NB. This is an unofficial translation. Please see the Finnish version for reference.
Please refer to the tables on this page to see where you can store and process data in Oamk, and how you can share data to others. Oamk’s data is classified into three protection levels, depending on who needs to access it. The protection levels are
- public material,
- internal material, and
- confidential material.
In addition, there can also be materials classified as secret, the processing of which is not described on this page.
- Data storage and processing: information systems
- Data storage and processing: files
- Data storage and processing: public cloud services (=not provided by Oamk)
- Sending/sharing data
- Online survey tools
- Telling about, or showing the material to others
- Printing materials and destroying papers
Data storage and processing: information systems
| Service | Public | Internal | Confidential | Limitations |
|---|---|---|---|---|
| Peppi, basic register | allowed | allowed | allowed | NB: No health information! |
| OAMK Moodle | allowed | allowed | allowed with limitations | Verbal feedback can be given to students or collected from students. Moodle also stores exam and other answers returned by students to Moodle. |
| Oamk’s 365 OneDrive for business, Teams, SharePoint etc. | allowed | allowed with limitations | allowed with limitations | Student lists, etc. lists containing name and contact information or academic performance information, are generally shared among the staff in SharePoint (alternatively in OneDrive, but in that case it is worth noting that OneDrive is emptied when the person’s employment ends. See OneDrive instructions). Protected information cannot be accessed with just a link, but the recipient must login to get access. |
| Intra | allowed | not allowed | not allowed | |
| Viva Engage | allowed | not allowed | not allowed | |
| Public webpages | allowed | not allowed | not allowed | |
| eDuuni | allowed | allowed | not allowed | In business cooperation, the tools must be agreed separately. |
| Dynamics 365 CRM | allowed | not allowed | not allowed | |
| Request tracker | allowed | allowed | not allowed | |
| Youtube | allowed | not allowed | not allowed | Hiding the link is not enough to protect data. (You can enter only your own information at your own discretion.) |
| Reportronic and Thinking portfolio |
allowed | allowed with limitations | not allowed | The work allocation information can be saved. |
| Remote data processing via VDI or VPN | allowed | allowed with limitations | allowed with limitations | As a rule, only with devices provided by the employer. With own devices, the device must be only in the user’s personal use (e.g. not a shared family computer) and security must be taken care of. |
| Other systems not mentioned here, e.g. joint registers used with other higher education institutions, etc. | allowed | allowed with limitations | allowed with limitations | Always check the data protection level of the system you use. from the system administrator or Oamk’s data protection officer. |
Data storage and processing: files
| Storage | Public | Internal | Confidential | Limitations |
|---|---|---|---|---|
| Storage on the local hard disk of a computer managed by Oamk. | allowed | allowed | allowed with limitations | Allowed when encrypted. The user must take care of the backups himself. |
| Data processing on a computer or mobile device that is not managed by Oamk (e.g. personal home computer) | allowed | allowed with limitations | not allowed | The user must take care of the backups himself. |
| Data on a public computer (e.g. library) | allowed with limitations | not allowed | not allowed | Read-only, when login is not required |
| Home directory (network drive, K drive) | allowed | allowed with limitations | allowed with limitations | Personal data is primarily stored in information systems. We recommend O:\personnel folder for shared use |
| Oamk’s internally shared, protected network drives. | allowed | allowed with limitations | allowed with limitations | Personal data is primarily stored in information systems, but e.g. course-specific work lists, which are deleted after the end of the course, can be saved here during the course. Pseudonymisation of data is recommended -> students by student number, not by name and/or social security number. |
| Common network drives (other than those mentioned above) | allowed | not allowed | not allowed | |
| Saving to Oamk’s phone or tablet (security code in use) | allowed | not allowed | not allowed | The user must take care of the backup himself, basically only for temporary use. |
| USB memory, CD/DVD/Bluray, external hard disk | allowed | allowed with limitations | not allowed | Data encryption must be ensured. Store carefully. The user must take care of the backups himself. |
Data storage and processing: public cloud services
| Cloud service | Public | Internal | Confidential | Limitations |
|---|---|---|---|---|
| Public cloud services (e.g. Google Drive, Trello, Asana, Padlet), linked to your Oamk email | allowed | allowed with limitations | not allowed | A certain subject area (e.g. a project) or various workshops. Files are shared with known users only, not by a hidden link. If there is no other option in the collaborative project, e.g. company contact information can be saved. However, not e.g. students’ personal data. |
| Public cloud services (e.g. Google Drive, Trello, Asana, Padlet), not linked to your Oamk email | allowed | not allowed | not allowed | Basically, not used for work. |
Sending/sharing data
| Tool | Public | Internal | Confidential | Limitations |
|---|---|---|---|---|
| Oamk email | allowed | allowed | allowed with limitations | Internal use at Oamk: There is no need to use encryption between Oamk users. Encryption should nbe considered, when sending outside the house. Basically, instead of sending lists containing personal data, it is recommended to share them from Oamk’s SharePoint or OneDrive. In this way, there are fewer copies of the files. |
| Oamk email encrypted [salattu] | allowed | allowed | allowed with limitations | Transfer of material to a partner with whom there is an agreement on the processing of the material. |
| Turvaposti.fi | allowed with limitations | allowed with limitations | allowed with limitations | Requires a separate paid license. |
| Funet filesender | allowed | allowed with limitations | not allowed | Encrypted files |
| Letter mail, internal mail | allowed | allowed with limitations | allowed with limitations | In a closed envelope |
| Own, personal email (e.g. gmail) | allowed | not allowed | not allowed | Personnel should always use only work e-mail to perform work tasks. Oamk work e-mail may not be forwarded to your own personal e-mail address. |
Online survey tools
| Tool | Public | Internal | Confidential | Limitations |
|---|---|---|---|---|
| 365 Forms | allowed | allowed with limitations | not allowed | Care must be taken to ensure that the materials are processed appropriately. |
| Webropol | allowed | allowed with limitations | allowed with limitations | Care must be taken to ensure that the materials are processed appropriately. |
Telling about, or showing the material to others
| Tool | Public | Internal | Confidential | Limitations |
|---|---|---|---|---|
| Phone | allowed | allowed with limitations | allowed with limitations | Identity must be verified, bystanders must not hear. |
| Online meetings: Teams, Nordunet Zoom or Webex | allowed | allowed with limitations | allowed with limitations | Identity must be verified, bystanders must not hear or follow, recordings and screenshots must be taken into account. |
Printing materials and destroying papers
| Task | Public | Internal | Confidential | Limitations |
|---|---|---|---|---|
| Printing to paper | allowed | allowed with limitations | allowed with limitations | Use secure printing only |
| Destroying papers: regular paper trash can | allowed | not allowed | not allowed | |
| Destroying papers: locked data security trash can | allowed | allowed | allowed |
Note! Please take care of the data life cycle: By law, materials containing personal data must be destroyed when they are no longer needed. Information on how long the materials should be kept, should be found in the data archive plan. When the storage period has expired, the data must be deleted.
« Back
This article was published in categories English version available, All instructions, Oamk , for Oamk staff, accessible content and tags staff's email, file sharing, kyselyohjelmistot, Microsoft Office 365, pilvitallennus, suojattu sähköposti, tiedostot, tietoaineistot, tietojen tallennus, tietosuoja, tulos. Add the permalink to your favourites.