Laurea LibGuides: Guide to Thesis Data Management, Data Protection and Research Ethics: Data protection and platforms

Data security and data processing sites

Information security refers to all those measures that ensure that information is available to those who need it, but at the same time protected so that no one else can access it. It is important that the secure collection, storage, sharing and disposal of data is carefully planned at the start of the thesis as part of the data management plan. The more confidential the information, the better it must be protected from outsiders.

Internal data, such as memos and teaching materials, is used for a specific purpose. Internal data can be stored and shared at the following locations:

Laurea's OneDrive, Teams and other Microsoft services

Laurea intra, Canvas and other learning platforms

Your personal computer

Confidential data, such as trade secrets, research plans or personal evaluation data, may only be processed if the information is needed for the purpose of the thesis. The information must be protected against unauthorised processing, so it must not be shared under any circumstances on cloud services or platforms that are not under Laurea's control and/or are not under user management. Paper documents must be stored in a locked cabinet in locked and controlled areas.

Confidential data can be stored and shared at the following locations::

Laurea's OneDrive and Teams, as long as access rights are carefully defined

Your personal computer, as long as it is technically protected

Encrypted email

Read more about platforms in Laurea’s guide for processing information material. This guide helps you to categorise the information and handle it in appropriate environments.

Processing locations according to the classification of the data set

At Laurea, information is classified as public, internal, confidential or secret based on the damage that unauthorised disclosure of the information to outsiders could cause. The more confidential the information, the more it must be protected.

Process the data only according to Laurea's classification of data.
Service	Public data	Internal data	Confidential data	Secret data
Your own computer	Allowed	Allowed	Allowed,hard disk encryption is recommended	Allowed, encrypt the hard disk
Phone or tablet	Allowed	Allowed	Allowed, protect not only with a pin code but also with a locking code and/or biometric identifier	Allowed, protect not only with a pin code but also with a locking code and/or biometric identifier
Laurea's OneDrive/ Teams	Allowed	Allowed	Allowed, ensure that access rights are limited	Not allowed
Public cloud service, such as Google Drive	Allowed	Allowed, ensure that access rights are limited, avoid personal data	Not allowed	Not allowed
Email	Allowed	Allowed	Allowed if using encrypted email	Allowed if using encrypted email and the file is password protected