Classification of data

You must classify the information you are working with at the university. Data classification is important to ensure that you process, disclose and store data correctly. 

There are 4 types of data: Public data, internal data, confidential data and sensitive personal data.

Here, you can find information about the 4 types of data, how you save/store and share data and whether data is to be pseudonymised or anonymised before data processing.  

Aarhus University is obligated to comply with applicable legislation on the protection of personal data (GDPR). Moreover, the university has contractual obligations relating to confidentiality. Classification of data only covers data that is not covered by the circular from the Danish Ministry of Justice regarding security (only in Danish).


LEVEL 0 - PUBLIC DATA

DEFINTION:

Public data is data that is available to the public, and where publication will not harm AU.


EXAMPLES OF PUBLIC DATA

  • AU’s websites, e.g. au.dk
  • Study descriptions
  • News articles
  • Books
  • Research data (open data)
  • Res
  • Own personal data or other people's personal data, provided consent has been given. Including:
  • Basic information about employees (name, job title, tel. no.)
  • Affiliation to institutions

LEVEL 1 - INTERNAL DATA

DEFINITION:

Internal data is information that only staff at AU with a purely work-related need may and can access. Breaches of confidentiality in relation to internal data will have a low-level negative impact on AU, private individuals and partners.


EXAMPLES OF INTERNAL DATA

 

General personal data in accordance with Article 6 (‘Lawfulness of processing’) of the General Data Protection Regulation, including:

  • Basic information (name, telephone, address, date of birth)

  • Data on education, references, course certificates and work assignments 

  • Data on salary, tax, pension and salaries account number

  • Driving licence number and type

  • Nationality
  • System user information
  • Absence data (however, only about the period of absence, not treatment, diagnosis or the reason for the absence)

  • Participation in classes/courses/groups and course level

Typical information

  • Work schedule
  • System configuration
  • Department/unit budget
  • Procurement agreements
  • Teaching mmaterials
  • Research data
  • Minutes and/or agendas of meetings

LEVEL 2 - CONFIDENTIAL DATA

DEFINITION: 

Confidential data is information that only staff at AU with a purely work-related need may and can access. Breaches of confidentiality will have a medium-level negative impact on AU, private individuals and partners. 


EXAMPLES OF CONFIDENTIAL DATA

Inventions and research that can be exploited commercially of a value > DKK 1,000,000. 

  • Inventions and research that can be exploited commercially of a value > DKK 1,000,000.

  • Research data with potential negative impact

  • Personal data classified as confidential at AU, including:
    • Civil reg. no. (CPR no.)

    • Home address, private email address, private telephone no. and other private information

    • Personality test
    • Marital status
    • Adoption details
    • Grades, grading etc.

IMPORTANT!

In exceptional circumstances, there may be situations in research in which you cannot avoid working with confidential and sensitive AU data in direct individually identifiable form (e.g. civil registration numbers) on the secured network drives, where you may otherwise only store and share pseudonymised or anonymised data. In these situations, it is very important that the work requiring that the data is directly individually identifiable is finalised and completed as quickly as possible, after which you must pseudonymise or anonymise data.

DOCUMENTATION

If you need to save/store confidential data and/or sensitive personal data, the university requires that you make an assessment of the need for, and the risk of, storing data, and that you describe how you store data, whether to add meta data and a plan for erasing data 

You should also consider whether publication will harm partners, researchers, employees or students and thereby also AU, whether publication will cause major or minor problems for AU’s work, tactical objectives or survival and whether publication could have criminal implications. 

You must store a description of the above locally – preferably in a filing system. The information is primarily to be used if there is a need for documentation of the purpose of storing and processing data, e.g. in connection with a case with the Danish Data Protection Agency.

LEVEL 3 - SENSITIVE PERSONAL DATA

DEFINITION:

Sensitive personal data is information that only staff at AU with a purely work-related need may and can access. Breaches of confidentiality will have a high-level negative impact on AU, private individuals and partners.
This is information which, by its personal, technical, commercial or competitive and sensitive nature, must be secured at the highest level against accidental access and publication. 


EXAMPLES OF SENSITIVE DATA

Inventions and research that can be exploited commercially of a value > DKK 5,000,000.

Research applications of a value for AU > DKK 5,000,000

Research documentation with sensitive personal data

Sensitive personal data pursuant to Article 9 ('Processing of special categories of personal data'), including:

  • Race and ethnic origin
  • Political opinions, religious or philosophical beliefs
  • Trade union membership
  • Genetic data
  • Biometric data for the purpose of unique identification
  • Data concerning health
  • Sex life or sexual orientation
  • Criminal offences pursuant to Article 10 of the General Data Protection Regulation (‘Processing of personal data relating to criminal convictions and offences')

IMPORTANT!

In exceptional circumstances, there may be situations in research in which you cannot avoid working with confidential and sensitive AU data in direct individually identifiable form (e.g. civil registration numbers) on the secured network drives, where you may otherwise only store and share pseudonymised or anonymised data. In these situations, it is very important that the work requiring that the data is directly individually identifiable is finalised and completed as quickly as possible, after which you must pseudonymise or anonymise data. DOCUMENTATION

If you need to save/store confidential data and/or sensitive personal data, the university requires that you make an assessment of the need for, and the risk of, storing data, and that you describe how you store data, whether to add meta data and a plan for erasing data 

You should also consider whether publication will harm partners, researchers, employees or students and thereby also AU, whether publication will cause major or minor problems for AU’s work, tactical objectives or survival and whether publication could have criminal implications. 

You must store a description of the above locally – preferably in a filing system. The information is primarily to be used if there is a need for documentation of the purpose of storing and processing data, e.g. in connection with a case with the Danish Data Protection Agency.


    THERE IS A DIFFERENCE BETWEEN CASE PROCESSING AND RESEARCH


    It is important to understand that there is a significant difference between processing data for case processing purposes or for research purposes. This is reflected in the security assessment behind the data classification model.


    CASE PROCESSING

    When processing data in connection with case processing, it will generally be necessary to be able to attribute the case processing to specific persons, e.g. citizens or students. In practice, it will therefore not be possible to pseudonymise or anonymise data in connection with specific case processing. Therefore, you have fewer options when choosing between AU's different solutions for storing and sharing data. 

    Example:

    You receive an email containing a civil registration number and information about which trade union the person concerned is a member of. The email therefore contains both confidential data and sensitive personal data.

    As you need to be able to identify the citizen in the further case processing, you have to file the email in WorkZone and delete it from Outlook, as storing confidential or sensitive personal data in Outlook is not allowed.


    RESEARCH

    As a general rule, when processing personal data in connection with research, there is no need to be able to identify individuals directly, as the identity of individuals is not normally relevant for the research itself. It is therefore natural and good practice to pseudonymise or anonymise personal data in connection with research. Pseudonymisation and anonymisation also allow you to use several of the solutions for storing and sharing data made available by AU.

    Example:

    As a researcher, you have collected information about a number of people, including information about their health. As you do not need to be able to identify the persons in question in your research project, you have pseudonymised data.

    You now want to share research data with a colleague in the research project at AU via one of the solutions made available by AU. How do you do this?

    As you have pseudonymised data, you can share research data with your colleague using, for example, OneDrive where also confidential data and sensitive personal data may be shared and stored if it is pseudonymised or anonymised.


    PSEUDONYMISATION OF PERSONAL DATA

    Personal data is pseudonymised by removing all directly identifying information (e.g. civil reg. no. (CPR no.), name, address, tel. no.) from the data set. 

    However, a unique serial number can be added within the framework of pseudonymisation. The serial number - with an associated separate 'key file' - will make it possible to return to the original person identification.

    ANONYMISATION OF PERSONAL DATA

    In order for personal data to be considered anonymous, it must not be possible to identify individual persons on the basis of the data alone or in combination with other information. 

    In other words, you have to factor in that other people may have access to information which, together with the anonymous data, makes it possible to return to the original person identification in full or in part. Anonymisation must be irrevocable. 

    Personal data that has been adequately anonymised is not covered by the GDPR, and thus does not impose any legal requirements for the system where it has been saved. There is no longer a need for a documented time limit for when and how data is to be deleted. It would be a good idea to anonymise data if, for example, open-access is required for research data.

    These four points must, as a minimum, be met in order for Aarhus University to consider the data as anonymised: 

    • Remove all external/unique identifiers - including numbers as well. 
    • Dates and times must either:
    • Be removed
    • Replaced by calculated time periods, e.g. 'admission 16/6 2019 - readmission 27/8 2019' can be changed to 'readmission: 73 days’
    • ‘Blurred’ by moving dates and times in parallel by a random number of days (e.g. +/-10 days) at individual level, e.g. 'admission 16/6 2019 ' can be changed to 'admission 11/6 2019' and 'readmission 27/8 2019' can be changed to 'readmission 22/8 2019'
    • Remove all text fields - replace with categories, for example. 
    • Reduce to the absolute fewest possible data fields/variables. 

    Note that adequate anonymisation will usually be impossible in connection with qualitative data.  

    There are different interpretations of when personal data is anonymous, and there is no absolute distinction, but rather a case-by-case assessment of risk and reasonableness.


    WHERE CAN I SAVE/STORE MY DATA?

    See examples of systems on which you can save the different types of data. Exactly which system you should choose depends on your responsibilities. It may depend on the duty to record and file, functionality, how long the data must be stored, and which system is used for your specific tasks.
    Ask your colleagues or your immediate supervisor if you are in doubt.

    PUBLICINTERNALCONFIDENTIALSENSITIVE
    KalturaYesYesNoNo
    WorkzoneYesYesYesYes
    AUHRA (HR)YesYesYesYes
    U-drive (personal drive)YesYesNo*No*
    O-drive (shared drive) with limited log safety (standard)YesYesYesNo
    O-drive (shared drive) with extended log safety (contact IT-support)YesYesYesNo*
    STADSYesYesYesYes
    TYPO3YesNoNoNo
    OneDriveYes YesNo*No*
    OutlookYesYesNoNo
    SharepointYesYesNo*No*
    TeamsYesYesNo*No*
    Survey-XactYesYesYesYes
    REDCap (at Department of Clinical Medicine)YesYesYesYes
    Free Cloud services, e.g. Dropbox or Google driveYesNoNoNo

    Yes: You are ALLOWED to save/share data here
    No: You are NOT ALLOWED to save/share data here
    No*: Provided that data has been PSEUDONYMISED


    HOW CAN I SAVE/SHARE THE DIFFERENT CATEGORIES OF DATA?

    PUBLICINTERNALCONFIDENTIALSENSITIVE
    Mail sendt via Outlook til andre AU-ansatteYesYesYesYes
    Mail sendt via Outlook til eksterne modtagereYesNo NoNo
    Mail sendt med AU's sikker mail-løsningYesYesYesYes
    Mail sendt via Outlook til en @rm.dk-modtagerYesYesYesYes
    Beskeder sendt via Digital post (eBoks)YesYesYesYes
    Beskeder sendt via Skype for BusinessYesYes No No
    SMSYesNoNoNo
    Sociale Medier*YesNoNoNo
    SFTP (Secure File Sender Transfer) - kan bestilles hos den lokale IT-supportYesYesYesYes
    Papir-postYesYesYesYes

    Yes: You are ALLOWED to save/share data here   
    No: You are NOT allowed to save/share data here
    *E.g. Messenger, Snapchat, Twitter etc.