Classification of data

You must classify the information you are working with at the university. Data classification is important to ensure that you process, disclose and store data correctly. 

There are 4 types of data:

  • Public data
  • Internal data
  • Confidential data
  • Sensitive personal data

You can find information about how you save/store and share data and whether data is to be pseudonymised or anonymised before data processing.  

Aarhus University is obligated to comply with applicable legislation on the protection of personal data (GDPR). Moreover, the university has contractual obligations relating to confidentiality. Classification of data only covers data that is not covered by the circular from the Danish Ministry of Justice regarding security (only in Danish). 


NOTE

When working with AU data, you must assess and decide, as soon as possible, how important the data is now and in the future.

If you need to save/store confidential data and/or sensitive personal data, the university requires that you make an assessment of the need for, and the risk of, storing data, and that you describe:

  • How you store data
  • Whether to add meta data
  • A plan for erasing data 

You should also consider:

  • Whether publication will harm partners, researchers, employees or students and thereby also AU. 
  • Whether publication will cause major or minor problems for AU’s work, tactical objectives or survival. 
  • Whether publication could have criminal implications. 

You must store a description of the above locally – preferably in a filing system. The information is primarily to be used if there is a need for documentation of the purpose of storing and processing data, e.g. in connection with a case with the Danish Data Protection Agency.


LEVEL 0 - PUBLIC DATA

DEFINTION:

Public data is data that is available to the public, and where publication will not harm AU. 


Examples of public data

  • AU’s websites, e.g. au.dk
  • Study descriptions
  • News articles
  • Books
  • Research data (open data)
  • Res
  • Own personal data or other people's personal data, provided consent has been given. Including:
  • Basic information about employees (name, job title, tel. no.)
  • Affiliation to institutions

LEVEL 1 - INTERNAL DATA

DEFINITION:

Internal data is information that only staff at AU with a purely work-related need may and can access. Breaches of confidentiality in relation to internal data will have a low-level negative impact on AU, private individuals and partners. 


Examples of internal data

  • General personal data in accordance with Article 6 (‘Lawfulness of processing’) of the General Data Protection Regulation, including:

    • Basic information (name, telephone, address, date of birth)

    • Data on education, references, course certificates and work assignments 

    • Data on salary, tax, pension and salaries account number

    • Driving licence number and type

    • Nationality
    • System user information
    • Absence data (however, only about the period of absence, not treatment, diagnosis or the reason for the absence)

    • Participation in classes/courses/groups and course level

  • Typical information
    • Work schedule
    • System configuration
    • Department/unit budget
    • Procurement agreements
    • Teaching mmaterials
    • Research data
    • Minutes and/or agendas of meetings

LEVEL 2 - CONFIDENTIAL DATA

DEFINITION: 

Confidential data is information that only staff at AU with a purely work-related need may and can access. Breaches of confidentiality will have a medium-level negative impact on AU, private individuals and partners. 


Examples of confidential data

Inventions and research that can be exploited commercially of a value > DKK 1,000,000. 

  • Inventions and research that can be exploited commercially of a value > DKK 1,000,000.

  • Research data with potential negative impact

  • Personal data classified as confidential at AU, including:
    • Civil reg. no. (CPR no.)

    • Home address, private email address, private telephone no. and other private information

    • Personality test
    • Marital status
    • Adoption details
    • Grades, grading etc.

 

IMPORTANT!

There may be situations where you have to work with confidential and sensitive AU data in direct individually identifiable form (e.g. civil reg. no.). In such situations, it is crucial that the work takes place on one of the secured network drives corresponding to pseudonymised data. It is also crucial that the work requiring the direct individual identifiability is completed and concluded with pseudonymisation as quickly as possible.

LEVEL 3 - SENSITIVE PERSONAL DATA

DEFINITION:

Sensitive personal data is information that only staff at AU with a purely work-related need may and can access. Breaches of confidentiality will have a high-level negative impact on AU, private individuals and partners.
This is information which, by its personal, technical, commercial or competitive and sensitive nature, must be secured at the highest level against accidental access and publication.  


Examples of sensitive data

Inventions and research that can be exploited commercially of a value > DKK 5,000,000.

Research applications of a value for AU > DKK 5,000,000

Research documentation with sensitive personal data

Sensitive personal data pursuant to Article 9 ('Processing of special categories of personal data'), including:

  • Race and ethnic origin
  • Political opinions, religious or philosophical beliefs
  • Trade union membership
  • Genetic data
  • Biometric data for the purpose of unique identification
  • Data concerning health
  • Sex life or sexual orientation
  • Criminal offences pursuant to Article 10 of the General Data Protection Regulation (‘Processing of personal data relating to criminal convictions and offences')

IMPORTANT!

There may be situations where you have to work with confidential and sensitive AU data in direct individually identifiable form (e.g. civil reg. no.). In such situations, it is crucial that the work takes place on one of the secured network drives corresponding to pseudonymised data. It is also crucial that the work requiring the direct individual identifiability is completed and concluded with pseudonymisation as quickly as possible.


    WHERE CAN I SAVE/STORE MY DATA?

    See examples of systems on which you can save the different categories of data. Exactly which system you should choose depends on your responsibilities. It may depend on the duty to record and file, functionality, how long the data must be stored, and which system is used for your specific tasks.
    Ask your colleagues or your immediate supervisor.

    IMPORTANT! There may be situations where you have to work with confidential and sensitive AU data in direct individually identifiable form (e.g. civil reg. no.). In such situations, it is crucial that the work takes place on one of the secured network drives corresponding to pseudonymised data. It is also crucial that the work requiring the direct individual identifiability is completed and concluded with pseudonymisation as quickly as possible.

    WHERE CAN I SAVE/STORE MY DATA?

    PUBLICINTERNALCONFIDENTIALSENSITIVE
    KalturaYesYesNoNo
    WorkzoneYesYesYesYes
    AUHRA (HR)YesYesYesYes
    U-drive (personal drive)YesYesNo*No*
    O-drive (shared drive) with limited log safety (standard)YesYesYesNo
    O-drive (shared drive) with extended log safety (contact IT-support)YesYesYesNo*
    STADSYesYesYesYes
    TYPO3YesNoNoNo
    OneDriveYes YesNo*No*
    OutlookYesYesNoNo
    SharepointYesYesNo*No*
    TeamsYesYesNo*No*
    Survey-XactYesYesYesYes
    REDCap (at Department of Clinical Medicine)YesYesYesYes
    Free Cloud services, e.g. Dropbox or Google driveYesNoNoNo

    Yes: You are ALLOWED to save/share data here

    Nej: You are NOT ALLOWED to save/share data here

    No*: Provided that data has been PSEUDONYMISED


    HOW CAN I SAVE/SHARE THE DIFFERENT CATEGORIES OF DATA?

    PUBLICINTERNALCONFIDENTIALSENSITIVE
    Mail sendt via Outlook til andre AU-ansatteYesYesYesYes
    Mail sendt via Outlook til eksterne modtagereYesNo NoNo
    Mail sendt med AU's sikker mail-løsningYesYesYesYes
    Mail sendt via Outlook til en @rm.dk-modtagerYesYesYesYes
    Beskeder sendt via Digital post (eBoks)YesYesYesYes
    Beskeder sendt via Skype for BusinessYesYes No No
    SMSYesNoNoNo
    Sociale Medier*YesNoNoNo
    SFTP (Secure File Sender Transfer) - kan bestilles hos den lokale IT-supportYesYesYesYes
    Papir-postYesYesYesYes

    Yes: You are ALLOWED to save/share data here 

    Nej: You are NOT allowed to save/share data here 

    *E.g. Messenger, Snapchat, Twitter etc.


    PSEUDONYMISATION OF PERSONAL DATA

    Personal data is pseudonymised by removing all directly identifying information (e.g. civil reg. no. (CPR no.), name, address, tel. no.) from the data set. 

    However, a unique serial number can be added within the framework of pseudonymisation. The serial number - with an associated separate 'key file' - will make it possible to return to the original person identification. 

    ANONYMISATION OF PERSONAL DATA

    In order for personal data to be considered anonymous, it must not be possible to identify individual persons on the basis of the data alone or in combination with other information. 

    In other words, you have to factor in that other people may have access to information which, together with the anonymous data, makes it possible to return to the original person identification in full or in part. Anonymisation must be irrevocable. 

    Personal data that has been adequately anonymised is not covered by the GDPR, and thus does not impose any legal requirements for the system where it has been saved. There is no longer a need for a documented time limit for when and how data is to be deleted. It would be a good idea to anonymise data if, for example, open-access is required for research data.

    These four points must, as a minimum, be met in order for Aarhus University to consider the data as anonymised: 

     

    • Remove all external/unique identifiers - including numbers as well. 
    • Dates and times must either:
    • Be removed
    • Replaced by calculated time periods, e.g. 'admission 16/6 2019 - readmission 27/8 2019' can be changed to 'readmission: 73 days’
    • ‘Blurred’ by moving dates and times in parallel by a random number of days (e.g. +/-10 days) at individual level, e.g. 'admission 16/6 2019 ' can be changed to 'admission 11/6 2019' and 'readmission 27/8 2019' can be changed to 'readmission 22/8 2019'
    • Remove all text fields - replace with categories, for example. 
    • Reduce to the absolute fewest possible data fields/variables. 

     

    Note that adequate anonymisation will usually be impossible in connection with qualitative data.  

    There are different interpretations of when personal data is anonymous, and there is no absolute distinction, but rather a case-by-case assessment of risk and reasonableness.