Sensitive (personal) data
Sensitive (personal) data are any information associated with a person that allows him or her to be identified, directly or indirectly. These data are part of the privacy and are confidential, and therefore they should be treated with the highest level of security.
Tips for managing sensitive data:
Always keep non-digital information (informed consent forms, patient records, agreements, opt-outs, etc.) separate and secure to reduce the risk of unauthorized access and disclosure, also when your project is finished.
Protect identities as much as possible by personal data anonymization or pseudo-anonymization. A codebook must be stored separately and securely. A portable device (desktop computer, laptop, external hard drive, tablet, flash drive, smartphone, etc.) should be password protected, encrypted, and kept in a safe location.
All processing of personal data must be documented.
Unnecessary sensitive (personal) data should not be collected and neither processed.
For further advice about data storage and security contact the ICT Department.
Data security
Research data should be kept safe at every stage of the research cycle, in order to prevent unauthorized access to data, accidental data loss and damage, and to protect data with IPR potency, dual-use items, data with commercial interests, or personal data.
Control (digital) access to allow only authorized people, on all devices (desktops, laptops, external drives, etc.) at all locations (work, home, and travel) to access the data. Use complex passwords, run up-to-date anti-virus and firewall protection, take knowledge on the backup strategy and utilize encryption. Base the control over the access to your data files on need-to-know/need-to-have.
Control physical access to buildings, rooms, cabinets, and laboratories where research is running.
Check the accesses regularly, to whether they are still correctly set.
Use the ICT services of UAntwerpen to store and transfer (encrypted) data electronically from one location to another, and use your UAntwerpen account for logging in (e.g. N:\ drive, OneDrive for Business, Microsoft Teams, or Sharepoint). With these services you also have the assurance that your data will be backed up regularly. Never use external cloud-based storage such as Google Drive, Dropbox, iCloud, Box, etc. These free services are not maintained by UAntwerpen, and there are no security guarantees for your data. If you use specific software for research purposes, check how and where the data is stored and backed up.
Ensure that the computer system is always up-to-date, and do not switch off the automatic installation of updates.
For more information, contact the ICT department.