iCIS Intra Wiki
categories:             Info      -       Support      -       Software       -      Hardware       |      AllPages       -      uncategorized

Data Protection Policy

From ICIS-intra
Jump to: navigation, search

RU POLICY: laptops must be encrypted!!


This page contains a basic overview of information from the Radboud University Privacy & Security website.

Information security: Cybersave yourself!

Source: https://www.ru.nl/ict-uk/general/securing-your-information/

Radboud University takes the security of information very seriously and puts adequate measures into effect to prevent identity fraud and the spreading of viruses or spam from happening.

Here are five tips you can follow up to become ‘cybersafe’:

View also other simple to do's to guarantee your online privacy and protect your data.

More information and tips on information security (how to report a data breach or how you can recognise a phishing e-mail, for instance) can be found on the Privacy- and security website of Radboud University.

Personal Data Protection Act

Source: https://www.ru.nl/privacy/english/protection-personal-data/personal-data/

Every person has a right to privacy and careful handling of his or her personal data. The Personal Data Protection Act specifies how personal data should be processed and automated. Personal data must, for example, be protected against loss and unlawful processing. Also, companies and organisations are only allowed to store data for a legitimate aim and not longer than necessary. 4 guidelines for dealing with personal data

Four central theme's in the Personal Data Protection Act can be pointed out when it comes the dealing with personal data: goal limitation, data minimasation, transparency and security. It means you should follow these guidelines:

  • Document why and for what reason you save personal data and make sure the data will only be used for that specific purpose.
  • Don't save personal data any longer than necessary (often there are statutory retention periods) and only save those data that you really need for reaching your goal.
  • Be transparent when collecting personal data en tell for what purpose you collect them.
  • Make sure the collected personal data are well secured.


What data is considered Personal data?

Roughly, personal data means data that can be traced to an individual, such as name, IP address, telephone number, employee or student number, study results or your bank account number. We describe the topic more specific on the FAQ page.

Data Storage Policy

Source: http://www.ru.nl/privacy/english/data/saving-files/

RU POLICY: laptops must be encrypted!!

Where to best save information depends on its confidentiality classification. We distinguish between critical, sensitive and standard information:

  • Critical: personal details or information traceable to a person.
  • Sensitive: information that is commercially sensitive or confidential.
  • Standard: all other information.

The ict website has an overview page RU file folders: Saving and sharing files safely with RU colleagues.

The following table below shows which storage mediums are suitable for each confidentiality classification.

Critical Sensitive Standard
RU-folders Suitable Suitable Suitable
Portable devices Only if encrypted Only if encrypted Only if encrypted
FileSender Not permitted Permitted* Permitted
Edu groups Not permitted Permitted* Permitted
SURFdrive Not permitted Permitted* Permitted

* Encryption recommended
  Eg. use 7zip to create an encrypted archive before storing or sending, and use Cryptomator to do automatically client side encryption of files stored on your SURFdrive.

Each information classification has applicable security measures that have been laid out in the university information policy. Sensitive data, for instance, may not be saved in a public cloud service such as Dropbox nor may it be sent through a service such as WeTransfer, as the security of the information cannot be guaranteed.

Critical data may not be saved in a community cloud service, such as SURFdrive. RU storage is suitable for storing such information (home directories, departmental directories, work group folders). This type of storage enables us to know exactly who has access to the information and this access can be terminated as soon as someone leaves the university. In addition, access is only granted to RU staff and persons who have a formal working relationship with Radboud University. In SURFdrive, the owner of a folder decides who can access it (could be anyone) and this access is not terminated when someone leaves the university.

Encrypting files means that they can only be opened by persons who have a unique key or password. If you want to share these passwords with others, make sure to use a different medium than the one you used to share the files, for instance SMS or WhatsApp.

For information about howto encrypt your files or your whole pc/laptop look at this wiki page about Encryption.

Data Breach Notification Duty

Source: https://www.ru.nl/privacy/english/protection-personal-data/duty-report-leaks/

The Data Breach Notification Duty has been included in the Personal Data Protection Act in order to better protect personal data.

The notification duty implies that Radboud University staff and students have to immediately report any suspected ‘data leak’ to the ICT Helpdesk. The Helpdesk can be reached at (024 36) 22222 or via icthelpdesk@ru.nl.

A data leak refers to a breach of security involving personal data. Specifically, it refers to access to or destruction, modification, loss or release of personal data without the consent of the person concerned. This means that data leaks include not only actual unlawful release/leakage and processing of personal data, but also cases in which this is a possibility.

For more information see this page about Data leaks.

Security Do's

Source: Security Do's

DATA

  1. Lock your computer screen when you leave your workplace
  2. Encrypt your laptop
  3. Encrypt your USB-stick or external hard drive
  4. Encrypt sensitive files
  5. Use work group folders for working on documents with colleagues from other departments
  6. Use SURFdrive for saving and sharing files
  7. Send large files through FileSender
  8. Use RU-Connect/VPN@RU to work securely from home
  9. Add the Radboud University disclaimer to you email signature
  10. Empty folder such as 'Downloads' and 'Temp' regularly

IDENTITY

  1. Use a strong password
  2. Never share your password, but delegate permissions instead
  3. Activate the spam filter
  4. Watch out for phishing
  5. Be alert while surfing the internet on where you might leave information
  6. Protect your identity on social media

DEVICES

  1. Install a firewall on your computer
  2. Install anti virus software on your computer
  3. Prevent your USB-stick from spreading malware
  4. Make sure you protect your mobile devices
  5. Check wireless networks on their safety

More information