Universiteit Leiden

nl en

Information security

You may sometimes be asked to work with confidential information or data. To prevent this kind of sensitive information becoming public, the University has formulated an information security policy.

Sending e-mails to large groups of people

When sending an e-mail to a large group of people, privacy considerations require you to write the recipients’ e-mail addresses in the bcc (blind copy) field. In this way the recipients cannot see who else receives the e-mail. This is also a good way to prevent someone from accidentally replying to all recipients with the ‘reply all’ option.

Saving and sharing files online

You can save your files securely in the cloud with SURFdrive. This allows you to easily access your files and share your documents. SURFdrive was especially developed for higher education and research. The SURFdrive servers are located in the Netherlands. Try to always save confidential data in SURFdrive rather than Dropbox.   

Encrypting files

Files containing confidential data can be partially or fully encrypted so that they can only be accessed with a password. You can find a step-by-step plan for encrypting files in the Dutch Manual on how to deal with confidential data (pdf).

Secure printing

You can use 'secure printing’ to print documents containing confidential information (such as personal data) via a password. The Dutch Manual on how to deal with confidential data (pdf) explains how to use the secure printing option. 

Reporting suspicious incidents

Internet criminals may sometimes try to access your ULCN account via e-mail messages (phishing). They may e-mails with a lay-out that suggests the sender is Leiden University. Such e-mails may ask you to e-mail your account details or to log in on a screen that looks familiar. Never answer such e-mails, and immediately delete them from your mailbox. ULCN will never ask you to reveal your account details.

ULCN will however send out messages on the status of your account and password. If you wish to change your password, never click on a link in an e-mail.

Report any loss of confidential information first to your own supervisor. If other data are involved, also report the loss to the ISSC Helpdesk (tel. 8888) or your ICT contact person.

Confidential information

Digital confidential information can be encrypted. Physical confidential documents should be kept in a locked cabinet. If a non-authorised employee needs to consult a confidential document, he or she should only do so under the supervision of the manager responsible. 


A password that consists of a combination of symbols, letters and numbers is difficult to crack. Below are a few tips for a good password: 

  • Always combine numbers, letters and symbols.
  • The longer the password the better.
  • The longer the password the better.
  • Make sure that the password is not related to the application.
  • Don’t use well-known expressions, proverbs or maxims.
  • Don’t use any personal information such as names, dates of birth of mottos.

Personal mobile devices

If you have synchronised your e-mail and calendar with your personal smartphone or tablet, or if you use your telephone or tablet for private matters, you are responsible for the correct management of any information exchanged via your device. We have formulated some guidelines on this.  

What else can I do?

You can contribute to avoiding breaches of data and creating a safe work environment by:

  • Never sharing your ULCN account with third parties
  • Keeping passwords secret and never using your ULCN password for other websites.
  • Not responding to spam and phishing e-mails
  • Locking your computer when leaving your workplace.
  • Never leaving your USB sticks and external hard drives containing confidential information unattended.