potential risks and the necessary steps to mitigate them, ensuring the security and confidentiality of sensitive data.

...

As a TRE User, this is your responsibility and you need to make sure that people viewing the data are authorised, using secure connections, and not completing any unauthorised recording. You also need to consider where you and your collaborator are physically, public places are not considered a Safe Setting. You also need to consider high-risk countries, the University of Dundee’s policies can be found here.

🗺️ Best Practices for Secure Screen Sharing

  1. Preparation:

    • Verify that all participants are approved TRE Users.

    • Close all non-essential applications and documents before the session begins.

    • Use application-specific sharing rather than full-screen sharing.

  2. During the Session:

    • Ensure recording and transcription features are stopped/disabled.

    • Monitor the session for any unauthorised activities, such as screen capturing.

    • Keep discussions focused on the approved scope of the data.

  3. Post-Session:

    • Review the session to ensure no breaches occurred.

    • Follow up with participants to reinforce best practices.

...

🖊️ TRE User Agreement - User Responsibilities

...

  1. Safe People: whether TRE Users are standard or view-only, all Users are expected to have the same responsibilities. Only approved Users should be in meetings that will include screen sharing, and secure, encrypted connections should be used. This ensures secure access and compliance with upholding the security and confidentiality of HIC data and the TRE (TRE UA Agreement clause 1.4.4). More generally, all Users are expected to comply with applicable laws such as the Data Protection Act 2018 (TRE UA Agreement clause 7.2.1). TRE UA 1.4. 4, 7.2.1

  2. Safe People, Safe Setting, Safe Data:You are responsible for ensuring that the data is not read, viewed, or handled by anyone not named in the relevant approvals. When screen sharing, there must be no recordings or transcriptions of sessions to prevent data leakage (TRE UA Agreement clause 2.1.1). During screen sharing meetings (or at any time), you must not leave your screen unattended (TRE UA Agreement clause 3.1.4) or disclose/share the data with people not named on the relevant approvals (TRE UA Agreement clause 3.2.2).

  3. Safe Data: you cannot work on the TRE in a public place, i.e. anywhere where anyone not named in the relevant approvals may be present. You must be in a secure environment when participating in screen sharing (TRE UA Agreement clause 5.1.6). For example, if you are in a public place such as a library, you should be located in a booth where no one can look over your shoulder.

  4. Safe Outputs: Users are prohibited to take screenshots or use screen capture tools whilst working in the TRE. There is no movement of data in or out of the TRE without the approval of HIC disclosure control processes (TRE UA Agreement clause 5.2.1).

Info

As set out in the TRE User Agreement, if you are aware of accidental or deliberate breaches, you must legally report this to HICSupport@dundee.ac.uk

...

🗺️ Best Practices for Secure Screen Sharing

...

Preparation:

  • Verify that all participants are approved TRE Users.

  • Close all non-essential applications and documents before the session begins.

  • Use application-specific sharing rather than full-screen sharing.

...

During the Session:

  • Ensure recording and transcription features are stopped/disabled.

  • Monitor the session for any unauthorised activities, such as screen capturing.

  • Keep discussions focused on the approved scope of the data.

Post-Session:

...

...

Follow up with participants to reinforce best practices.

...

For queries or comments regarding HIC How To Articles contact, HICSupport@dundee.ac.uk

Requesting work (outputs) out of the TRE

'Safe People' requirements and resources

...