Privacy and data protection is crucial to education and research institutions. This page features further details on privacy and cloud computing, digital identity, legal aspects of computing and the protection of students’ personal data.
Privacy and cloud computing
Cloud computing is subject to Dutch, European and international legislation. Many cloud service providers are located abroad. At present, there is still little legislation or jurisprudence in this area. Education institutions seeking to purchase a cloud service will have to enter into contractual agreement with a cloud provider. In doing so, it is important to focus on privacy agreements. An overview of useful publications in this regard:
- Report on Cloud services at higher education and research institutions and the USA Patriot Act. Main conclusion: higher education institutions in the Netherlands must identify the conditions under which judicial authorities and security services can access data, and determine the relevant risks.
- Report on 'The cloud in the education sector': addressing privacy data protection and legal questions on the use of cloud services.
- More publications on privacy and the cloud
Privacy and digital identity
Students and academics need to maintain control over their online image. Which steps must students and academics take in order to manage their own digital identity and that of others? Some recommendations:
- Consider how you want to present yourself.
- Regularly check what sort of information has been published about you on the internet.
- Only publish information you would want anyone to see at all times.
- Do not publish recognisable photos of others without their permission.
Legal aspects of computing
Education institutions are responsible for the actions of their ICT staff and handling of personal data. Staff members and students are entitled to use ICT facilities and can reasonably expect their privacy to be protected. Although the education institution is entitled to monitor ICT traffic, users must be duly informed in advance. It is thus important that institutions apply an ICT code of conduct.
Students’ privacy and personal data
How should higher education institutions implement the standards for handling students’ personal data as outlined in the Data Protection Act in practice? The general answer to this question can be summed up as follows: By handling such data with care on the basis of applicable and knowable rules, within the framework of an institution-wide commitment to privacy awareness.