it.uwasa.fi

IT-Services Instructions and FAQ

Data processing instructions

The data processed at the University of Vaasa can be classified into one of four groups based on the confidentiality requirements: 

  • Public
  • Internal
  • Confidential
  • Secret (to be marked with the protection level and relevant article of legislation)

Details and examples are available at the bottom of this page.

Saving material on a workstation, network drive or memory stick

Action Public
material
Internal
material
Confidential
material
Secret
material
Saving on a personal University workstation
Note! The user must take care of backups themselves
Permitted Permitted Encrypted Encrypted
Saving on the user's Z network drive (own data centre) Permitted Permitted Permitted Encrypted
Saving on the University's owncloud service Permitted Permitted Encrypted, with restrictions
It must be assured that files are not shared or are only shared with specified users
Encrypted
Saving on the user's OneDrive network drive (O365 service managed by the University) Permitted Permitted Encrypted (no personal data), with restrictions
It must be assured that files are not shared or are only shared with specified users, the user must take care of backups themselves
Not permitted
Saving (copying) material to an external storage medium Permitted Permitted Encrypted
The material is protected by encryption or an encrypting memory stick is used
Encrypted
The material is protected by encryption or an encrypting memory stick is used
Storage at the workplace Permitted On premises that cannot be accessed by outsiders In a locked cabinet or a cabinet in a locked room In a locked safe, must not be left out when exiting the premises
The material is protected by encryption or an encrypting memory stick is used

Storing or sharing material on public cloud services

Action Public
material
Internal
material
Confidential
material
Secret
material
Saving on a public cloud service (such as Dropbox, Google Drive, consumer version of OneDrive) Permitted Not permitted Not permitted Not permitted

Sending material by email

Action Public
material
Internal
material
Confidential
material
Secret
material
Sending by email using the University's local post system Permitted Permitted Encrypted
Instructions
Encrypted
Instructions
Sending by email outside the University Permitted Permitted Encrypted
Instructions
Not permitted

Using shared network drives and volumes

Action Public
material
Internal
material
Confidential
material
Secret
material
Saving on a local network drive belonging to a unit or project Permitted Permitted Permitted Permitted, with restrictions
Access rights to the volume must be restricted to users who are entitled to process the material
Saving on the University community's intranet workspace (such as the University's Navi) Permitted Permitted Permitted, with restrictions
If materials are distributed, it must be acceptable to distribute them to the entire University community
Not permitted
Saving on a workspace that has members from outside the University (such as the Eduuni Confluence Wiki) Permitted Permitted Permitted, with restrictions
Non-disclosure agreements are required for members from outside the University
Encrypted

Saving on mobile devices, printing

Action Public
material
Internal
material
Confidential
material
Secret
material
Storing data on mobile phones or mobile devices Permitted Permitted Encrypted
The device must be protected with a PIN code and a lock code (numerical or password)
Encrypted
The device must be protected with a PIN code and a lock code (numerical or password)
Printing Permitted Permitted Permitted, with restrictions
The secure printing queue or a peripheral printer must be used
Permitted, with restrictions
The secure printing queue or a peripheral printer must be used

Remote use of data

Action Public
material
Internal
material
Confidential
material
Secret
material
Tietoaineiston etäkäyttö Permitted Permitted Not in public places Not permitted

 

Confidentiality groups with examples

Public material

  • Publications
  • Press releases

Internal (for people with related duties or a need to know)

  • Information that is not intended for publication
  • Work files
  • Drafts, memoranda

Information treated as confidential

  • Evaluations of personal characteristics of students or personnel information related to student care or releasing a student from teaching
  • Students' exam performance
  • Plans for theses and scientific research, (technical) development work
  • Procurement material before it is published
  • Material related to accounts or finance
  • Material provided to the statistics authority for the purpose of preparing statistics
  • Complaint documents before the matter is resolved
  • Personal ID codes and personal information (such as contact details and marital status)
  • Business and professional secrets belonging to third parties
  • A person's annual income, total wealth or financial position
  • Business and professional secrets belonging to the University
  • Intellectual property rights belonging to the University
  • Patient data, information about a person's health
  • A person's private phone number or contact details
  • Preparations for accidents or emergencies and civil defence
  • Documents concerning pending civil and criminal cases

Data treated as secret, to be marked with the protection level and relevant article of legislation

  • Results of psychological tests or aptitude tests
  • Other sensitive personal details such as membership of a trade union or use of social services (Personal Data Act, Section 11)
  • Protection and security arrangements for people, buildings and IT systems
  • Act on the Openness of Government Activities (621/1999), Section 24