Indeed, welcome! You are about to start your life as a student. Terrific! You will be faced with a lot of new experiences in the period ahead. New people, new knowledge, a new environment and new rules, all of which will clamour for your attention, as does privacy and security. Or let’s just call it ‘privacy and information security’ from now on, OK?
That might not yet sound all that exciting, but pay close attention. You will be confronted with all kinds of information during your studies. Personal data, research reports, sensitive information and a whooooole lot of visual material. The handling of that information is subject to certain rules. You will learn these in this online module.
And why is a group of people pictured in the opening photo of this module, if it is about digital and other kinds of information? Exactly! Because this module actually relates specifically to people. So it relates to you and the way in which you, your fellow students and all employees deal with information. This is because human beings are both the weakest and the strongest link in this area...
Goal of this module
After completing this module, you will know:
how you can ensure the secure handling of information/personal information during your studies
what you must do to ensure that all of your devices are optimally secured
who you can contact if you run into problems, or if you simply have questions about privacy or the protection of information.
Structure of this module
In this module, you will follow the path taken by every other student from the moment of enrolment up until the first few weeks of the study programme. We will show you how you can handle information in a secure manner and what your rights are (including as regards privacy), as well as the obligations you have to guarantee the secure handling of information, one step at a time. For this purpose, you will complete the following steps in this module:
Step 0: a general introduction to privacy and security
Step 1: after you have registered for your study programme
Step 2: your preparation for the first day of your study programme
Step 3: the initial phase of your study programme
Each step begins with a short self-test; this will quickly reveal what you already know about a particular subject. After this self-test, you will in each case go through one or two pages, where you will find all the required information about a specific step.
The module concludes with two case studies, in which we will go deeper into commonly occurring situations, so you are not only aware of our rules, but are also in a position to help other students who are unsure what action to take.
Duration of this module
It takes approximately one hour to complete this module.
Questions?
If you have any questions while you are doing or after completing this module, please contact [contact details].
We wish you the best of luck with your studies!
Step 0: Your privacy & security
What do you already know?
Toets: What do you already know?
0%
Privacy and security – two terms you might not encounter on a daily basis. And yet, they are becoming increasingly important for your studies. And incidentally, not only for your studies – having knowledge of privacy and security is extremely valuable in your daily life, too.
But what do these terms actually mean and what use are they to you? You will learn that in this course. We will begin with a short quiz so you can find out what you already know about this subject. Good luck!
De onderstaande antwoorden moet je zelf nakijken; vergelijk jouw antwoorden met de goede
antwoorden, en geef aan in welke mate jouw antwoorden correct zijn.
What you will learn
You will learn what personal data/special personal data is and why it is valuable information to have during your studies.
Summary
Personal data is all information about an identifiable natural person, such as their name, gender, sexual preference, email address and citizen service number. Both the education institution and you yourself must take particular care to ensure this data is properly protected. Even if you will be working with other people's personal data, for example when doing research or a work placement, you must know exactly how you are required to handle personal data.
What do you have to hide?
Nothing, right? So why would we worry about privacy? Good question. Perhaps this video clip can provide a preliminary answer:
Oops, so you actually do indeed have something you want to hide... Much of the information about people that is discussed in this video clip is referred to as ‘personal data’. Personal data includes all information which can be traced back to you as a unique individual. And why is it important to know this? Because you can also do some very unpleasant things with other people's personal data.
Have a look:
Consider for a moment: which data do you want to avoid sharing with others?
Personal data
OK, so it's important to refrain from carelessly scattering your personal data all over the place. But what exactly is ‘personal data’ anyway? Basically, it is any data which on its own, or in combination with other personal data, can be traced back to you as a unique individual.
Do you remember the game ‘Who am I?’ on the right? In this game, you combine various kinds of personal data, so you can eventually guess the identity of the person concerned correctly. It works the same way with your own personal data. The mere fact that you have brown hair is not personal data, but it is considered personal data if you are the only person in your class with that colour hair. On its own, your first name is in many cases insufficient to be able to identify you, but it is enough if your last name and house number are also known.
Examples of personal data: your name, address/emailaddress and place of residence. But also telephone numbers, bank account numbers, study results and postcodes together with house numbers are considered personal data.
Consider for a moment: which personal data can you name about yourself?
Special categories of personal data
And yes, ‘special’ categories of personal data exists, too! The law provides for additional protection of this special category of data; not a single organisation is allowed to retrieve this data about you, unless an exception applies under the law. One of these exceptions is ‘consent’: as soon as you give your consent for an organisation to save your special personal data, the organisation is legally permitted to do so.
Special categories of personal data are:
racial or ethnic origin
political opinions
religious or philosophical beliefs
trade union membership
genetic data
biometric data (where used for identification purposes)
health
sex life
Consider for a moment: which special personal data ‘forms’ your identity?
And now?
What use is all this information about personal data? Read the text from the Dutch Data Protection Authority below:
Every time you use personal data, that constitutes an infringement of the privacy of the people whose data you are using. You are therefore only permitted to use personal data if it is truly unavoidable, i.e. if you cannot fulfil your purpose without this data.
This means that if an organisation such as your education institution wants to use personal data, but also if you yourself want to use it when doing a work placement or research, for instance, you must both have a good reason for doing so. Such a reason is referred to as a ‘lawful basis’. There exist six different lawful bases on which you can legally use personal data, for example if someone has given you their consent, if there is a legal obligation to do so or if the personal data is necessary for the performance of a contract (e.g. an employment contract).
In the remainder of this module, the term ‘personal data’ will appear again in various places. Now you know exactly what it means and of course what the significance of that personal data/special personal data is.
Good luck with the rest of this module!
Want to find out more about the privacy legislation? Go right ahead!
What you will learn
You will learn to recognise a few known risks in relation to privacy and security and how you can take action should they occur.
Summary
Information, especially personal data, is valuable. More and more organisations earn their money from the (legal and illegal) collection, analysis or sale of information. The speed with which we are able to generate, interpret and share information offers incredible opportunities, but also carries risks. If we know what the risks are, we will be better able to actually take advantage of the opportunities.
Can I have your password?
Of course not! You should never give your password to anyone. That is secret, private and definitely not intended to be shown to strangers. Right...?
In this video, it is totally clear that someone is trying to get the other person to divulge their password. And even when this is as painfully obvious as it is in this clip, many people will in fact simply reveal their password. Unfortunately, a great many other sophisticated methods exist by which individuals and businesses will try to figure out your personal data.
Several examples of this can be found on this page. You can suddenly be confronted with these situations, not only in your studies, but at any time in your daily life. So it is a good idea to have knowledge of the most commonly-used tricks, so you can protect yourself and your personal information as much as possible!
Method 1: Phishing
What is it?
Suppose you receive an official email from your bank, politely requesting that you click on a link and fill in your account number and password for verification purposes.
Of course you’ll do that, why wouldn't you? However, a short while later, it emerges that criminals have taken full control of your card and bank account. Ugh... Just take a look at how big these criminal 'phishing' organisations already are, as you can see below.
The term ‘phishing’ comes from ‘fishing’. Criminals request data about your bank, passport or driving licence via fake emails or text messages. They use this data to steal money or your identity from you.
How can you spot phishing?
Use your common sense. Would your bank really ask you via text message to fill in your password or citizen service number somewhere? The most common characteristics of phishing messages, i.e. the characteristics by which you can recognise them, are explained below:
The message is not directed at you personally, but begins with ‘Dear Client’, for instance.
The message contains grammatical and spelling errors.
Often, you will be asked to ‘verify your account’: a bank or education institution would never do this.
The threat is made that you will suffer certain consequences if you do not immediately obey the message.
There are subtle differences (e.g. a different extension) between the link in the message and the correct link.
Why is this important now?
In the first few months of your studies, you are not yet very familiar what the official communication from your education institution looks like. That makes you particularly prone to, for example, clicking on fake messages.
How can you best take action?
Never simply click on a link or an attachment!
Always think critically first: does it make sense for the sender to approach me in this manner? Would my bank/education institution/insurance company, etc. ask me for my password?
If you're not sure, contact the ICT department via [contact details]. They can tell you whether a message is real or fake.
Method 2: Lock it!
We can actually keep this very brief. Always lock your screen if you will be away from your computer or laptop, even if only for a quick visit to the toilet. Malicious parties only need a few moments to infect your computer for the purpose of stealing passwords, credit card details and other personal information, for example.
What can you do?
Always configure a password that you must enter in order to resume use of your computer or laptop after reactivating the screen.
As far as possible, use long and unique passwords for the various applications. It can also be quite useful to have a password manager in which you can securely save all of your passwords.
Method 3: Be aware of what you are sharing
Let's say you have a tutorial again next Tuesday, but one of your team members is home sick with a serious allergy. In order to inform your fellow students that this will cause you to be delayed, you send an email about this to all tutorial members. Suddenly, all 80 students know what allergy your fellow student suffers from...
Or what about that Excel file containing your fellow students’ personal data you have been meaning to send to the hotel? While it was very considerate of you to hide all of the columns containing sensitive information, this unfortunately did not actually remove them. With just a couple of clicks of the mouse, the hotel could in fact still inspect all of that data...
What can you do?
You can prevent a lot of suffering by making sure you always briefly focus on two questions.
Anytime you want to share information in any way, ask yourself these two questions:
can I achieve my goal by sharing less information than I currently plan to share?
can I achieve my goal by sending the information to even fewer people than to whom I currently plan to send it?
By sharing as little sensitive information as possible with as few people as possible, you can minimise the risk of sensitive information being unintentionally leaked. And that is an important step in the right direction!
Want to find out more about the privacy legislation? Go right ahead!
Great, we have made a start! Time to go into greater depth. In this chapter we will look at your rights and duties with regard to privacy and security; how must you handle information (and personal information in particular) during your studies? And how does your education institution deal with your information? You can test yourself in advance with this quiz. Then you will immediately have a clear idea what else this chapter is about.
De onderstaande antwoorden moet je zelf nakijken; vergelijk jouw antwoorden met de goede
antwoorden, en geef aan in welke mate jouw antwoorden correct zijn.
What you will learn
You will learn what rights you have when it comes to the protection of your own privacy and that of others.
Summary
It is laid down by law how others, such as an education institution, are required to deal with your privacy and personal data, such as which information they may request, with whom they may share it, etc. However, as with all laws, there are exceptions, rules are dependent upon particular situations and education institutions are partly free to determine their own rules. So it's a good idea to know what rights you have when it comes to privacy at your specific education institution.
Your rights
Everyone has a right to privacy. That right is quite comprehensive; in nearly every situation, you decide what can be done with your personal data. Watch the video clip below, which shows you exactly on what principles the privacy law is based:
So, are you simply allowed to inspect all information about yourself? Which of your personal information does the education institution actually share and why? You will receive the answers to these questions here.
Consider for a moment: what do you actually already know about the privacy law?
Legal basis
There was something about legal bases – remember? Each time someone processes your personal data, that can constitute an infringement on your privacy. Processing personal data is therefore only permitted if a basis exists for doing so. For example, your education institution cannot provide education without having some personal data at its disposal (name, email address, home address, etc.).
There are six legal bases (reasons) on which an individual or organisation is allowed to process personal data. One of these is if you yourself have consented to this. Another is a public task; this is the basis that applies to your education institution, for instance. Public education institutions are established by the government for the purpose of providing education; if you enrol in such an institution, it is permitted to request some personal data from you in order to perform its task properly.
The education institution is in turn allowed to share certain data with other parties. This can include sharing your email address with the Education Executive Agency (DUO) so that it will be able to contact you about your student grant, or your study progress with an education institution abroad if you will be doing part of your study programme there. Your education institution must clearly state which of your data it stores, for what purpose it requests that data and with whom it will share the data.
Consider for a moment: do you remember what was stated in the enrolment form for your education institution about sharing data when you enrolled there?
Data minimisation
One of the key principles of the privacy law is ‘data minimisation’. This means that an organisation, such as an education institution, is only allowed to request the information that is strictly necessary in order to fulfil a particular purpose. For example:
- is it relevant for an education institution to know the colour of your skin? Answer: no
- is it relevant for an education institution to know how much salary you make? Answer: no
- is it relevant for an education institution to know your address? Answer: yes
So anytime someone asks for your personal information, it is a good idea to think critically about this. Do they actually need this particular information about you? Or could they fulfil their purpose with less information? Have a look at this example:
[space for inserting an example about data minimisation that is relevant for the education institution itself]
Consider for a moment: can you come up with your own example of a situation in which you gave away more personal information than might have been necessary in retrospect?
Sharing
By law, you yourself determine from the age of 16 who has access to your personal information. The same goes for the information that an education institution stores about you. Therefore, an education institution is never permitted to simply share information about you, except in certain cases:
- If you give your consent for this, for instance if you are taking part in research at the education institution.
- If the education institution is under a legal obligation to do so, for instance to share information about your graduation with the Education Executive Agency (DUO) or with StudieLink.
In this way, you can be sure than no one can ever simply walk up to the front desk of your education institution and inspect your data, or that the education institution can sell your data to businesses for marketing purposes.
Consider for a moment: which of the information about you which is known to your education institution, would you definitely not want to share with others?
Photos and video clips
Every day, we take huge quantities of photos and shoot gigantic numbers of video clips, including at the education institution. But what exactly are the rules for this? Are you allowed, for example, to simply film your lecturer in a lecture hall? Or your fellow students? It is a good idea to know exactly what the rules are for this:
[space to state regulations/rights of students that are specific to the education institution]
Consider for a moment: what do you think about the rules with respect to photos and video clips that apply at our education institution?
Your data
Your data is yours. The education institution only uses it to make sure you can receive a good education. If you want to inspect the data the education institution has about you, then you may request to do so. You can do this via:
[space to state the regulations with respect to requests to inspect personal data that are specific to the education institution]
All information concerning the handling of information at our education institution is laid down in the ‘Information protection policy’. You can download and examine this document via the button below:
What you will learn
You will learn what duties you have when it comes to the protection of your own privacy and that of others.
Summary
Every law also involves a duty, such as the protection of others’ personal data if you use this during your studies, as well as the secure and professional handling of all of the education institution's data and facilities. While your education institution does assist you in performing your duties properly, it expects every student to adopt a pro-active attitude in this respect. The rule of thumb is: take others into consideration, as you would have others take you into consideration.
No mobile phone?
It's impossible to imagine these days. But there was a time, not so long ago, that no one had mobile phone. Look at these kids trying to make a call with a rotary phone...
Now we all carry a smartphone, a laptop, a tablet, a smartwatch and other smart equipment wherever we go. And as fun and useful as these devices are, they all create new responsibilities, or perhaps even duties. On this page, we cover which duties those are.
Consider for a moment:what would you miss the most if you suddenly no longer had a telephone, laptop or tablet?
Photos and video clips
Of course it's super easy to just film your lecture for your housemate who is still in bed, sleeping off their hangover. Or to secretly snap a photo of the fellow student who flirts with you. And even if, during a tutorial, all you want to do is film the lecturer, for example, it will still be possible to hear your fellow students asking questions in the background, too.
Not everyone wants to be filmed or photographed, particularly not within the walls of your education institution. Before you start filming or taking photos, always ask yourself these four questions first:
is everyone who will appear in the photo/video clip aware of this?
is everyone who will appear in the photo/video clip happy about that?
does everyone know where I am going share/publish the images?
is there a way for people who do not want to be in the photo/video clip to not appear in the image/be heard in the recording?
If the answer to one or more of these four questions is ‘no’, you should seriously ask yourself whether or not taking photos or shooting a video clip is wise/desirable. Remember the rule of thumb mentioned at the beginning of this page:
Take others into consideration, as you would have others take you into consideration.
Consider for a moment: would you be pleased if someone from your education institution took a photo or shot a video clip of you?
Data breach
During your studies you will from time to time have access to others people's personal data. This can include email addresses and telephone numbers of fellow students, research results, video clips of an interview, etc.
In the worst case scenario, you could lose this data. You might lose a USB stick on the train, email the attachment to the wrong email address or leave a document containing address details behind in the printer. In formal terms, this is referred to as a ‘data breach’; personal data has or may have been leaked to people who are not actually authorised to access to it. A situation in which you are no longer able to access certain data/personal data or in which the data is no longer correct, can also constitute a data breach.
What should you do then? If you suspect that you have lost others people's personal data/special personal data, always contact [contact details]. Together, you can decide what action may be necessary. Sending an email to the wrong person containing five other email addresses is not as serious as sending them medical information about those five people or accidentally sharing the email addresses of five hundred people.
Consider for a moment: which personal data have you shared with someone else in the last week?
Working & studying securely
We expect all students to have a professional attitude during their studies. That means that you:
properly protect other people's personal data, just as you would have others properly protect your privacy.
use the software provided by the education institution (e.g. for saving files) as much as possible when doing assignments for your study programme.
are aware of the consequences if sensitive information/sensitive personal information ends up in the wrong hands and are therefore always very cautious about sharing sensitive information.
If you follow these principles, you can proceed through your studies as securely as possible when it comes to your own privacy, and that of your fellow students!
Step 2: Ready to start...?
What do you already know?
Toets: What do you already know?
0%
You will soon be starting your studies; time to put your digital affairs in good order for this purpose! In this chapter you will get to work on properly setting up your equipment, files and all necessary security features.
But before we get started, let's do another short quiz so you can check for yourself how much you already know about this subject.
De onderstaande antwoorden moet je zelf nakijken; vergelijk jouw antwoorden met de goede
antwoorden, en geef aan in welke mate jouw antwoorden correct zijn.
What you will learn
You will learn how you can properly organise your digital affairs before starting your studies.
Summary
During your studies, you will make use of your laptop, mobile phone and all kinds of online apps and tools on a daily basis. The digital tools you use privately and the ones you use for your studies may also partly overlap. So it is a good idea to properly set these up before the first day of your studies so that you can handle any sensitive data (e.g. personal data) you may be confronted with later in a secure manner.
In the past...
In the past. Everything was better back then. You often hear people say this and perhaps there is some truth to it. After all, not that long ago, computer viruses, ransomware and DDoS attacks did not yet exist. But we must all keep up with the times, so it is smart for both the younger and older generations to also know something about how things used to be:
In the coming years, you will increasingly be confronted with digital applications, files containing sensitive information and important documents in your studies. For you as a student, that means that there are three key agreements which all students must abide by (this may sound strict, but it is essential for your security and ours, too):
For files containing sensitive information, you should in principle only use the file storage application [name of application] provided by the education institution; that way you can avoid the risk of these files ending up somewhere outside of the education institution.
In communications with education institution employees or external contacts which are necessary for your studies, never use any email address other than the one given to you by the education institution.
Ensure you practise proper digital hygiene by performing the following four checks before starting your studies.
Read through the checks carefully and complete the steps on your own laptop, mobile telephone and/or tablet, so you can be sure that when you start your study programme in the upcoming period, you will in any case be doing this part of your studies in a secure manner.
Check: Updates
With considerable regularity, researchers and ethical hackers discover new security breaches in frequently-used software. The only way to ensure that malicious parties cannot gain access your files, webcam, means of communication and equipment is to update your software regularly.
NOTE: you do not need to update the software provided by the education institution, such as [...], as we do that for you. This check concerns software which you have installed yourself on your laptop, tablet or telephone.
To update your software, we recommend you follow these steps: [space for step-by-step plan / screencast with explanation of the steps to be followed].
Check: Backups
Despite updating your equipment, things may still sometimes go wrong. You might forget your laptop on the train, your telephone might get stolen or maybe your housemate will use your new tablet as a cutting board. There is nothing worse than realising that the report you have been working so hard on for weeks has suddenly disappeared...
Many students already use the [name of platform] cloud storage service offered by our education institution for saving their files. In that platform, we automatically make backups for you, which you can recover up to [number] days later by [step-by-step file recovery plan].
To back up other files and/or devices, we recommend you follow these steps: [space for step-by-step plan / screencast with explanation of the steps to be followed].
Check: Antivirus
No matter how careful you are, anyone can still accidentally click on the wrong link or end up on an unsafe website. As long as you have good antivirus software running on your equipment, that isn't necessarily a big problem.
Your education institution offers you the antivirus software [name of application]. We strongly recommend that you install this free software on all devices you use for your studies. [space for step-by-step plan / screencast with explanation of the steps to be followed].
NOTE: if you still suspect that one of your devices is infected with a virus, please contact [contact details of ICT/Helpdesk] immediately.
Check: 'Ransomware'
Ransomware is malicious software which can block access to your equipment (hold it hostage) or encrypt all of your files. You can only regain access to your equipment and files after paying a ransom, in the form of Bitcoins, for instance.
Most ransomware is sent as an attachment in a fake email, in .pdf, .exe. or .doc format, for example. If you don’t totally trust the sender of the email, you should never click on such files! By clicking on the file, the ransomware may be installed on your device.
The education institution offers students the software [name of application] for free, with which you can check periodically whether your device is infected. You can download this software here [link].
NOTE: if you still suspect that one of your devices is infected, please contact [contact details of ICT/Helpdesk]immediately.
Check: Passwords
On average, the Dutch have approximately 30 online accounts and, as such, a multitude of different passwords. On one website, the password is required to have at least eight characters, while on the other, it must include at least two capital letters, etc. How are you supposed to keep track of all of these in secure manner...?
The education institution recommends that all students use a password manager. This is software which enables you to save all of your passwords in a secure manner and which you can access with a single master password. As a result, you can come up with very complex passwords, since you no longer need to remember them yourself. That makes it much more difficult for malicious parties to gain access to your accounts.
The education institution offers you the password manager [name of application] for free. You can download and install it here [link]: [space for step-by-step plan / screencast with explanation of the steps to be followed].
NOTE: if you are no longer able to obtain access to one of the applications offered by the education institution, please contact [contact details of ICT/Helpdesk] immediately.
Check: Encryption
Many popular applications, such as WhatsApp and Telegram send all messages in encrypted form. This means that these messages are useless to anyone who intercepts them, because a decryption key is required in order to read the message.
Because you may also work with sensitive information during your studies, we request that you also encrypt all communication and files, to eliminate any risk that malicious parties might be able to view these. For this purpose, the education institution offers you the encryption software [name of application] for free. You can download and install it here [link]: [space for step-by-step plan / screencast with explanation of the steps to be followed].
Check: Netflix-laptop?
During your studies, you will come into contact with all kinds of people, including fellow students, lecturers, researchers, housemates, and so on. You will work together with many of these people and regularly have to have a look at each other's screen.
In general that's not a problem, of course, since you are all doing the same study programme and all have your security features in good order because of having periodically performed these four checks. But it is still wise to keep your own equipment to yourself wherever and as much as possible.
If you live in a student house, for instance, make sure that your laptop does not become the designated Netflix laptop everyone hooks up to the beamer to watch films together. Make sure you don't leave your mobile phone lying around all over the house and take care to always lock your screen if you will briefly be away from your computer.
In this way, we can achieve good digital hygiene together and you can go through your study programme feeling safe!
If you have any other questions about these four checks, you can always contact [contact details of ICT/Helpdesk]. Thank you for your cooperation!
Step 3: Your first month
What do you already know?
Toets: What do you already know?
0%
The last step – your study programme is about to start! Now that you are properly prepared you can really dig in. Working with your fellow students, cramming for exams until late at night and communicating with your lecturers.
In order to do all of this securely, we have compiled the 3 Golden Rules for our education institution. If you follow these, you will know for sure you are working and studying as securely as possible. To check in advance how many of these rules you know, you can start with short self-test here.
De onderstaande antwoorden moet je zelf nakijken; vergelijk jouw antwoorden met de goede
antwoorden, en geef aan in welke mate jouw antwoorden correct zijn.
What you will learn
You will learn how you can study and work securely during your studies.
Summary
As soon as you have started studying, it is extremely important that you know how to work and study securely, whether you are at the education institution, at home or on the road. For this purpose, we drew up the three ‘Golden Rules’, which, as long as you follow them closely, will ensure that the risk of a data breach (the unintentional sharing of personal data) is kept to a minimum.
3 GOLDEN RULES
From the time that you begin studying until the moment you have graduated, you make use of software, documents and means of communication from your education institution. This carries with it responsibilities for all students. By following the three Golden Rules explained on this page, you can make sure you are working as securely as possible and that the risk of a data breach is kept to a minimum.
A data breach means that unauthorised persons have obtained access (often accidentally or through hacking) to personal data without this being the intention of the education institution.
Rule 1: do not allow any unwanted people to shoulder surf
No matter where you work, whether it be on the train, on the bus, at home or at the education institution, make sure that no one can peek at your screen or files while you are working – not because you are necessarily always working with top secret information, but so that you can teach yourself to be careful about this.
Useful actions to take:
Always close your laptop if you are going to be away from your laptop
Use a webcam cover (you can pick up one for free at [location])
Use privacy film on your laptop to significantly reduce the viewing angle (you can pick up one for free at [location]).
Rule 2: take good care of your data
You produce new data on a daily basis: emails, files, photos and video clips. You in turn share many of those files with one or more other people. Make sure you are always in control of who has access to which of your files.
Useful actions to take:
Always save files in the cloud storage serviceof your education institution
Be cautious about sharing data: only share what is strictly necessary
Be cautious with whom you share something: always share data with as few people as possible.
Rule 3: take others into consideration
How do you want others to deal with your personal data? Exactly, verrrrry carefully. So take others into consideration, as you would have others take you into consideration in the handling of your personal information.
The context is very important in this regard. A fellow student's name does not by itself reveal much, but it does if the name is on a list of ‘students with below average performance’, for example. Sharing address details of a fellow student with their parents does not seem like a problem, until it suddenly emerges that the parents and the student have been at loggerheads for years. Therefore, you must always look carefully at the context and the circumstances in which you are going to share the data.
Useful actions to take:
Inform people when you are taking a photo or shooting a video clip (‘I will only use this photo in our closed study group’)
Ask for consent, if possible (‘Is it OK if I use this photo which you are also in as the profile photo for our study group?’)
If you still accidentally distribute information about someone further than was intended, always inform the person in question about this. You would probably also want them to do the same for you...
If you follow these three rules, then we can work together on a secure learning and working environment at our education institution.
Many thanks in advance for your cooperation!
Case 1: photos & video clips
These days, all students and employees have one or more cameras with them. On their telephone, on their iPad, in the webcam of their laptop and sometimes on their smartwatch, too. Of course this is super fun and useful, for example for filming a lecture for your ill fellow student, or photographing a few slides from a lecture.
But what exactly are the rules at the education institution? When is this allowed and when is it strictly forbidden? Below you can read exactly what the rules are at our education institution when it comes to images.
What is allowed?
[Space for describing situations in which students are permitted to take photos and/or shoot video clips]
What is prohibited
[Space for describing situations in which students are not permitted to take photos and/or shoot video clips]
Case 2: personal data of fellow students
[Identical interpretation of the type of information on this page as that of case 1: a brief introduction followed by an overview of the regulations (including examples) with regard to recording, storing, sharing and archiving / destroying personal data of fellow students]
Het arrangement Digital license 'Student' is gemaakt met
Wikiwijs van
Kennisnet. Wikiwijs is hét onderwijsplatform waar je leermiddelen zoekt,
maakt en deelt.
Dit lesmateriaal is gepubliceerd onder de Creative Commons Naamsvermelding 4.0 Internationale licentie. Dit houdt in dat je onder de voorwaarde van naamsvermelding vrij bent om:
het werk te delen - te kopiëren, te verspreiden en door te geven via elk medium of bestandsformaat
het werk te bewerken - te remixen, te veranderen en afgeleide werken te maken
voor alle doeleinden, inclusief commerciële doeleinden.
Do you remember the game ‘Who am I?’ on the right? In this game, you combine various kinds of personal data, so you can eventually guess the identity of the person concerned correctly. It works the same way with your own personal data. The mere fact that you have brown hair is not personal data, but it is considered personal data if you are the only person in your class with that colour hair. On its own, your first name is in many cases insufficient to be able to identify you, but it is enough if your last name and house number are also known.
The education institution is in turn allowed to share certain data with other parties. This can include sharing your email address with the Education Executive Agency (DUO) so that it will be able to contact you about your student grant, or your study progress with an education institution abroad if you will be doing part of your study programme there. Your education institution must clearly state which of your data it stores, for what purpose it requests that data and with whom it will share the data. 
No matter where you work, whether it be on the train, on the bus, at home or at the education institution, make sure that no one can peek at your screen or files while you are working – not because you are necessarily always working with top secret information, but so that you can teach yourself to be careful about this. 
You produce new data on a daily basis: emails, files, photos and video clips. You in turn share many of those files with one or more other people. Make sure you are always in control of who has access to which of your files.
How do you want others to deal with your personal data? Exactly, verrrrry carefully. So take others into consideration, as you would have others take you into consideration in the handling of your personal information. 
