iCIS Intra Wiki
categories:             Info      -       Support      -       Software       -      Hardware       |      AllPages       -      uncategorized

Difference between revisions of "Data Protection Policy"

From ICIS-intra
Jump to navigation Jump to search
 
(21 intermediate revisions by the same user not shown)
Line 5: Line 5:
 
This page contains a basic overview of information from the Radboud University [http://www.ru.nl/privacy/english/ Privacy & Security ] website.
 
This page contains a basic overview of information from the Radboud University [http://www.ru.nl/privacy/english/ Privacy & Security ] website.
  
== Information security: Cybersave yourself! ==
+
== Information security ==
  
 
Source: https://www.ru.nl/ict-uk/general/securing-your-information/  
 
Source: https://www.ru.nl/ict-uk/general/securing-your-information/  
Line 19: Line 19:
 
* [[VPN | Use VPN for working at home]]
 
* [[VPN | Use VPN for working at home]]
  
View also [http://www.ru.nl/privacy/english/vm/do/ other simple to do's to guarantee your online privacy and protect your data].
+
View also [[#Security_Do.27s | other simple to-do's to guarantee your online privacy and protect your data]].
 
 
More information and tips on information security (how to report a data breach or how you can recognise a phishing e-mail, for instance) can be found on [http://www.ru.nl/privacy/english/ the Privacy- and security website of Radboud University].
 
  
 
== Personal Data Protection Act ==
 
== Personal Data Protection Act ==
Line 27: Line 25:
 
Source: https://www.ru.nl/privacy/english/protection-personal-data/personal-data/
 
Source: https://www.ru.nl/privacy/english/protection-personal-data/personal-data/
  
Every person has a right to privacy and careful handling of his or her personal data. The Personal Data Protection Act specifies how personal data should be processed and automated. Personal data must, for example, be protected against loss and unlawful processing. Also, companies and organisations are only allowed to store data for a legitimate aim and not longer than necessary.
+
'''Question:''' What data is considered Personal data?
 +
 
 +
'''Answer:''' Roughly, personal data means data that can be traced to an individual, such as name, IP address, telephone number, employee or student number, study results or your bank account number.
 +
 
 +
Every person has a right to privacy and careful handling of his or her personal data. '''The Personal Data Protection Act''' specifies how '''personal data''' should be processed and automated. Personal data must, for example, be protected against loss and unlawful processing. Also, companies and organisations are only allowed to store data for a legitimate aim and not longer than necessary.
 
4 guidelines for dealing with personal data
 
4 guidelines for dealing with personal data
  
Line 36: Line 38:
 
* Be transparent when collecting personal data en tell for what purpose you collect them.
 
* Be transparent when collecting personal data en tell for what purpose you collect them.
 
* Make sure the collected personal data are well secured.  
 
* Make sure the collected personal data are well secured.  
 +
 +
More information can be found on
  
 
+
* [http://www.ru.nl/privacy/english/ the Privacy- and security website of Radboud University].
''' What data is considered Personal data? '''
+
* [https://www.ru.nl/en/staff/services/campus-facilities/work-and-study-support-services/ict/security/privacy-and-using-personal-information Privacy and using personal information ]
 
+
* [https://www.ru.nl/en/staff/services/campus-facilities-buildings/ict/reporting-a-data-breach-or-security-incident Reporting a data breach or security incident]
Roughly, personal data means data that can be traced to an individual, such as name, IP address, telephone number, employee or student number, study results or your bank account number. We describe the topic more specific on the [http://www.ru.nl/privacy/english/personal-data/faq/ FAQ] page.
+
* [https://www.ru.nl/en/regulations/personal-data-protection-regulations Personal Data Protection Regulations]
  
 
== Data Storage Policy ==
 
== Data Storage Policy ==
  
Source: http://www.ru.nl/privacy/english/data/saving-files/
+
Source: https://www.ru.nl/en/staff/services/campus-facilities-buildings/ict/security/sharing-and-storing-files-safely
 
 
'''RU POLICY: laptops must be encrypted!!'''
 
 
 
Where to best save information depends on its confidentiality classification. We distinguish between critical, sensitive and standard information:
 
 
 
* '''Critical''': personal details or information traceable to a person.
 
* '''Sensitive''': information that is commercially sensitive or confidential.
 
* '''Standard''': all other information.
 
 
 
The ict website has an overview page [http://www.ru.nl/ict-uk/staff/saving-sharing-files/sharing-colleagues/ RU file folders: Saving and sharing files safely with RU colleagues].
 
 
 
The following table below shows which storage mediums are suitable for each confidentiality classification.
 
 
 
<div class="tableholder">
 
 
 
{| border=1
 
!  scope="col" |
 
!  scope="col" | Critical
 
!  scope="col" | Sensitive
 
!  scope="col" | Standard
 
|-
 
!  scope="row" | [[Home_share#RU-folders|RU-folders]]
 
|  | Suitable
 
|  | Suitable
 
|  | Suitable
 
|-
 
!  scope="row" | Portable devices
 
|  | Only if encrypted
 
|  | Only if encrypted
 
|  | Only if encrypted
 
|-
 
!  scope="row" | [[Email#File_sender|FileSender]]
 
|  | Not permitted
 
|  | Permitted*
 
|  | Permitted
 
|-
 
! scope="row" | Edu groups
 
| | Not permitted
 
| | Permitted*
 
| | Permitted
 
|-
 
! scope="row" | [[Home_share#SURFdrive:_cloud_storage_from_SURF| SURFdrive]]
 
|  | Not permitted
 
|  | Permitted*
 
|  | Permitted
 
|}
 
</div>
 
 
 
'''<nowiki>* </nowiki>[[Encryption]] recommended''' <br>&nbsp;&nbsp;'''Eg. use  7zip to create an encrypted archive before storing or sending, and use [[Encryption#Cryptomator|Cryptomator]] to do automatically client side encryption of files stored on your SURFdrive.'''
 
 
 
Each information classification has applicable security measures that have been laid out in the university information policy. Sensitive data, for instance, may not be saved in a public cloud service such as Dropbox nor may it be sent through a service such as WeTransfer, as the security of the information cannot be guaranteed.
 
  
Critical data may not be saved in a community cloud service, such as SURFdrive. RU storage is suitable for storing such information (home directories, departmental directories, work group folders). This type of storage enables us to know exactly who has access to the information and this access can be terminated as soon as someone leaves the university. In addition, access is only granted to RU staff and persons who have a formal working relationship with Radboud University. In SURFdrive, the owner of a folder decides who can access it (could be anyone) and this access is not terminated when someone leaves the university.
+
When sharing documents (working together) the only safe way you can do this is either by using Workgroup folders (network shares) or  
 
+
Microsoft Teams (cloud storage).
Encrypting files means that they can only be opened by persons who have a unique key or password. If you want to share these passwords with others, make sure to use a different medium than the one you used to share the files, for instance SMS or WhatsApp.
 
  
 
For information about howto encrypt your files or your whole pc/laptop look at this wiki page about [[Encryption |  Encryption]].
 
For information about howto encrypt your files or your whole pc/laptop look at this wiki page about [[Encryption |  Encryption]].
  
== Data Breach Notification Duty ==
+
'''RU POLICY: laptops must be encrypted!!'''
 
 
Source: https://www.ru.nl/privacy/english/protection-personal-data/duty-report-leaks/
 
 
 
The Data Breach Notification Duty has been included in the Personal Data Protection Act in order to better protect personal data.
 
 
 
The notification duty implies that Radboud University staff and students have to immediately report any suspected ‘data leak’ to the ICT Helpdesk. The Helpdesk can be reached at (024 36) 22222 or via icthelpdesk@ru.nl.
 
 
 
A data leak refers to a breach of security involving personal data. Specifically, it refers to access to or destruction, modification, loss or release of personal data without the consent of the person concerned. This means that data leaks include not only actual unlawful release/leakage and processing of personal data, but also cases in which this is a possibility.
 
 
 
For more information see this page about [http://www.ru.nl/privacy/english/personal-data/data-leak/ Data leaks].
 
  
 
== Security Do's ==
 
== Security Do's ==
Line 121: Line 63:
 
DATA
 
DATA
  
# <span class="li-content">[https://www.ru.nl/ict-uk/general/securing-your-information/security/lock-your-computer/ Lock your computer screen when you leave your workplace]</span>
+
# Lock your computer screen when you leave your workplace
# <span class="li-content">[https://www.ru.nl/ict-uk/general/securing-your-information/security/encrypt-your-device-have-encrypted/ Encrypt your laptop]</span>
+
# Encrypt your laptop
# <span class="li-content">[https://www.ru.nl/ict-uk/general/securing-your-information/security/encrypt-your-device-have-encrypted/ Encrypt your USB-stick or external hard drive]</span>
+
# Encrypt your USB-stick or external hard drive
# <span class="li-content">[https://www.ru.nl/ict-uk/general/securing-your-information/security/encrypting-files/ Encrypt sensitive files]</span>
+
# Encrypt sensitive files
# <span class="li-content">[https://www.ru.nl/ict-uk/general/securing-your-information/security/saving-files/ Use work group folders for working on documents with colleagues from other departments]</span>
+
# Use [https://www.ru.nl/en/staff/services/campus-facilities-buildings/ict/file-sharing-and-collaborating/using-work-group-folders workgroup folders] for working on documents with colleagues from other departments
# <span class="li-content">[https://www.ru.nl/ict-uk/general/securing-your-information/security/saving-files/ Use SURFdrive for saving and sharing files]</span>
+
# Use Microsoft [https://www.ru.nl/en/staff/services/services-and-facilities/ict/software/teams Teams] for online collaboration on files in a team (in the cloud)
# <span class="li-content">[https://www.ru.nl/ict-uk/general/securing-your-information/security/saving-files/ Send large files through FileSender]</span>
+
# Send large files through SurfFileSender
# <span class="li-content">[https://www.ru.nl/ict-uk/general/securing-your-information/security/working-securely-from-home/ Use RU-Connect/VPN@RU to work securely from home]</span>
+
# Use [https://www.ru.nl/en/staff/services/campus-facilities-buildings/ict/working-off-campus/vpn-off-campus-access-to-systems/using-eduvpn eduVPN] to work securely from home
# <span class="li-content">[http://www.ru.nl/corporateidentity/applications/mail-signature/ Add the Radboud University disclaimer to you email signature]</span>
+
# Add the Radboud University disclaimer to you email signature
# <span class="li-content">Empty folder such as 'Downloads' and 'Temp' regularly</span>
+
# Empty folder such as 'Downloads' and 'Temp' regularly
  
 
IDENTITY
 
IDENTITY
  
# <span class="li-content">[https://www.ru.nl/ict-uk/general/password/how-create-strong-password/ Use a strong password]</span>
+
# Use a strong password
# <span class="li-content">[https://www.ru.nl/ict-uk/general/password/granting-authorizations/ Never share your password, but delegate permissions instead]</span>
+
# Never share your password, but delegate permissions instead
# <span class="li-content">[https://www.ru.nl/ict-uk/general/securing-your-information/security/less-spam-your-inbox/ Activate the spam filter]</span>
+
# Activate the spam filter
# <span class="li-content">[https://www.ru.nl/ict-uk/general/securing-your-information/security/how-recognise-phishing/ Watch out for phishing]</span>
+
# Watch out for phishing
 
# Be alert while surfing the internet on where you might leave information
 
# Be alert while surfing the internet on where you might leave information
 
# Protect your identity on social media
 
# Protect your identity on social media
Line 143: Line 85:
 
DEVICES
 
DEVICES
  
# <span class="li-content">[https://www.ru.nl/ict-uk/general/securing-your-information/security/firewall/ Install a firewall on your computer]</span>
+
# Install a firewall on your computer
# <span class="li-content">[https://www.ru.nl/ict-uk/general/securing-your-information/security/anti-virus-software/ Install anti virus software on your computer]</span>
+
# Install anti virus software on your computer
# <span class="li-content">[https://www.ru.nl/ict-uk/general/securing-your-information/security/usb-stick-malware/ Prevent your USB-stick from spreading malware]</span>
+
# Prevent your USB-stick from spreading malware
# <span class="li-content">[https://www.ru.nl/ict-uk/general/securing-your-information/security/mobile-computing/ Make sure you protect your mobile devices]</span>
+
# Make sure you protect your mobile devices
# <span class="li-content">[https://www.ru.nl/ict-uk/general/securing-your-information/security/wireless-networks/ Check wireless networks on their safety]</span>
+
# Check wireless networks on their safety
  
 
== More information ==
 
== More information ==

Latest revision as of 22:40, 19 September 2024

RU POLICY: laptops must be encrypted!!


This page contains a basic overview of information from the Radboud University Privacy & Security website.

Information security

Source: https://www.ru.nl/ict-uk/general/securing-your-information/

Radboud University takes the security of information very seriously and puts adequate measures into effect to prevent identity fraud and the spreading of viruses or spam from happening.

Here are five tips you can follow up to become ‘cybersafe’:

View also other simple to-do's to guarantee your online privacy and protect your data.

Personal Data Protection Act

Source: https://www.ru.nl/privacy/english/protection-personal-data/personal-data/

Question: What data is considered Personal data?

Answer: Roughly, personal data means data that can be traced to an individual, such as name, IP address, telephone number, employee or student number, study results or your bank account number.

Every person has a right to privacy and careful handling of his or her personal data. The Personal Data Protection Act specifies how personal data should be processed and automated. Personal data must, for example, be protected against loss and unlawful processing. Also, companies and organisations are only allowed to store data for a legitimate aim and not longer than necessary. 4 guidelines for dealing with personal data

Four central theme's in the Personal Data Protection Act can be pointed out when it comes the dealing with personal data: goal limitation, data minimasation, transparency and security. It means you should follow these guidelines:

  • Document why and for what reason you save personal data and make sure the data will only be used for that specific purpose.
  • Don't save personal data any longer than necessary (often there are statutory retention periods) and only save those data that you really need for reaching your goal.
  • Be transparent when collecting personal data en tell for what purpose you collect them.
  • Make sure the collected personal data are well secured.

More information can be found on

Data Storage Policy

Source: https://www.ru.nl/en/staff/services/campus-facilities-buildings/ict/security/sharing-and-storing-files-safely

When sharing documents (working together) the only safe way you can do this is either by using Workgroup folders (network shares) or Microsoft Teams (cloud storage).

For information about howto encrypt your files or your whole pc/laptop look at this wiki page about Encryption.

RU POLICY: laptops must be encrypted!!

Security Do's

Source: Security Do's

DATA

  1. Lock your computer screen when you leave your workplace
  2. Encrypt your laptop
  3. Encrypt your USB-stick or external hard drive
  4. Encrypt sensitive files
  5. Use workgroup folders for working on documents with colleagues from other departments
  6. Use Microsoft Teams for online collaboration on files in a team (in the cloud)
  7. Send large files through SurfFileSender
  8. Use eduVPN to work securely from home
  9. Add the Radboud University disclaimer to you email signature
  10. Empty folder such as 'Downloads' and 'Temp' regularly

IDENTITY

  1. Use a strong password
  2. Never share your password, but delegate permissions instead
  3. Activate the spam filter
  4. Watch out for phishing
  5. Be alert while surfing the internet on where you might leave information
  6. Protect your identity on social media

DEVICES

  1. Install a firewall on your computer
  2. Install anti virus software on your computer
  3. Prevent your USB-stick from spreading malware
  4. Make sure you protect your mobile devices
  5. Check wireless networks on their safety

More information