iCIS Intra Wiki
categories: Info - Support - Software - Hardware | AllPages - uncategorized
Data Protection Policy: Difference between revisions
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
== Personal Data Protection Act == | |||
Source: http://www.ru.nl/privacy/english/personal-data/ | |||
Every person has a right to privacy and careful handling of his or her personal data. The Personal Data Protection Act specifies how personal data should be processed and automated. Personal data must, for example, be protected against loss and unlawful processing. Also, companies and organisations are only allowed to store data for a legitimate aim and not longer than necessary. | |||
4 guidelines for dealing with personal data | |||
Four central theme's in the Personal Data Protection Act can be pointed out when it comes the dealing with personal data: goal limitation, data minimasation, transparency and security. It means you should follow these guidelines: | |||
* Document why and for what reason you save personal data and make sure the data will only be used for that specific purpose. | |||
* Don't save personal data any longer than necessary (often there are statutory retention periods) and only save those data that you really need for reaching your goal. | |||
* Be transparent when collecting personal data en tell for what purpose you collect them. | |||
* Make sure the collected personal data are well secured. | |||
== Data Breach Notification Duty == | |||
The Data Breach Notification Duty has been included in the Personal Data Protection Act in order to better protect personal data. | |||
The notification duty implies that Radboud University staff and students have to immediately report any suspected ‘data leak’ to the ICT Helpdesk. The Helpdesk can be reached at (024 36) 22222 or via icthelpdesk@ru.nl. | |||
== Data safe storage == | |||
Source: http://www.ru.nl/privacy/english/data/saving-files/ | |||
Where to best save information depends on its confidentiality classification. We distinguish between critical, sensitive and standard information: | Where to best save information depends on its confidentiality classification. We distinguish between critical, sensitive and standard information: | ||
| Line 11: | Line 33: | ||
The table below shows which storage mediums are suitable for each confidentiality classification. | The table below shows which storage mediums are suitable for each confidentiality classification. | ||
| | <div class="tableholder"> | ||
| | |||
{| id="table_pagvld_8228727_0" class="table_pagvld_8228727_0" | |||
! id="th_pagvld_8228727_0" class="th_pagvld_8228727_0" scope="col" | | |||
! id="th_pagvld_8228727_1" class="th_pagvld_8228727_1" scope="col" | Critical | |||
! id="th_pagvld_8228727_2" class="th_pagvld_8228727_2" scope="col" | Sensitive | |||
! id="th_pagvld_8228727_3" class="th_pagvld_8228727_3" scope="col" | Standard | |||
|- | |||
! id="th_pagvld_8228727_4" class="th_pagvld_8228727_4" scope="row" | RU-folders | |||
| id="td_pagvld_8228727_0" class="td_pagvld_8228727_0" | Suitable | |||
| id="td_pagvld_8228727_1" class="td_pagvld_8228727_1" | Suitable | |||
| id="td_pagvld_8228727_2" class="td_pagvld_8228727_2" | Suitable | |||
|- | |||
! id="th_pagvld_8228727_5" class="th_pagvld_8228727_5" scope="row" | Portable devices | |||
| id="td_pagvld_8228727_3" class="td_pagvld_8228727_3" | Only if encrypted | |||
| id="td_pagvld_8228727_4" class="td_pagvld_8228727_4" | Only if encrypted | |||
| id="td_pagvld_8228727_5" class="td_pagvld_8228727_5" | Only if encrypted | |||
|- | |||
! id="th_pagvld_8228727_6" class="th_pagvld_8228727_6" scope="row" | FileSender | |||
| id="td_pagvld_8228727_6" class="td_pagvld_8228727_6" | Not permitted | |||
| id="td_pagvld_8228727_7" class="td_pagvld_8228727_7" | Permitted* | |||
| id="td_pagvld_8228727_8" class="td_pagvld_8228727_8" | Permitted | |||
|- | |||
! id="th_pagvld_8228727_7" class="th_pagvld_8228727_7" scope="row" | Edu groups | |||
| id="td_pagvld_8228727_9" class="td_pagvld_8228727_9" | Not permitted | |||
| id="td_pagvld_8228727_10" class="td_pagvld_8228727_10" | Permitted* | |||
| id="td_pagvld_8228727_11" class="td_pagvld_8228727_11" | Permitted | |||
|- | |||
! id="th_pagvld_8228727_8" class="th_pagvld_8228727_8" scope="row" | SURFdrive | |||
| id="td_pagvld_8228727_12" class="td_pagvld_8228727_12" | Not permitted | |||
| id="td_pagvld_8228727_13" class="td_pagvld_8228727_13" | Permitted* | |||
| id="td_pagvld_8228727_14" class="td_pagvld_8228727_14" | Permitted | |||
|} | |||
</div> | |||
''* ''''File encryption recommended'' | ''<nowiki>* </nowiki>''''File encryption recommended'' | ||
==Security measures== | |||
Each information classification has applicable security measures that have been laid out in the university information policy. Sensitive data, for instance, may not be saved in a public cloud service such as Dropbox nor may it be sent through a service such as WeTransfer, as the security of the information cannot be guaranteed. | Each information classification has applicable security measures that have been laid out in the university information policy. Sensitive data, for instance, may not be saved in a public cloud service such as Dropbox nor may it be sent through a service such as WeTransfer, as the security of the information cannot be guaranteed. | ||
Revision as of 19:00, 22 December 2017
Personal Data Protection Act
Source: http://www.ru.nl/privacy/english/personal-data/
Every person has a right to privacy and careful handling of his or her personal data. The Personal Data Protection Act specifies how personal data should be processed and automated. Personal data must, for example, be protected against loss and unlawful processing. Also, companies and organisations are only allowed to store data for a legitimate aim and not longer than necessary. 4 guidelines for dealing with personal data
Four central theme's in the Personal Data Protection Act can be pointed out when it comes the dealing with personal data: goal limitation, data minimasation, transparency and security. It means you should follow these guidelines:
- Document why and for what reason you save personal data and make sure the data will only be used for that specific purpose.
- Don't save personal data any longer than necessary (often there are statutory retention periods) and only save those data that you really need for reaching your goal.
- Be transparent when collecting personal data en tell for what purpose you collect them.
- Make sure the collected personal data are well secured.
Data Breach Notification Duty
The Data Breach Notification Duty has been included in the Personal Data Protection Act in order to better protect personal data.
The notification duty implies that Radboud University staff and students have to immediately report any suspected ‘data leak’ to the ICT Helpdesk. The Helpdesk can be reached at (024 36) 22222 or via icthelpdesk@ru.nl.
Data safe storage
Source: http://www.ru.nl/privacy/english/data/saving-files/
Where to best save information depends on its confidentiality classification. We distinguish between critical, sensitive and standard information:
- Critical: personal details or information traceable to a person.
- Sensitive: information that is commercially sensitive or confidential.
- Standard: all other information.
The table below shows which storage mediums are suitable for each confidentiality classification.
| Critical | Sensitive | Standard | |
|---|---|---|---|
| RU-folders | Suitable | Suitable | Suitable |
| Portable devices | Only if encrypted | Only if encrypted | Only if encrypted |
| FileSender | Not permitted | Permitted* | Permitted |
| Edu groups | Not permitted | Permitted* | Permitted |
| SURFdrive | Not permitted | Permitted* | Permitted |
* 'File encryption recommended
Security measures
Each information classification has applicable security measures that have been laid out in the university information policy. Sensitive data, for instance, may not be saved in a public cloud service such as Dropbox nor may it be sent through a service such as WeTransfer, as the security of the information cannot be guaranteed.
Critical data may not be saved in a community cloud service, such as SURFdrive. RU storage is suitable for storing such information (home directories, departmental directories, work group folders). This type of storage enables us to know exactly who has access to the information and this access can be terminated as soon as someone leaves the university. In addition, access is only granted to RU staff and persons who have a formal working relationship with Radboud University. In SURFdrive, the owner of a folder decides who can access it (could be anyone) and this access is not terminated when someone leaves the university.
Encrypting files means that they can only be opened by persons who have a unique key or password. If you want to share these passwords with others, make sure to use a different medium than the one you used to share the files, for instance SMS or WhatsApp.