Skip to main content

You're visiting the Staff Portal without being logged in. If you login you will get access to personalized content. Log in External users Forget previous

  • Students
  • Staff
  • Alumni
  • Media
Support / Help pages
Uppsala university
  • På svenska
  • Log in
    • Joint Web Login
    • Forget previous External users
    • Unsure of how to login?
  • Uppsala university
  • MP Start
  • Your Employment
    • Salary
    • Staff organizations
    • Working hours
    • Working environment and occupational health
    • Termination of employment
    • Outside activities
    • Wellness
    • Priority for an increased level of employment
    • Employee benefits
    • Insurances
    • Parental leave and sick child leave
    • Introduction for new employees
    • Career
    • Union agreements
    • Continuing professional development
    • Get to know your university
    • Networks
    • Retirement
    • Vacation
    • Sickness absence and return to work
    • Other types of leave
  • Services and Support
    • Purchasing and procurement
    • Forms
    • Campus
    • General Data Protection Regulation
    • Diarieföring & arkivering
    • Financial administration
    • Insurances
    • Handböcker
    • Internationalisation
    • IT and Telephony Services
    • Juridik, dokument- och ärendehantering
    • Communication
    • Skills supply and recruitment
    • Arrange conference/travelfree meetings
    • Crisis and crisis support
    • Lokaler
    • Environmental work
    • Travel
    • Studentrekrytering
    • Security
    • Uppdragsutbildning
  • Research
    • Research agreements
    • Horizon Europe
    • Phd Studies
    • Research ethics
    • Research Data
    • Research networks
    • Geodata och GIS
    • Infrastructure and resources
    • Press and media
    • Publish and register
    • Rådet för forskning
    • Innovation Support
    • Forskningsstöd - samverkan
    • Quality and Renewal
    • Uppsala University's Research Handbook
  • Teaching
    • Distance teaching
    • E-learning
    • Juridik och ramverk
    • Conferences, courses and seminars
    • Quality and evaluation
    • Läsår, terminer och perioder
    • Educational development
    • Rådet för utbildning
    • The Language Workshop for Teachers
    • Student administration
    • Teacher service
    • Stöd och service till studenter
    • Educational framework
    • Our courses and programmes
  • Our UU
    • Academic Traditions
    • Alumni activities
    • Fundraising, donationer och sponsring
    • International networks
    • Event Calendar
    • Mission, Goals and Strategies
    • Available positions
    • Organisation and governance
    • Organisational development
    • Regarding the war in Ukraine
  • Directory
  • MP Start
  • Your Employment
  • Services and Support
  • Research
  • Teaching
  • Our UU
  • Directory
!
Support and help
  • Services and Support/
  • Security/
  • Information security/
  • Go to Services and Support Security
    • Readiness
    • Surveillance
    • Fire protection
    • Campus cards
    • Property protection
    • Event security
    • Export control
    • Information security
      • Security when working remotely
    • IT security
    • Personal Safety
    • Travel Security and Safety
    • Risk and vulnerability assessment
    • Security and safety A - Z

Information security

Transfer of personal data to the US no longer permitted

What are the consequences of the Schrems II judgment for personal data management at Uppsala University?

2020-07-16 the European Court of Justice ruled that the European Commission's decision on Privacy Shield is contrary to EU law and should therefore be annulled (the so-called Schrems II case on the legal transfer of personal data to the US). According to the court, the US legal system does not provide sufficient protection for EU citizens' personal data and there is a lack of access to effective legal remedies. In short, it is no longer possible to rely on Privacy Shield for a legal transfer of personal data to the United States.

Recommendations from the security division:

  • Postpone new initiatives until further notice, if they involve the transfer of personal data to the US or are based on system solutions based on US cloud services.
  • Map existing use of services that may be affected by the verdict
  • Follow the development. More information will be published as soon as it is available. Contact security@uu.se if you want to know more.

Information security

The goal of information security is to ensure that risks, disturbances and threats directed towards university information resources are identified and handled to minimize negative consequences regarding confidentiality, integrity and availability (CIA).

On this page you will find

FAQ and advice

Guidelines

Web based education

Data storage

Other information

IT security

1. Guidance and answers to information security questions

FAQ - frequently asked questions regarding information security.

Every employee has a responsibility when it comes to the information security at the workplace. There are for some also responsibilities connected to their roles and occupations. The links below show checklists relevant to various categories.

  • Employees/co-workers
  • Head of department
  • Researcher
  • Purchasers/personnel taking part in the procurement of IT-systems and IT-services
  • Technical personnel (system developers / operating staff)
  • Project leaders, system owners, "e-områdesansvarig"

2. Guidelines and procedures

A comprehensive guide can be found here (nanolearning)

Risk and threat scenario analyses (rev. 2018-02-13).
Risk analyses gives the opportunity for a structured analysis of factors that might cause disturbances, as well as help selecting alternative methods to reduce risks. 

  • Information classification support (PDF) (See also Stöd informationsklassificering (the Swedish version)), Bilaga 2 (Rev. 2018-02-08). 
    Information classification is the bases of all information security. To know how to protect the information one must know what information is being processed. See also our short nanolearning on information classification and analysis or the presentation from our workshop (2018-03-08)
  • Current state analysis/Kravanalys (Excel). Bilaga 3 (Rev. 2018-02-20)
  • Konsekvensanalys (word). Bilaga 1 (Rev. 2018-01-24)
  • Riskanalys (Excel) Bilaga 4 (Rev. 2018-02-12)
  • How to handle identified security gaps (word) - previously "Action plan" . Bilaga 5 (Rev. 2018-06-15)
  • Template for information classification (word). Bilaga 6 (Rev. 2018-02-13)
  • Flow chart for the steps in information classification and reporting (PDF). Bilaga 7 (Rev. 2018-02-12) 
  • Standard classification of basic information (Word) - Bilaga 6a (Rev. 2018-04-24)

Rutiner för säker informationshantering (Rev. 2018-09-17) - safe information handling, also in cloud services (Swedish only)

Rutiner för anskaffning och drift av IT-system (Rev. 2019-01-09), inklusive outsourcing / drift i leverantörs regi

Further guidelines and procedures for IT- and information security can be found at the university rules and regulations web site (mål- och regelsamlingen)

3. Web based courses (nanolearning), information regarding security related courses

  • Information security for travelers (online nanolearning)
  • In need of a loaner device (if travelling outside the EU)? Contact security@uu.se
  • Check list, travel security (PDF)
  • All security related courses, including web based ones

Encryption and signing - To send e-mail more securely you can sign your message and encrypt your data. Encryption can be used to communicate sensitive information. You can encrypt your e-mail (see help section about encryption of e-mail), or only encrypt the attachment where the information is available (see help section on encrypted attachments).

Myfiles for file sharing
You can also use myfiles.uu.se to share files and catalogues with others. Note that it is not suitable to use the myfiles.uu.se service as a continuous cooperation area with external parties. Areas such at those need to be handled through a proper authentification method to ensure high adherence to the regulations surrounding identification.
WHen you do share with external parties using myfiles.uu.se, remember to

  • Limit the access period.
  • Only share files/catalogues necessary for each instance.
  • Be thorough with how you share rights.  

Read more about different options for storing and sharing.

Using OneNote and/or sharing OneNote notebook:

  • Ensure that nothing is saved or stored in a cloud service. Everything needs to be stored locally on your own computer, or on a University file server. This includes the cached information. Check the setup in your OneNote installation (Alternatives, Save and copy).
  • If you belong to a group that need to share the notebook: Create a notebook exclusive to the group, only accessible to authorized in a protected area on a local Unversity fileserver. Contact IT Servicedesk if you need a protected area.

4. Data storage

We cannot give an all encompassing recommendation as the demands can differ quite a lot from case to case. Secure storage of research data is a priority at the University, and work is ongoing to develop solutions. In many cases there is a need to share infoformation with a third party. How such a sharing should take place differs from case to case and needs to be discussed. Presently, the following alternatives may be used:

  • The central storage solution (Data portal) Allvis
  • Added service data storage (formerly known as Argos and Vesta. See Storage Hints and Guides for more information.
  • SUNET Box has been classified with CIA 222, and can be used for information classified 222 or lower (221, 122 and other combinations), unless the information contains personal data. NB! Because of the current uncertainties regarding GDPR and personal data transfers outside the EU (See Schrems II above) we currently discourage the use of SUNET Box for handling of personal data. Contact the security division if you have questions regarding this.
  • Intendenturer, institutioner och centrumbildningar har i många fall egna lösningar att erbjuda. Kontakta innehavaren av tjänsten för ytterligare information. 
  • Your campuses or Department may have their own solutions on offer. Contact them directly for more information.

Contact the Security and safety division for advice, support etc.

5. Other information

GDPR and information security

  • Intro to GDPR, aimed at departments (PDF rev. 2018-05-29)
  • Presentation from workshop (PDF rev. 2018-04-20)
  • The university page on GDPR 

IT security: Information regarding technical security, system configurations, how to protect your computer, malware, how to report IT security incidents etc.

Information - written, spoken, in electronic form, all kinds of research data, examinations etc - is an asset that, like physical properties and personnell is vital to to maintain the university activities.

Publicerad: 05 maj 2023

  • På svenska
  • Support and help
Log in
  • Joint Web Login
  • Forget previous External users
  • Unsure of how to login?
  • Contact us
  • Switchboard internal: 987
  • Switchboard external: 018-471 00 00
  • Editorial staff
  • Registrar
  • Whistleblower function
  • Support
  • Accessibility report
  •  
  • Org. nr: 202100-2932
  • VAT-nr: SE202100293201
  • PIC: 999985029
  • Invoice address
  •  
  • In case of emergency
  • Call (00) 112 when life, health or property are at immediate risk.
  • In serious incidents, call the University's emergency number 018‑471 25 00.
  • Emergency checklist
Uppsala University uses cookies to make your website experience as good as possible. Read more about cookies.