From Cncz
Revision as of 18:57, 30 October 2013 by Caspar (talk | contribs)
Jump to: navigation, search

Information security

European directives and Dutch law prohibit the storage of personal data (persoonsgegevens) outside the European Economic Area. Most of the well known cloud services are US based: Dropbox, all Google services such as Gmail and Google+, Hotmail, iCloud. This implies that (data collections containing) personal data may not be stored on these cloud services. In addition to the law, Radboud University has issued an internal security policy that prohibits the storage of data that is classified as critical (this includes all personal data) on any (public) cloud service, even those which are EEA based. However, the RU considers SURFnet's filesender and edugroepen as safe community cloud services for data exchange between RU employees, students, and external parties.

In addition to this it is advised to consider if you trust the cloud provider well enough to handle your data. Take into account the possible problems which may arise when the service is discontinued or taken over by a third party, when the services is hacked or forced by law to provide data to a (local) authority. Moreover one can never be sure about the goals a provider may have with your data.

The RU information security policy and data classification methodology are available online (in Dutch only).