8 simple steps to reduce the risk to privacy
As a university employee, you are very likely to work with personal data. It’s your responsibility to process this information as conscientiously as possible. You can reduce the risk to privacy in 8 simple steps.
Step 1. Recognise (extraordinary) personal data
Personal data refers to all information about a person. This includes not only names and addresses, but also bank account numbers, IP addresses, background and study progress. Be aware of the value and sensitivity of this information to the people concerned and to unscrupulous people. You cannot just process extraordinary personal data, such as race, background and sexuality as if it were ordinary information.
Step 2. Keep your desk tidy
Tidy your desk regularly. It sounds simple, but this is an important contribution you can make to protecting personal data. We come into contact with all kinds of personal data every day: we print it out, take it home or leave it on our desks. Everyone who comes into your room can see the personal data. By keeping your desk tidy, you reduce this possibility. Of course, it’s better and more secure not to print it at all, or to destroy it immediately after use.
Lockable paper container
If you have print-outs of documents containing personal data, make sure you dispose of them in a lockable paper container. The paper in these wastebaskets are then destroyed in a way that preserves the confidentiality of the data. If there is no lockable paper container in your office area, please ask the Service Desk about ordering one.
Step 3. Lock your PC
Locking your PC is another simple action, but it’s really important. If your PC is not locked, there is a chance that personal data will be visible to anyone who walks past. This is a data leak in itself.
Step 4. Collect as little personal data as possible
Only collect information that is absolutely necessary. Processing as little information as possible reduces the risk to privacy, and reduces the chance that you will face an unnecessary Data Privacy Impact Assessment (DPIA).
Step 5. De-clutter the J: drive
Our shared J: drive contains a lot of personal data that is no longer in use, such as lists of attendees for a past event. You are not allowed to store these details long-term, so you should delete them from the J: drive. As well as enabling us to deal more securely with personal data, this also makes the J: drive more manageable.
Step 6. Bcc instead of Cc
When you share e-mail addresses, you are sharing personal data. For this reason, use Bcc (blind carbon copy) instead of Cc to avoid unnecessarily sharing e-mail addresses with other recipients.
Step 7. Use a secure network or connection
Eduroam is the secure network used by all Dutch universities. The level of security makes it all but impossible for third parties to intercept traffic on the network. The risk is much greater when you connect to unsecured, often freely accessible networks, so you are strongly advised not to connect to these networks. If you are unable to connect to Eduroam, one secure alternative is to connect to your own personal mobile hotspot. You could also use a VPN like eduVPN. eduVPN makes untrusted, public networks secure, by establishing an encrypted connection.
Step 8. Send work e-mails via university mail
Your university e-mail has a secure e-mail connection with the university’s servers, so you should send your work e-mails with your university e-mail address. We advise people not to use e-mail servers provided by companies such as Hotmail, Google or Yahoo.