User Tools

Site Tools


en:information_worth_protection

This is an old revision of the document!


Denna sida på svenska

Information Worth Protection

The concept of information worth protection is used frequently in the university guidelines on information security. The concept can encompass many types of information such as:

  • Unpublished research.
  • Personnummer (the Swedish personal identity numbers)1)
  • Student or personnel matters that are confidential.
  • Ongoing contracts covered by secrecy under the public procurement act.
  • Other public authority matters which are secret before a decision is announced.
  • Other information covered by some type of secrecy or that contain sensitive information where any individual, the university or third parties otherwise might suffer harm if the information would be leaked.
  • Etc.

Please see InfoSäk A (in Swedish) for more information.

Storage of Information Worth Protection

One example where it is important to keep track of what is information worth protection or not, is electronic management and saving and storing of documents. Working drafts containing information worth protection, for example, may not be stored on any cloud service online because the information then ends up at a third party outside the university. This applies to all cloud services including Box, Office 365/OneDrive, Dropbox, and others. Documents containing such information may only be saved and stored on servers owned by the university, such as the university SharePoint or file servers at your office or your department.

Transmission of Information Worth Protection

Information worth protection should, if possible, not be transmitted by e-mail. If information worth protection still has to be transmitted through e-mail, it must be encrypted e-mail.

Please see https://www.medarbetarwebben.lu.se/stod-och-verktyg/juridik-dokument-och-arendehantering/personuppgifter-och-dataskydd/overgripande-information/e-post (unfortunately only available in Swedish at the moment).

Please also see personal data in e-mail.

1)
Personnummer (the Swedish personal identity numbers) is not sensitive personal data according to GDPR, but “extra skyddsvärd” (in need of extra protection) according to Dataskyddslagen (the Swedish data protection law). The personnummer should be treated as sensitive for integrity reasons and should be handled restrictively.
en/information_worth_protection.1541774319.txt.gz · Last modified: 2018-11-09 15:38 by cr