How to safely screen share within the TRE

Owned by Jenny Johnston, created
Last updated: Aug 16, 2024 by Laura Ward
3 min read

Introduction

Whilst most TRE Users have their own unique log in and TRE workspace, to complete their project data analyses, as of 2024, we have introduced a ‘view-only’ option for becoming a TRE User. View-only users have approvals in place to see the project data solely through screen sharing online or in person, with a standard TRE User. View-only Users will not have dedicated TRE accounts for login (i.e. do not have their own workspaces), and interactions with the data by sharing login details with other Users are strictly prohibited. We expect both types of users to uphold best practices to ensure the security and confidentiality of the sensitive data.

This How-to article provides best practices to safely conduct screen sharing sessions using Microsoft Teams. It outlines potential risks and the necessary steps to mitigate them, ensuring the security and confidentiality of sensitive data.

  Objective

This article provides TRE Users with guidelines and best practices to safely conduct screen sharing sessions using Microsoft Teams. Teams is the approved video conferencing platform of the University of Dundee, whilst we appreciate our Users may use alternative software, our guidance sits within the University of Dundee’s recommendations.

This article outlines potential risks and the necessary steps to mitigate them, ensuring the security and confidentiality of sensitive data.

Why Screen Sharing Security Matters

Screen sharing is a valuable tool for collaboration within TREs, allowing users to discuss data and analysis in real-time. However, it also introduces risks such as unauthorised access, data leakage, and breaches, particularly when users are in insecure environments or high-risk jurisdictions. This guide helps users understand these risks and outlines steps to mitigate them.

As a TRE User, this is your responsibility and you need to make sure that people viewing the data are authorised, using secure connections, and not completing any unauthorised recording. You also need to consider where you and your collaborator are physically, public places are not considered a Safe Setting. You also need to consider high-risk countries, the University of Dundee’s policies can be found here.

TRE User Agreement - User Responsibilities

In line with HIC processes, all of our TRE Users are considered Safe People. Part of these credentials is the signing of our TRE User Agreement which includes key responsibilities that Users are bound by to maintain data security, including:

  1. Safe People: whether TRE Users are standard or view-only, all Users are expected to have the same responsibilities. Only approved Users should be in meetings that will include screen sharing, and secure, encrypted connections should be used. This ensures secure access and compliance with upholding the security and confidentiality of HIC data and the TRE (TRE UA clause 1.4.4). More generally, all Users are expected to comply with applicable laws such as the Data Protection Act 2018 (TRE UA clause 7.2.1).

  2. Safe People, Safe Setting, Safe Data: You are responsible for ensuring that the data is not read, viewed, or handled by anyone not named in the relevant approvals. When screen sharing, there must be no recordings or transcriptions of sessions to prevent data leakage (TRE UA clause 2.1.1). During screen sharing meetings (or at any time), you must not leave your screen unattended (TRE UA clause 3.1.4) or disclose/share the data with people not named on the relevant approvals (TRE UA clause 3.2.2).

  3. Safe Data: you cannot work on the TRE in a public place, i.e. anywhere where anyone not named in the relevant approvals may be present. You must be in a secure environment when participating in screen sharing (TRE UA clause 5.1.6). For example, if you are in a public place such as a library, you should be located in a booth where no one can look over your shoulder.

  4. Safe Outputs: Users are prohibited to take screenshots or use screen capture tools whilst working in the TRE. There is no movement of data in or out of the TRE without the approval of HIC disclosure control processes (TRE UA clause 5.2.1).

 

As set out in the TRE User Agreement, if you are aware of accidental or deliberate breaches, you must legally report this to HICSupport@dundee.ac.uk

Best Practices for Secure Screen Sharing

  1. Preparation:

    • Verify that all participants are approved TRE Users.

    • Close all non-essential applications and documents before the session begins.

    • Use application-specific sharing rather than full-screen sharing.

  2. During the Session:

    • Ensure recording and transcription features are stopped/disabled.

    • Monitor the session for any unauthorised activities, such as screen capturing.

    • Keep discussions focused on the approved scope of the data.

  3. Post-Session:

    • Review the session to ensure no breaches occurred.

    • Follow up with participants to reinforce best practices.

 

For queries or comments regarding HIC How To Articles contact, HICSupport@dundee.ac.uk

 Related articles