5. Guide for processing research data at HVL

5.a Ownership

All research data must have an unambiguous and identifiable "owner", and as a rule, this is the day-to-day responsibility (project manager or supervisor). Daily responsible must:

  • ensure that the information is processed in accordance with HVL's guidelines
  • ensure that all storage, and processing of information takes place on technical solutions that have been approved, see HVL's storage guide
  • regularly check that any changes in the requirements are met

Classification of data

Open or freely accessible (green)

 

This class is used for research data that can or should be available to anyone without special access rights. This mainly means data that is anonymised and does not contain personal data.

The integrity of the data must, nevertheless, be ensured by only allowing persons and users with the correct rights to change the information. Also, note that although the data may be open, it is not free to choose what you do with it.

Internal (Yellow)

 

This class applies to information that must have some protection and may be available to both external and internal, but with controlled access rights. This class is used if the information is only relevant to or is aimed at a limited user group at HVL and any partners.

Examples of such information can be:

  • general personal information
  • unpublished research data and works
Confidential (Red)

 

This is information that HVL is required to limit access to following laws, regulations, agreements, and other regulations. "Confidential" is used for data that potentially can cause harm to public interests, HVL, individuals or partners if the information becomes known to unauthorized persons.

Examples of such information can be:

  • special categories of (sensitive) personal information
  • health information

Research data and personal information in this category must always be stored on the research server at HVL.

Strictly confidential (Black)

 

This category includes the same type of information as Confidential (red), but where special considerations require further protection the data. The legal order for protection and security, in addition to the statutory ones, must be documented in writing.

 "Strictly confidential" is used if it could cause significant harm to public interests, HVL, individuals or partners that the information becomes known to unauthorized persons.

Examples of such information are

  • large amounts of sensitive personal information
  • large amounts of health information
  • research data and data sets of great economic value

Research data and personal information in this category must always be stored on the research server at HVL.

5.b Storage guide for different types of data for research and student assignments

 

Communication and tools for sharing

 

 

 

 

HVL email

Yes

1

No

No

Private email (Gmail, Hotmail etc.)

Yes

No

No

No

Zoom

Yes

Yes

2

No

Teams

Yes

Yes

No

No

Data storage

 

 

 

 

OneDrive with two-factor login

Yes

Yes

3

No

Personal cloud service (Dropbox, Google Drive etc.)

Yes

No

No

No

Cloud services at HVL (Box og Filesender)

Yes

4

No

No

Research server at HVL

No

No

Yes

Yes

Devices

 

 

 

 

Smart phone (voice recording)

Yes

5

No

No

Private computer

Yes

No

No

No

HVL serviced computer (local storage)

Yes

6

6

No

USB stick / external hard drive

Yes

No

No

No

USB stick / external hard drive - encrypted

Yes

Yes

7

No

 

  1. Email can be used between employees of HVL
  2. Processing of data is permitted in Zoom if it is not recorded but only streamed. Zoom can be used to record red categories of data if there has been an evaluation of the project in the form of a DPIA.
  3. Must only be used if there is a two-factor login on OneDrive, and there has been an evaluation of the project in the form of a DPIA approved by HVL.
  4. Temporary storage is permitted on cloud services that are provided by HVL and stores data within EØS.
  5. Exception for students if the guidelines for the use of a private device is followed (link).
  6. Employees of HVL are advised to not store data locally on their computer but instead use OneDrive with two-factor login. 
  7. Storage on an encrypted USB stick or external hard drive is permitted. Please ensure that the unit always follows the specifications provided by the guidelines at HVL and that data is not transferred or downloaded to other storage spaces that are not approved. We recommend that these data be transferred to the research server at HVL.