It’s your responsibility as an AU student to protect the digital information and data you use in your academic work. This means you must process, store and share digital information and data correctly and securely to make sure it doesn’t get lost or misused. Examples include:
To make sure you manage data securely and correctly, start by categorising the types of data you use. This is what’s known as data classification.
In a nutshell, data classification means categorising the digital information you use so you know how to store and share the different types of data securely and correctly.
For example, what kinds of digital information is it ok to send by email or sms? What are you allowed to save in Dropbox? To answer questions like this, you need to classify your data.
Data classification is one of the central aspects of information security and GDPR. When you store and send digital information correctly and securely, you minimise the risk that this data will end up in the wrong hands, or get lost or altered.
When classifying data, you need to answer the following questions:
Public data is information that is available to the public. The publication of this data does not harm AU, private individuals or business partners. Examples include:
Internal data is information that only staff at AU with a purely work-related need may and can access. Breaches of confidentiality in relation to internal data will have a low-level negative impact on AU, private individuals or partners. Examples include:
General personal data under Article 6 (‘Lawfulness of processing’) of the General Data Protection Regulation, including:
Confidential data is information that only staff at AU with a purely work-related need may and can access. Breaches of confidentiality will have a medium-level negative impact on AU, private individuals or partners. Examples include:
Personal data classified as confidential at AU, including:
Breaches of confidentiality for this type of data will have a high-level negative impact on AU, private individuals or partners. This is information which, due to its personal, technical, business or competition-related nature and sensitivity, must be secured at the highest level against accidental access and publication. Examples include:
Sensitive personal data, including:
Regardless of classification, data and information must be processed taking into account information security. No matter whether it is in electronic or physical form.
See where you can store different types of information.
If you process confidential or sensitive personal data, you must decide whether it should be pseudonymised or anonymised. This also applies to data in physical form such as paper.
There are different requirements for storing data depending on whether you apply pseudonymisation or anonymisation. Read more about pseydonymisation and anonymisation.