Difference between revisions of "Data Protection Policy"

Latest revision as of 22:40, 19 September 2024

RU POLICY: laptops must be encrypted!!

This page contains a basic overview of information from the Radboud University Privacy & Security website.

Information security

Source: https://www.ru.nl/ict-uk/general/securing-your-information/

Radboud University takes the security of information very seriously and puts adequate measures into effect to prevent identity fraud and the spreading of viruses or spam from happening.

Here are five tips you can follow up to become ‘cybersafe’:

Secure your laptop and other mobile devices such as usb-sticks and external harddrives
RU POLICY: laptops must be encrypted!!
Come up with a good password
Lock your computer when you leave your spot
Use Work group folders(network shares) or Microsoft Teams (files sharepoint in the cloud) for sharing files
Use VPN for working at home

View also other simple to-do's to guarantee your online privacy and protect your data.

Personal Data Protection Act

Source: https://www.ru.nl/privacy/english/protection-personal-data/personal-data/

Question: What data is considered Personal data?

Answer: Roughly, personal data means data that can be traced to an individual, such as name, IP address, telephone number, employee or student number, study results or your bank account number.

Every person has a right to privacy and careful handling of his or her personal data. The Personal Data Protection Act specifies how personal data should be processed and automated. Personal data must, for example, be protected against loss and unlawful processing. Also, companies and organisations are only allowed to store data for a legitimate aim and not longer than necessary. 4 guidelines for dealing with personal data

Four central theme's in the Personal Data Protection Act can be pointed out when it comes the dealing with personal data: goal limitation, data minimasation, transparency and security. It means you should follow these guidelines:

Document why and for what reason you save personal data and make sure the data will only be used for that specific purpose.
Don't save personal data any longer than necessary (often there are statutory retention periods) and only save those data that you really need for reaching your goal.
Be transparent when collecting personal data en tell for what purpose you collect them.
Make sure the collected personal data are well secured.

More information can be found on

Data Storage Policy

Source: https://www.ru.nl/en/staff/services/campus-facilities-buildings/ict/security/sharing-and-storing-files-safely

When sharing documents (working together) the only safe way you can do this is either by using Workgroup folders (network shares) or Microsoft Teams (cloud storage).

For information about howto encrypt your files or your whole pc/laptop look at this wiki page about Encryption.

RU POLICY: laptops must be encrypted!!

Security Do's

Source: Security Do's

DATA

Lock your computer screen when you leave your workplace
Encrypt your laptop
Encrypt your USB-stick or external hard drive
Encrypt sensitive files
Use workgroup folders for working on documents with colleagues from other departments
Use Microsoft Teams for online collaboration on files in a team (in the cloud)
Send large files through SurfFileSender
Use eduVPN to work securely from home
Add the Radboud University disclaimer to you email signature
Empty folder such as 'Downloads' and 'Temp' regularly

IDENTITY

Use a strong password
Never share your password, but delegate permissions instead
Activate the spam filter
Watch out for phishing
Be alert while surfing the internet on where you might leave information
Protect your identity on social media

DEVICES

Install a firewall on your computer
Install anti virus software on your computer
Prevent your USB-stick from spreading malware
Make sure you protect your mobile devices
Check wireless networks on their safety

More information

@@ Line 5: / Line 5: @@
 This page contains a basic overview of information from the Radboud University [http://www.ru.nl/privacy/english/ Privacy & Security ] website.
-== Information security: Cybersave yourself! ==
+== Information security ==
 Source: https://www.ru.nl/ict-uk/general/securing-your-information/
@@ Line 20: / Line 20: @@
 View also [[#Security_Do.27s | other simple to-do's to guarantee your online privacy and protect your data]].
-More information and tips on information security (how to report a data breach or how you can recognize a phishing e-mail, for instance) can be found on [http://www.ru.nl/privacy/english/ the Privacy- and security website of Radboud University].
 == Personal Data Protection Act ==
@@ Line 27: / Line 25: @@
 Source: https://www.ru.nl/privacy/english/protection-personal-data/personal-data/
-Every person has a right to privacy and careful handling of his or her personal data. The Personal Data Protection Act specifies how personal data should be processed and automated. Personal data must, for example, be protected against loss and unlawful processing. Also, companies and organisations are only allowed to store data for a legitimate aim and not longer than necessary.
+'''Question:''' What data is considered Personal data?
+'''Answer:''' Roughly, personal data means data that can be traced to an individual, such as name, IP address, telephone number, employee or student number, study results or your bank account number.
+Every person has a right to privacy and careful handling of his or her personal data. '''The Personal Data Protection Act''' specifies how '''personal data''' should be processed and automated. Personal data must, for example, be protected against loss and unlawful processing. Also, companies and organisations are only allowed to store data for a legitimate aim and not longer than necessary.
 guidelines for dealing with personal data
@@ Line 36: / Line 38: @@
 * Be transparent when collecting personal data en tell for what purpose you collect them.
 * Make sure the collected personal data are well secured.
+More information can be found on
+* [http://www.ru.nl/privacy/english/ the Privacy- and security website of Radboud University].
-''' What data is considered Personal data? '''
+* [https://www.ru.nl/en/staff/services/campus-facilities/work-and-study-support-services/ict/security/privacy-and-using-personal-information Privacy and using personal information ]
+* [https://www.ru.nl/en/staff/services/campus-facilities-buildings/ict/reporting-a-data-breach-or-security-incident Reporting a data breach or security incident]
-Roughly, personal data means data that can be traced to an individual, such as name, IP address, telephone number, employee or student number, study results or your bank account number. We describe the topic more specific on the [http://www.ru.nl/privacy/english/personal-data/faq/ FAQ] page.
+* [https://www.ru.nl/en/regulations/personal-data-protection-regulations Personal Data Protection Regulations]
 == Data Storage Policy ==
-Source: http://www.ru.nl/privacy/english/data/saving-files/
+Source: https://www.ru.nl/en/staff/services/campus-facilities-buildings/ict/security/sharing-and-storing-files-safely
-'''RU POLICY: laptops must be encrypted!!'''
-Where to best save information depends on its confidentiality classification. We distinguish between critical, sensitive and standard information:
-* '''Critical''': personal details or information traceable to a person.
-* '''Sensitive''': information that is commercially sensitive or confidential.
-* '''Standard''': all other information.
-The ict website has an overview page [http://www.ru.nl/ict-uk/staff/saving-sharing-files/sharing-colleagues/ RU file folders: Saving and sharing files safely with RU colleagues].
-The following table below shows which storage mediums are suitable for each confidentiality classification.
-<div class="tableholder">
-{| border=1
-!  scope="col" |
-!  scope="col" | Critical
-!  scope="col" | Sensitive
-!  scope="col" | Standard
-|-
-!  scope="row" | [[Home_share#RU-folders|RU-folders]]
-|  | Suitable
-|  | Suitable
-|  | Suitable
-|-
-!  scope="row" | Portable devices
-|  | Only if encrypted
-|  | Only if encrypted
-|  | Only if encrypted
-|-
-!  scope="row" | [[Email#File_sender|FileSender]]
-|  | Not permitted
-|  | Permitted*
-|  | Permitted
-|-
-! scope="row" | Edu groups
-| | Not permitted
-| | Permitted*
-| | Permitted
-|-
-! scope="row" | [[Home_share#SURFdrive:_cloud_storage_from_SURF| SURFdrive]]
-|  | Not permitted
-|  | Permitted*
-|  | Permitted
-|}
-</div>
-'''<nowiki>* </nowiki>[[Encryption]] recommended''' <br>&nbsp;&nbsp;'''Eg. use  7zip to create an encrypted archive before storing or sending, and use [[Encryption#Cryptomator|Cryptomator]] to do automatically client side encryption of files stored on your SURFdrive.'''
-Each information classification has applicable security measures that have been laid out in the university information policy. Sensitive data, for instance, may not be saved in a public cloud service such as Dropbox nor may it be sent through a service such as WeTransfer, as the security of the information cannot be guaranteed.
-Critical data may not be saved in a community cloud service, such as SURFdrive. RU storage is suitable for storing such information (home directories, departmental directories, work group folders). This type of storage enables us to know exactly who has access to the information and this access can be terminated as soon as someone leaves the university. In addition, access is only granted to RU staff and persons who have a formal working relationship with Radboud University. In SURFdrive, the owner of a folder decides who can access it (could be anyone) and this access is not terminated when someone leaves the university.
+When sharing documents (working together) the only safe way you can do this is either by using Workgroup folders (network shares) or
+Microsoft Teams (cloud storage).
-Encrypting files means that they can only be opened by persons who have a unique key or password. If you want to share these passwords with others, make sure to use a different medium than the one you used to share the files, for instance SMS or WhatsApp.
 For information about howto encrypt your files or your whole pc/laptop look at this wiki page about [[Encryption |  Encryption]].
-== Data Breach Notification Duty ==
+'''RU POLICY: laptops must be encrypted!!'''
-Source: https://www.ru.nl/privacy/english/protection-personal-data/duty-report-leaks/
-The Data Breach Notification Duty has been included in the Personal Data Protection Act in order to better protect personal data.
-The notification duty implies that Radboud University staff and students have to immediately report any suspected ‘data leak’ to the ICT Helpdesk. The Helpdesk can be reached at (024 36) 22222 or via icthelpdesk@ru.nl.
-A data leak refers to a breach of security involving personal data. Specifically, it refers to access to or destruction, modification, loss or release of personal data without the consent of the person concerned. This means that data leaks include not only actual unlawful release/leakage and processing of personal data, but also cases in which this is a possibility.
-For more information see this page about [http://www.ru.nl/privacy/english/personal-data/data-leak/ Data leaks].
 == Security Do's ==
@@ Line 121: / Line 63: @@
 DATA
-# <span class="li-content">[https://www.ru.nl/ict-uk/general/securing-your-information/security/lock-your-computer/ Lock your computer screen when you leave your workplace]</span>
+# Lock your computer screen when you leave your workplace
-# <span class="li-content">[https://www.ru.nl/ict-uk/general/securing-your-information/security/encrypt-your-device-have-encrypted/ Encrypt your laptop]</span>
+# Encrypt your laptop
-# <span class="li-content">[https://www.ru.nl/ict-uk/general/securing-your-information/security/encrypt-your-device-have-encrypted/ Encrypt your USB-stick or external hard drive]</span>
+# Encrypt your USB-stick or external hard drive
-# <span class="li-content">[https://www.ru.nl/ict-uk/general/securing-your-information/security/encrypting-files/ Encrypt sensitive files]</span>
+# Encrypt sensitive files
-# <span class="li-content">[https://www.ru.nl/ict-uk/general/securing-your-information/security/saving-files/ Use work group folders for working on documents with colleagues from other departments]</span>
+# Use [https://www.ru.nl/en/staff/services/campus-facilities-buildings/ict/file-sharing-and-collaborating/using-work-group-folders workgroup folders] for working on documents with colleagues from other departments
-# <span class="li-content">[https://www.ru.nl/ict-uk/general/securing-your-information/security/saving-files/ Use SURFdrive for saving and sharing files]</span>
+# Use Microsoft [https://www.ru.nl/en/staff/services/services-and-facilities/ict/software/teams Teams] for online collaboration on files in a team (in the cloud)
-# <span class="li-content">[https://www.ru.nl/ict-uk/general/securing-your-information/security/saving-files/ Send large files through FileSender]</span>
+# Send large files through SurfFileSender
-# <span class="li-content">[https://www.ru.nl/ict-uk/general/securing-your-information/security/working-securely-from-home/ Use RU-Connect/VPN@RU to work securely from home]</span>
+# Use [https://www.ru.nl/en/staff/services/campus-facilities-buildings/ict/working-off-campus/vpn-off-campus-access-to-systems/using-eduvpn eduVPN] to work securely from home
-# <span class="li-content">[http://www.ru.nl/corporateidentity/applications/mail-signature/ Add the Radboud University disclaimer to you email signature]</span>
+# Add the Radboud University disclaimer to you email signature
-# <span class="li-content">Empty folder such as 'Downloads' and 'Temp' regularly</span>
+# Empty folder such as 'Downloads' and 'Temp' regularly
 IDENTITY
-# <span class="li-content">[https://www.ru.nl/ict-uk/general/password/how-create-strong-password/ Use a strong password]</span>
+# Use a strong password
-# <span class="li-content">[https://www.ru.nl/ict-uk/general/password/granting-authorizations/ Never share your password, but delegate permissions instead]</span>
+# Never share your password, but delegate permissions instead
-# <span class="li-content">[https://www.ru.nl/ict-uk/general/securing-your-information/security/less-spam-your-inbox/ Activate the spam filter]</span>
+# Activate the spam filter
-# <span class="li-content">[https://www.ru.nl/ict-uk/general/securing-your-information/security/how-recognise-phishing/ Watch out for phishing]</span>
+# Watch out for phishing
 # Be alert while surfing the internet on where you might leave information
 # Protect your identity on social media
@@ Line 143: / Line 85: @@
 DEVICES
-# <span class="li-content">[https://www.ru.nl/ict-uk/general/securing-your-information/security/firewall/ Install a firewall on your computer]</span>
+# Install a firewall on your computer
-# <span class="li-content">[https://www.ru.nl/ict-uk/general/securing-your-information/security/anti-virus-software/ Install anti virus software on your computer]</span>
+# Install anti virus software on your computer
-# <span class="li-content">[https://www.ru.nl/ict-uk/general/securing-your-information/security/usb-stick-malware/ Prevent your USB-stick from spreading malware]</span>
+# Prevent your USB-stick from spreading malware
-# <span class="li-content">[https://www.ru.nl/ict-uk/general/securing-your-information/security/mobile-computing/ Make sure you protect your mobile devices]</span>
+# Make sure you protect your mobile devices
-# <span class="li-content">[https://www.ru.nl/ict-uk/general/securing-your-information/security/wireless-networks/ Check wireless networks on their safety]</span>
+# Check wireless networks on their safety
 == More information ==