You must classify the data you are working with at the university. Data classification is important to ensure that you process, disclose and store data correctly.
Here, you can find information about the 4 types of data, public data, internal data, confidential data and sensitive data, how you save/store and share data and whether data is to be pseudonymised or anonymised before data processing.
Aarhus University is obligated to comply with applicable legislation on the protection of personal data (GDPR). Moreover, the university has contractual obligations relating to confidentiality. Classification of data only covers data that is not covered by the circular from the Danish Ministry of Justice regarding security (only in Danish).
Internal data is information that only staff at AU with a purely work-related need may and can access. Breaches of confidentiality in relation to internal data will have a low-level negative impact on AU, private individuals and partners.
Basic information (name, telephone, address, date of birth)
Data on education, references, course certificates and work assignments
Data on salary, tax, pension and salaries account number
Driving licence number and type
Absence data (however, only about the period of absence, not treatment, diagnosis or the reason for the absence)
Participation in classes/courses/groups and course level
Typical information
Inventions and research that can be exploited commercially of a value > DKK 1,000,000.
Research data with potential negative impact
Personal data classified as confidential at AU, including:
In exceptional circumstances, there may be situations in research in which you cannot avoid working with confidential and sensitive AU data in direct individually identifiable form (e.g. civil registration numbers) on the secured network drives, where you may otherwise only store and share pseudonymised or anonymised data. In these situations, it is very important that the work requiring that the data is directly individually identifiable is finalised and completed as quickly as possible, after which you must pseudonymise or anonymise data.
If you need to save/store confidential data and/or sensitive data, the university requires that you make an assessment of the need for, and the risk of, storing data, and that you describe how you store data, whether to add meta data and a plan for erasing data
You should also consider whether publication will harm partners, researchers, employees or students and thereby also AU, whether publication will cause major or minor problems for AU’s work, tactical objectives or survival and whether publication could have criminal implications.
You must store a description of the above locally – preferably in a filing system. The information is primarily to be used if there is a need for documentation of the purpose of storing and processing data, e.g. in connection with a case with the Danish Data Protection Agency.
Research applications of a value for AU > DKK 5,000,000
Research documentation with sensitive personal data
Sensitive personal data pursuant to Article 9 ('Processing of special categories of personal data'), including:
In exceptional circumstances, there may be situations in research in which you cannot avoid working with confidential and sensitive AU data in direct individually identifiable form (e.g. civil registration numbers) on the secured network drives, where you may otherwise only store and share pseudonymised or anonymised data. In these situations, it is very important that the work requiring that the data is directly individually identifiable is finalised and completed as quickly as possible, after which you must pseudonymise or anonymise data.
If you need to save/store confidential data and/or sensitive data, the university requires that you make an assessment of the need for, and the risk of, storing data, and that you describe how you store data, whether to add meta data and a plan for erasing data
You should also consider whether publication will harm partners, researchers, employees or students and thereby also AU, whether publication will cause major or minor problems for AU’s work, tactical objectives or survival and whether publication could have criminal implications.
You must store a description of the above locally – preferably in a filing system. The information is primarily to be used if there is a need for documentation of the purpose of storing and processing data, e.g. in connection with a case with the Danish Data Protection Agency.
It is important to understand that there is a significant difference between processing data for case processing purposes or for research purposes. This is reflected in the security assessment behind the data classification model.
When processing data in connection with case processing, it will generally be necessary to be able to attribute the case processing to specific persons, e.g. citizens or students. In practice, it will therefore not be possible to pseudonymise or anonymise data in connection with specific case processing. Therefore, you have fewer options when choosing between AU's different solutions for storing and sharing data.
You receive an email containing a civil registration number and information about which trade union the person concerned is a member of. The email therefore contains both confidential data and sensitive personal data.
As you need to be able to identify the citizen in the further case processing, you have to file the email in WorkZone and delete it from Outlook, as storing confidential or sensitive personal data in Outlook is not allowed.
As a general rule, when processing personal data in connection with research, there is no need to be able to identify individuals directly, as the identity of individuals is not normally relevant for the research itself. It is therefore natural and good practice to pseudonymise or anonymise personal data in connection with research. Pseudonymisation and anonymisation also allow you to use several of the solutions for storing and sharing data made available by AU.
As a researcher, you have collected information about a number of people, including information about their health. As you do not need to be able to identify the persons in question in your research project, you have pseudonymised data.
You now want to share research data with a colleague in the research project at AU via one of the solutions made available by AU. How do you do this?
As you have pseudonymised data, you can share research data with your colleague using, for example, OneDrive where also confidential data and sensitive personal data may be shared and stored if it is pseudonymised or anonymised.
Pseudonymisation is a measure, which can contribute to minimise risks related to the processing of personal data and to enhance security.
Personal data is pseudonymised by transforming, replacing or removing all directly identifying information (e.g. civil reg. no. (CPR no.), name, address, tel. no.) from the data set.
A unique serial number can be added within the framework of pseudonymisation. The serial number - with an associated separate 'key file' - will make it possible to return to the physical person. It must be assessed in all cases what constitutes effective pseudonymisation. The efficiency will depend on the type of personal data, the combinations in the data set and the chosen method, etc.
In order for personal data to be considered anonymous, it must not be possible to identify individual persons on the basis of the data alone or in combination with other information.
In other words, you have to factor in that other people may have access to information which, together with the anonymous data, makes it possible to return to the original person identification in full or in part. Anonymisation must be irrevocable.
Personal data that has been adequately anonymised is not covered by the GDPR, and thus does not impose any legal requirements for the system where it has been saved. There is no longer a need for a documented time limit for when and how data is to be deleted. It would be a good idea to anonymise data if, for example, open-access is required for research data.
These four points must, as a minimum, be met in order for Aarhus University to consider the data as anonymised:
Note that adequate anonymisation will usually be impossible in connection with qualitative data.
There are different interpretations of when personal data is anonymous, and there is no absolute distinction, but rather a case-by-case assessment of risk and reasonableness.
See examples of systems on which you can save the different types of data. Exactly which system you should choose depends on your responsibilities. It may depend on the duty to record and file, functionality, how long the data must be stored, and which system is used for your specific tasks.
Ask your colleagues or your immediate supervisor if you are in doubt.
| PUBLIC | INTERNAL | CONFIDENTIAL | SENSITIVE | |
|---|---|---|---|---|
| Panopto | Yes | Yes | No | No |
| Workzone | Yes | Yes | Yes | Yes |
| mitHR (HR) | Yes | Yes | Yes | Yes |
| U-drive (personal drive) | Yes | Yes | No* | No* |
| O-drive (shared drive) with limited log safety (standard) | Yes | Yes | Yes | No |
| O-drive (shared drive) with extended log safety (contact IT-support) | Yes | Yes | Yes | No* |
| STADS | Yes | Yes | Yes | Yes |
| TYPO3 | Yes | No | No | No |
| OneDrive | Yes | Yes | No* | No* |
| Sharepoint | Yes | Yes | No* | No* |
| Outlook | Yes | Yes | No | No |
| Teams + Zoom | Yes | Yes | No* | No* |
| Other online Microsoft services | Yes | Yes | No* | No* |
| Survey-Xact | Yes | Yes | Yes | Yes |
| REDCap | Yes | Yes | Yes | Yes |
| Free Cloud services, e.g. Dropbox or Google drive** | Yes | No | No | No |
Yes: You are ALLOWED to save/share data here
No: You are NOT ALLOWED to save/share data here
No*: Saving requires that the personal data has been PSEUDONYMISED
**AU has not assessed use of the individual cloud services. Therefore, you must ensure that the use complies with the terms of service that apply to the service in question. Please note that the use of cloud services may entail disclosure and/or a transfer covered by the rules on data protection.
| PUBLIC | INTERNAL | CONFIDENTIAL | SENSITIVE | |
|---|---|---|---|---|
| Mail sent from Outlook to other AU-employees | Yes | Yes | Yes | Yes |
| Mail sent from Outlook to eksternal recipients | Yes | Yes* | Yes* | No |
| Mail sent with AU's Secure Send-solution | Yes | Yes | Yes | Yes |
| Mail sent from Outlook to a @rm.dk-recipient | Yes | Yes | Yes | Yes |
| Messages sent from Digital post (eBoks) | Yes | Yes | Yes | Yes |
| Messages sent from Microsoft Teams | Yes | Yes | No | No |
| SMS | Yes | No | No | No |
| Sociale Media** | Yes | No | No | No |
| SFTP (Secure File Sender Transfer) - ordered at your local IT-support | Yes | Yes | Yes | Yes |
| Paper mail | Yes | Yes | Yes | Yes |
Yes: You are ALLOWED to save/share data here
Yes*: Emails sent to external parties via Outlook can be used for the following:
- internal or confidential information about max. five people sent to one external recipient
- internal or confidential information about one person sent to max. five external recipients
No: You are NOT allowed to save/share data here
**E.g. Messenger, Snapchat, Twitter etc.