Sensitive data handling in research
Data identification - Personal data categories
Data Collection
Sensitive data must be collected using secure methods and tools that prevent data from falling into the wrong hands or being corrupted. The storage medium must be secure and properly configured.
Information on how to choose the collection device and how to store and process the data can be found on the Collecting interview data -website
For help on choosing a recording device and confuguring the settings, please visit the page on the Data security of voice recorders and cameras
For patient interviews and processing of anonymised patient data, e.g. in a teaching situation, the TUNI Teams (preferred) or the TUNI Zoom services can be used.
The site "Security guidelines for remote meetings and interviews with Teams and Zoom" helps to prepare for the interview situation. See also the Teams online meetings page and the Zoom guidelines for Zoom video meeting, organiser's guide and the Zoom privacy and security page.
Surveys and databases: REDCap (Research Electronic Data Capture) is a secure browser-based tool for building and managing surveys and databases. The REDCap system is hosted in CSC Data centre in Finland. It requires a TUNI account to access and login. The REDCap system for ollection and managing research data -website provides instructions on how to use the system.
Data Processing - Transcription
You can do the transcription yourself or use the TUNI Group's Transcription services.
For sensitive data, the Subtitle Edit application can also be used. It is a subtitling application that allows you to create, edit and time your video subtitles.
The program works and can only be used lovcally installed on Tuni computers. Locally installed version is safe for sensitive or confidential data. The application can be installed from the Software Center or for Linux from the GitHub website
Before use, please read the instructions for the Subtitle Edit application
Data Encrypting
Encryption of sensitive data is necessary if the data cannot be protected in any other way or if the data would cause serious harm or damage to the data provider or controller if it fell into the wrong hands or was compromised.
Strong and reliable encryption software must be used to encrypt sensitive data, preventing it from being read or modified without the correct password or encryption key.
Cryptomator is a free encryption software with strong and adequate protection, even for handling special categories of personal data. Cryptomator does not encrypt metadata such as timestamp, number or file size. Cryptomator can be installed on Windows and Linux workstations or used remotely via the TUNI Virtual Desktop service. Cryptomator is suitable for shared use and projects. Read the Cryptomator encryption software user manual.
Veracrypt is a free encryption software with sufficient protection to handle specific categories of personal data. Veracrypt also encrypts metadata. Veracrypt can be installed on a Windows workstation or used remotely via the TUNI Virtual Desktop service. See the Veracrypt user manual.
Make sure that the password or encryption key is stored in a secure place where it can be easily found if needed. Without the password or encryption key, the data cannot be accessed.
See the Research Data Management and Storage page for more information on these and other encryption software.
Data Storing
CSC's disk ePouta is a service designed to store confidential data and special categories of personal data without the need for a separate encryption program. ePouta virtual server can only be accessed from a computer on the TUNI network. The data is located in CSC's data centre in Finland. For more information on how to use the environment, see the Data processing and scientific computing website.
Sensitive data may only be stored on a memory stick if it has first been encrypted with an operating system-specific program such as BitLocker, and after that the files have been encrypted with one of the two encryption programs mentioned above. The memory stick must also be physically protected and its loss must be reported immediately. Read the instructions - How to protect your usb drive or memory stick with Bitlocker.
The choice of storage location and place depends on the quality of the data. Please study the Storage Selection page before storing your data in the system. The confidentiality of documents is classified and the storage location is based on this classification to S- and P drive, hard drives or OneDrive and Teams.
To save on P drive: drive P is not visible by default, open the TUNI Tools folder on your desktop, click on the MapDrive-TUNI-Home shortcut (drive P) and enter your TUNI password when prompted. Applies only to staff-maintained machines.
Email: email is not a secure medium for storing or sending sensitive data. Email can easily fall into the wrong hands or become corrupted. Sensitive data may not be stored or sent by e-mail without an encryption program.
Cloud computing: cloud computing services such as Google Drive, Dropbox, iCloud, etc. are not a secure methods of storing or sharing sensitive data. Cloud services may be located outside the EU or EEA, in which case data protection legislation may not apply.
Data Sharing
Sensitive data must be shared using secure methods and tools that prevent data from falling into the wrong hands or being corrupted.
Funet FileSender is a service designed for sharing large files containing confidential data. For more information, please visit the File Sharing website and the Funet FileSender file sharing service.
Encrypting the file on your computer with 7-zip before sharing ensures a secure transmission. The encryption key or password can be sent as an encrypted email or as a separate SMS message.
Signal - messaging service. if you use it, use the work bubble on your phone and go through the privacy settings and set your messages to disappear. You can use the service to send pictures, or just a password.
Check out the Information security page for mobile phones and make sure your device is secure and the right choice for handling sensitive data.
Data Archiving and Disposal
When storing sensitive data, ensure that the data is archived and properly destroyed when it is no longer needed. Archiving and disposal shall be carried out in accordance with the organisation's guidelines and policies.
Consult with the case management team for advice on archiving and records disposal. Tampere University asianhallinta.tau [at] tuni.fi (mailto:asianhallinta[dot]tau[at]tuni[dot]fi) otamk [at] tuni.fi (r )Tampere University of Applied Sciences tamk [at] tuni.fi (mailto:tamk[at]tuni[dot]fi)