ICT
Online security: be vigilant with free services
These days we all make liberal use of free online services: from email, cloud storage, navigation apps, translation programmes and PDF creators to smart chatbots with artificial intelligence. However, there are risks in using these services.
The Gmail service scans all your messages and appendices so that it can subsequently send you more personalised adverts. A chatbot like ChatGPT records and stores transcriptions of your conversations. And it goes further than that: the ChatGPT privacy policy states that the service can share this information with third parties. These are just two examples of how you as a user can lose control of data. If you work with non-public information, that has its dangers. Sharing personal data with these free tools is therefore against the law because as a university we do not have any data processing arrangements or agreements with these parties.
Avoid using these hard- and software facilities
There are some free (or even paid) services that we advise staff to avoid using altogether for security reasons. This is because we know that these services use spyware or have other security loopholes. You can find these services in the forbidden hard- and software list.
If you nonetheless need to use the tools on this list, you can submit an exception request via our exception procedure, then we can together think about how we can manage the risks.
If you are in doubt about using particular software, hardware, apps or suppliers, you can always first consult our page about Information security and privacy for the most up-to-date advice, or get in touch with us.
How should you treat ‘free services’?
If the service is not on the banned list of hard- and software, make sure in any event that you do not share any university information with these service providers, unless the information is already in the public domain and does not contain any personal data. Use existing university services as much as you can when carrying out your work and handling data.
Alternatives
If you want to make sure your private use of these services is as secure as possible, take a look at https://switching.software/ for privacy-friendly alternatives to frequently used services.
Any questions?
You can put any questions you may have about information security and privacy to the Information Security/Privacy Officer at your own faculty or unit, or forward your question to: security@bb.leidenuniv.nl and/or privacy@bb.leidenuniv.nl.