Skip to main navigationSkip to main content
The University of Southampton
About us

Data Protection, Freedom of Information and Data Breach

Here you can make a request to manage your personal information, make a freedom of information request or report a data breach.

Data Protection

How to make a request to manage your personal information

The General Data Protection Regulations provide rights to individuals to manage their personal information. You can:

Student writing

Subject Access Request Form

If you would like to make a request to the University in relation to personal information please use our online forms.

Request form

Authorised Agent

If you are acting for an individual and wish to make a request on their behalf please use our online form.

Applicants will also be required to provide satisfactory proof of identity. Please see the University’s Data Protection Policy.

Members of the University who submit an application electronically via their University email account will be deemed to have satisfied the requirement as to proof of identity.

The University takes the safekeeping of personal information that it holds very seriously, and applicants requesting third-party personal information (i.e. personal information concerning a person other than themselves) should be aware that such information will not be disclosed except in the limited circumstances permitted both by law and by the University’s Data Protection Policy.

If you are unhappy with the way that we have handled your personal information you can contact us or contact the Information Commissioner’s Office. See their website.

We have additional policies and guidelines concerning particular activities. If you would like further information please see our Publication Scheme.

Freedom of Information

The Freedom of Information Act 2000 gives the public the right, subject to certain exemptions enumerated in the Act, to access information held by public authorities (such as universities). It also requires such public authorities to make information available proactively through a publication scheme. The University has adopted the new Model Publication Scheme prepared and approved by the Information Commissioner.

How you can make a request for information

Any person who makes a request to the University for information not made available through the publication scheme is entitled (subject to the exemptions enumerated in the Act) to be informed in writing whether the University holds the information requested and if so, to have the information communicated to him or her.

Shelves of books

Freedom of Information

Please request information using our online form

Request form

Any request must be in writing, must state the applicant's name and an address for correspondence, and must contain a description of the information required. It must be clearly addressed to the University: the University will not respond to letters or emails which are not clearly addressed to and intended for the University. This includes emails which are sent as "blind copies" or Bcc which, following good practice, for security reasons are automatically routed to spam as a potential cyber threat.

A request can also be posted to:
Director of Legal Services
University of Southampton
SO17 1BJ
United Kingdom

Reviews and appeals

If you do not feel that we have dealt with your request in accordance with the requirements of Part I of the Act, you may request a review. Your request for a review should specify in what respect you do not feel that the requirements of Part I have been met. The request for a review should be to: The Chief Operating Officer, University of Southampton, Highfield, Southampton, SO17 1BJ, United Kingdom or sent by email to

The Information Commissioner is responsible for enforcing rights of access to information and the operation of the publication scheme. You may apply to the Information Commissioner in writing (FOI/EIR Complaints Resolution, Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF) or online for a decision whether, in any specified respect, your request for information has been dealt with by the University in accordance with the requirements of Part I of the Act. The Information Commissioner will not normally take action unless he is satisfied that the University's review procedures have been exhausted.

Data Breach

All data breach incidents, actual and potential must be reported immediately a data breach occurs, is threatened or is suspected. This should be done by using the Incident Report Form below or telephoning +44(0)23 8059 4684 during office hours and Security +44(0)23 8059 2811 x22811 outside office hours.

Image of laptop

Incident Report Form

Please use our Incident Report Form in the event of a data breach

Report form

Remember that the reporting of data breach incidents is for the common good and the major concern is not to apportion blame, but to contain, then resolve the situation and prevent a future re-occurrence. Failure to report data breach incidents is a serious matter as it could leave the University exposed to repeated and more serious attacks/breaches as well as to the imposition of large fines. 

Further, certain types of breaches must be reported by the Data Protection Officer to the Information Commissioner’s Office within 72 hours of becoming aware of the breach, therefore, it is important that you contain and respond immediately to the discovery of a data breach.

Incidents which must be reported include those which:

Please ensure that any discussion of the data breach or circulation of information is restricted to those directly involved in the investigation. Wider communication of a data breach, including notification to the ICO or other regulatory authorities or research sponsors will be managed by the Information Security Response team.

Privacy Settings