UCL staff and students must abide by UCL's Data Protection Policy.
Ensure student-generated content is stored on a password protected system (e.g. discussion boards, blogs, wikis, videos). Non-password protected sites should only be used if students are aware the material is publicly available, and are satisfied with the implications of this - e.g. their full names may appear alongside their work. Using Moodle is the easiest way to adhere to this data protection requirement. However, you must also:
Avoid guest access to your Moodle course (without a password). Students will assume their course is private to just them, their tutors and their peers, so unless you tell them otherwise do not open the course publically as doing so will effectively make their contributions (such as forum discussion posts) public.
Communicate potential data protection issues when students are asked to use non-UCL systems - e.g. to fill in a google form. An alternative must be provided if students refuse to register with an external service, so think about this before you speak to students about this. The easiest option is to use a Microsoft Office Online products (such as forms), since UCL provides access to these centrally. You can also create forms in Moodle using the Database activity.
Please contact the UCL Data Protection Officer for advice.
You should also be familiar with the following guidelines, where relevant:
More guidance is available as part of UCL's Information Security Policy...