Merge pull request #92 from UtrechtUniversity/updates

Update data breach links, small reformulations, EC decision aid to Design chapter
UtrechtUniversity · Jan 12, 2024 · 79aa5e9 · 79aa5e9
2 parents 32f0feb + 5779e59
commit 79aa5e9
Show file tree

Hide file tree

Showing 36 changed files with 54 additions and 72 deletions.
diff --git a/chapters/privacy-by-design.Rmd b/chapters/privacy-by-design.Rmd
@@ -29,6 +29,13 @@ save you time and effort. They can help you review and possibly adjust your
 plans, determine the appropriate protection measures, and determine whether you 
 need to perform a more elaborate [Data Protection Impact Assessment](#dpia).
 
+::: fyi
+The European Commission has created 
+[this interactive decision aid](https://ec.europa.eu/assets/rtd/ethics-data-protection-decision-tree/index.html){target="_blank"} 
+that can also help you think of all the necessary steps to design your project 
+with personal data.
+:::
+
 ![Privacy in the research cycle. From Conception (Hypothesis generation, ideas), to Designing the project (Grant/project proposal, Draft privacy scan, Consult with privacy officer, data manager, grant officer), to Grant/project approved (Privacy scan, possibly DPIA, Data Management Plan, Privacy notice and consent form, Ethics review, Agreements between parties) to Data acquisition (Data collection and reuse), Data Processing (Preprocessing, Analysis, Output generation), to Preservation (of data, code and documentation) and Publication (Manuscript, Data, Code and Documentation)](img/privacy-research-cycle.png "Privacy in the research cycle: a good preparation is crucial")
 
 ## Privacy scan {#privacy-scan}
@@ -239,7 +246,7 @@ in the data without revealing individual data points.
 Protect personal data, or make them unlinkable or unobservable. Make sure they 
 do not become public or known. You can for example do so using a combination of:
 
-- Using [encryption](#encryption), [hashing](#pseudonymisation-anonymisation) or 
+- Using [encryption](#encryption), [hashing](#replacement) or 
 [strong passwords](https://students.uu.nl/en/practical-information/it-facilities/information-security/information-security-secure-access-choosing-a-secure-password){target="_blank"}
 to protect data. Consider using a password manager to avoid losing access to the 
 data.
@@ -252,7 +259,7 @@ where noise is added to individual data points to hide their true identity.
 amount of time and with the necessary authorisations (e.g., read vs. write 
 access; only the relevant selection of personal data, etc.). Remove 
 authorisations when access is no longer required.
-- Encrypting and regularly backing up data on portable storage media.
+- Encrypting and regularly backing up data that are stored on portable storage media (note that portable storage media are not recommended for use as [long-term storage and back-up](#data-storage-where)).
 - Keeping a clear desk policy: lock your screen and store paper behind lock and 
 key when you leave your desk.
 
@@ -294,7 +301,7 @@ everyone will treat the data up to UU-standards.
 - Appointing someone responsible for regulating access to the data.
 - Always reporting (suspicions of) 
 [data breaches](https://intranet.uu.nl/en/knowledgebase/what-is-a-personal-data-breach){target="_blank"}. 
-At UU, contact the [Computer Emergency Response Team](https://intranet.uu.nl/en/security/information-security-computer-misuse-or-report-incident-cert){target="_blank"}. 
+At UU, contact the [Service Desk](https://intranet.uu.nl/en/knowledgebase/what-do-i-have-to-do-if-there-is-a-personal-data-breach){target="_blank"}. 
 - If needed, drawing up a privacy and/or security policy that specify roles and 
 responsibilities and best practices on how personal data are handled throughout 
 a project. 

diff --git a/chapters/research-scenarios.Rmd b/chapters/research-scenarios.Rmd
@@ -14,10 +14,6 @@ more information about each of these topics:
 ![Image with 10 steps towards privacy compliance in research: (1) Keep the GDPR in mind when designing your research: Do you need to collect personal data, why, and how much? (2) Make sure you have a legal basis to use personal data, e.g., public interest or consent (3) Document privacy risks and privacy-related decisions, e.g., in a Data Management Plan, privacy scan, or Data Protection Impact Assessment (4) Arrange ethics review. Ethics review makes sure that you have also taken ethical implications into account (5) Inform participants properly, e.g., in an information letter, oral script, privacy statement (6) Protect your data with organisational measures, e.g., access control, agreements with external parties, data protection policies, researcher training (7) Protect your data with technical measures, e.g., anonymise, pseudonymise, encrypt your data, use safe storage (8) Enable participants to exercise their rights, e.g., right to data access, correction, objection, erasure (9) FAIR data: balance risks and Open Science principles, e.g., share under restricted access, or only share metadata and materials (10) Ask for help when you need it! Contact your privacy officer or data steward for support](img/10_steps_towards_privacy_compliance_in_research.png)
 *Utrecht University RDM Support (2023). 10 steps towards privacy compliance in research. https://doi.org/10.5281/zenodo.10417513*
 
-In designing your project, you can also make use of 
-[this decision aid](https://ec.europa.eu/assets/rtd/ethics-data-protection-decision-tree/index.html){target="_blank"} 
-from the European Commission.
-
 ::: note
 The rest of this chapter will outline typical privacy issues and design 
 solutions for several types of scientific research. These scenarios are as yet 

diff --git a/chapters/seeking-help.Rmd b/chapters/seeking-help.Rmd
@@ -47,4 +47,5 @@ Besides the privacy officer, you can also ask for help from:
 [Research Data Management Support](https://www.uu.nl/en/research/research-data-management/contact-us){target="_blank"}.
 - [Information security](https://intranet.uu.nl/en/security/information-security-contact-who-are-we){target="_blank"}.
 - In some faculties, the [Research Support Office](https://intranet.uu.nl/en/knowledgebase/research-support-offices){target="_blank"} 
-may be of help in drafting agreements.
+may be of help in drafting agreements.
+- If you suspect a data leak or data breach, contact the [Service Desk](https://intranet.uu.nl/en/knowledgebase/what-do-i-have-to-do-if-there-is-a-personal-data-breach){target="_blank"} immediately.
diff --git a/docs/data-storage-duration.html b/docs/data-storage-duration.html
@@ -26,10 +26,9 @@
 Support.</p>" />
   <meta name="twitter:image" content="https://utrechtuniversity.github.io/dataprivacyhandbook/img/cover-image-dph.png" />
 
-<meta name="author" content="Utrecht University | Last updated: 2023-12-21" />
+<meta name="author" content="Utrecht University | Last updated: 2024-01-12" />
 
 
-<meta name="date" content="2023-12-21" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1" />
   <meta name="apple-mobile-web-app-capable" content="yes" />

diff --git a/docs/data-storage-how.html b/docs/data-storage-how.html
@@ -26,10 +26,9 @@
 Support.</p>" />
   <meta name="twitter:image" content="https://utrechtuniversity.github.io/dataprivacyhandbook/img/cover-image-dph.png" />
 
-<meta name="author" content="Utrecht University | Last updated: 2023-12-21" />
+<meta name="author" content="Utrecht University | Last updated: 2024-01-12" />
 
 
-<meta name="date" content="2023-12-21" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1" />
   <meta name="apple-mobile-web-app-capable" content="yes" />

diff --git a/docs/data-storage-where.html b/docs/data-storage-where.html
@@ -26,10 +26,9 @@
 Support.</p>" />
   <meta name="twitter:image" content="https://utrechtuniversity.github.io/dataprivacyhandbook/img/cover-image-dph.png" />
 
-<meta name="author" content="Utrecht University | Last updated: 2023-12-21" />
+<meta name="author" content="Utrecht University | Last updated: 2024-01-12" />
 
 
-<meta name="date" content="2023-12-21" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1" />
   <meta name="apple-mobile-web-app-capable" content="yes" />

diff --git a/docs/data-storage.html b/docs/data-storage.html
@@ -26,10 +26,9 @@
 Support.</p>" />
   <meta name="twitter:image" content="https://utrechtuniversity.github.io/dataprivacyhandbook/img/cover-image-dph.png" />
 
-<meta name="author" content="Utrecht University | Last updated: 2023-12-21" />
+<meta name="author" content="Utrecht University | Last updated: 2024-01-12" />
 
 
-<meta name="date" content="2023-12-21" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1" />
   <meta name="apple-mobile-web-app-capable" content="yes" />

diff --git a/docs/data-subject-rights.html b/docs/data-subject-rights.html
@@ -26,10 +26,9 @@
 Support.</p>" />
   <meta name="twitter:image" content="https://utrechtuniversity.github.io/dataprivacyhandbook/img/cover-image-dph.png" />
 
-<meta name="author" content="Utrecht University | Last updated: 2023-12-21" />
+<meta name="author" content="Utrecht University | Last updated: 2024-01-12" />
 
 
-<meta name="date" content="2023-12-21" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1" />
   <meta name="apple-mobile-web-app-capable" content="yes" />

diff --git a/docs/dataprivacyhandbook.epub b/docs/dataprivacyhandbook.epub
diff --git a/docs/dataprivacyhandbook.pdf b/docs/dataprivacyhandbook.pdf
diff --git a/docs/definitions.html b/docs/definitions.html
@@ -26,10 +26,9 @@
 Support.</p>" />
   <meta name="twitter:image" content="https://utrechtuniversity.github.io/dataprivacyhandbook/img/cover-image-dph.png" />
 
-<meta name="author" content="Utrecht University | Last updated: 2023-12-21" />
+<meta name="author" content="Utrecht University | Last updated: 2024-01-12" />
 
 
-<meta name="date" content="2023-12-21" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1" />
   <meta name="apple-mobile-web-app-capable" content="yes" />

diff --git a/docs/disclaimer.html b/docs/disclaimer.html
@@ -26,10 +26,9 @@
 Support.</p>" />
   <meta name="twitter:image" content="https://utrechtuniversity.github.io/dataprivacyhandbook/img/cover-image-dph.png" />
 
-<meta name="author" content="Utrecht University | Last updated: 2023-12-21" />
+<meta name="author" content="Utrecht University | Last updated: 2024-01-12" />
 
 
-<meta name="date" content="2023-12-21" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1" />
   <meta name="apple-mobile-web-app-capable" content="yes" />

diff --git a/docs/encryption.html b/docs/encryption.html
@@ -26,10 +26,9 @@
 Support.</p>" />
   <meta name="twitter:image" content="https://utrechtuniversity.github.io/dataprivacyhandbook/img/cover-image-dph.png" />
 
-<meta name="author" content="Utrecht University | Last updated: 2023-12-21" />
+<meta name="author" content="Utrecht University | Last updated: 2024-01-12" />
 
 
-<meta name="date" content="2023-12-21" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1" />
   <meta name="apple-mobile-web-app-capable" content="yes" />

diff --git a/docs/faq.html b/docs/faq.html
@@ -26,10 +26,9 @@
 Support.</p>" />
   <meta name="twitter:image" content="https://utrechtuniversity.github.io/dataprivacyhandbook/img/cover-image-dph.png" />
 
-<meta name="author" content="Utrecht University | Last updated: 2023-12-21" />
+<meta name="author" content="Utrecht University | Last updated: 2024-01-12" />
 
 
-<meta name="date" content="2023-12-21" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1" />
   <meta name="apple-mobile-web-app-capable" content="yes" />
@@ -1033,7 +1032,7 @@ <h3>Finding support<a href="faq.html#finding-support" class="anchor-section" ari
 <strong>I have a potential data breach, what should I do?</strong>
 </summary>
 <div>
-If you work or study at Utrecht University, please report this as soon as possible, preferably within 72 hours, to the <a href="https://intranet.uu.nl/en/security/information-security-computer-misuse-or-report-incident-cert" target="_blank">Computer Emergency Response Team</a> (CERT).
+If you work or study at Utrecht University, please report this as soon as possible, preferably within 72 hours, to the <a href="https://intranet.uu.nl/en/knowledgebase/what-do-i-have-to-do-if-there-is-a-personal-data-breach" target="_blank">Service Desk</a>.
 </div>
 <br>
 </details>

diff --git a/docs/gdpr-principles.html b/docs/gdpr-principles.html
@@ -26,10 +26,9 @@
 Support.</p>" />
   <meta name="twitter:image" content="https://utrechtuniversity.github.io/dataprivacyhandbook/img/cover-image-dph.png" />
 
-<meta name="author" content="Utrecht University | Last updated: 2023-12-21" />
+<meta name="author" content="Utrecht University | Last updated: 2024-01-12" />
 
 
-<meta name="date" content="2023-12-21" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1" />
   <meta name="apple-mobile-web-app-capable" content="yes" />

diff --git a/docs/gdpr.html b/docs/gdpr.html
@@ -26,10 +26,9 @@
 Support.</p>" />
   <meta name="twitter:image" content="https://utrechtuniversity.github.io/dataprivacyhandbook/img/cover-image-dph.png" />
 
-<meta name="author" content="Utrecht University | Last updated: 2023-12-21" />
+<meta name="author" content="Utrecht University | Last updated: 2024-01-12" />
 
 
-<meta name="date" content="2023-12-21" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1" />
   <meta name="apple-mobile-web-app-capable" content="yes" />

diff --git a/docs/glossary.html b/docs/glossary.html
@@ -26,10 +26,9 @@
 Support.</p>" />
   <meta name="twitter:image" content="https://utrechtuniversity.github.io/dataprivacyhandbook/img/cover-image-dph.png" />
 
-<meta name="author" content="Utrecht University | Last updated: 2023-12-21" />
+<meta name="author" content="Utrecht University | Last updated: 2024-01-12" />
 
 
-<meta name="date" content="2023-12-21" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1" />
   <meta name="apple-mobile-web-app-capable" content="yes" />

diff --git a/docs/how-to-use-this-handbook.html b/docs/how-to-use-this-handbook.html
@@ -26,10 +26,9 @@
 Support.</p>" />
   <meta name="twitter:image" content="https://utrechtuniversity.github.io/dataprivacyhandbook/img/cover-image-dph.png" />
 
-<meta name="author" content="Utrecht University | Last updated: 2023-12-21" />
+<meta name="author" content="Utrecht University | Last updated: 2024-01-12" />
 
 
-<meta name="date" content="2023-12-21" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1" />
   <meta name="apple-mobile-web-app-capable" content="yes" />

diff --git a/docs/index.html b/docs/index.html
@@ -26,10 +26,9 @@
 Support.</p>" />
   <meta name="twitter:image" content="https://utrechtuniversity.github.io/dataprivacyhandbook/img/cover-image-dph.png" />
 
-<meta name="author" content="Utrecht University | Last updated: 2023-12-21" />
+<meta name="author" content="Utrecht University | Last updated: 2024-01-12" />
 
 
-<meta name="date" content="2023-12-21" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1" />
   <meta name="apple-mobile-web-app-capable" content="yes" />
@@ -527,13 +526,13 @@ <h1>
             <section class="normal" id="section-">
 <div id="header">
 <h1 class="title">Data Privacy Handbook</h1>
-<p class="author"><em>Utrecht University | Last updated: 2023-12-21</em></p>
-<p class="date"><em>21 december 2023</em></p>
+<p class="author"><em>Utrecht University | Last updated: 2024-01-12</em></p>
+<p class="date"><em>12 januari 2024</em></p>
 </div>
 <div id="data-privacy-handbook" class="section level1 hasAnchor">
 <h1>Data Privacy Handbook<a href="index.html#data-privacy-handbook" class="anchor-section" aria-label="Anchor link to header"></a></h1>
 <p><img src="img/cover-image-dph.png" title="Data Privacy Handbook, image licensed under CC-BY-SA 4.0" alt="Illustrated cover image for the Data Privacy Handbook, showing a person sitting cross-legged with a laptop on their lap. From the laptop arise several concepts that are covered in the Data Privacy Handbook: Anonymisation (depicted as a face covered with a censor bar), Transparency (depicted as one person showing another person a checklist, informing them), Data sharing (depicted as two laptops connected to a globe), Privacy by Design (depicted as a map with a shield on it), and Personal data (depicted as a fingerprint that connects zeros and ones). The person is floating as if in meditation: happy that they achieved GDPR compliance. The left upper corner of the image shows the Utrecht University logo, and the bottom of the image says ‘Data Privacy Handbook’. Image drawn by Erik van Tuijn for Utrecht University in May of 2023." /></p>
-<p><em>Last Handbook update: 21 December 2023</em></p>
+<p><em>Last Handbook update: 12 January 2024</em></p>
 </div>
 <div class = "footer">
 <footer>

diff --git a/docs/informed-consent-forms.html b/docs/informed-consent-forms.html
@@ -26,10 +26,9 @@
 Support.</p>" />
   <meta name="twitter:image" content="https://utrechtuniversity.github.io/dataprivacyhandbook/img/cover-image-dph.png" />
 
-<meta name="author" content="Utrecht University | Last updated: 2023-12-21" />
+<meta name="author" content="Utrecht University | Last updated: 2024-01-12" />
 
 
-<meta name="date" content="2023-12-21" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1" />
   <meta name="apple-mobile-web-app-capable" content="yes" />

diff --git a/docs/legal-basis.html b/docs/legal-basis.html
@@ -26,10 +26,9 @@
 Support.</p>" />
   <meta name="twitter:image" content="https://utrechtuniversity.github.io/dataprivacyhandbook/img/cover-image-dph.png" />
 
-<meta name="author" content="Utrecht University | Last updated: 2023-12-21" />
+<meta name="author" content="Utrecht University | Last updated: 2024-01-12" />
 
 
-<meta name="date" content="2023-12-21" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1" />
   <meta name="apple-mobile-web-app-capable" content="yes" />

diff --git a/docs/legitimate-interest-assessment.html b/docs/legitimate-interest-assessment.html
@@ -26,10 +26,9 @@
 Support.</p>" />
   <meta name="twitter:image" content="https://utrechtuniversity.github.io/dataprivacyhandbook/img/cover-image-dph.png" />
 
-<meta name="author" content="Utrecht University | Last updated: 2023-12-21" />
+<meta name="author" content="Utrecht University | Last updated: 2024-01-12" />
 
 
-<meta name="date" content="2023-12-21" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1" />
   <meta name="apple-mobile-web-app-capable" content="yes" />

diff --git a/docs/open-science-questionnaire.html b/docs/open-science-questionnaire.html
@@ -26,10 +26,9 @@
 Support.</p>" />
   <meta name="twitter:image" content="https://utrechtuniversity.github.io/dataprivacyhandbook/img/cover-image-dph.png" />
 
-<meta name="author" content="Utrecht University | Last updated: 2023-12-21" />
+<meta name="author" content="Utrecht University | Last updated: 2024-01-12" />
 
 
-<meta name="date" content="2023-12-21" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1" />
   <meta name="apple-mobile-web-app-capable" content="yes" />

diff --git a/docs/personal-data.html b/docs/personal-data.html
@@ -26,10 +26,9 @@
 Support.</p>" />
   <meta name="twitter:image" content="https://utrechtuniversity.github.io/dataprivacyhandbook/img/cover-image-dph.png" />
 
-<meta name="author" content="Utrecht University | Last updated: 2023-12-21" />
+<meta name="author" content="Utrecht University | Last updated: 2024-01-12" />
 
 
-<meta name="date" content="2023-12-21" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1" />
   <meta name="apple-mobile-web-app-capable" content="yes" />

diff --git a/docs/pet-survey.html b/docs/pet-survey.html
@@ -26,10 +26,9 @@
 Support.</p>" />
   <meta name="twitter:image" content="https://utrechtuniversity.github.io/dataprivacyhandbook/img/cover-image-dph.png" />
 
-<meta name="author" content="Utrecht University | Last updated: 2023-12-21" />
+<meta name="author" content="Utrecht University | Last updated: 2024-01-12" />
 
 
-<meta name="date" content="2023-12-21" />
 
   <meta name="viewport" content="width=device-width, initial-scale=1" />
   <meta name="apple-mobile-web-app-capable" content="yes" />