Data security
Table of contents
Research data must be handled and stored securely, especially if it contains personal data, sensitive information or confidential information.
The university defines secure storage locations, programs, and devices.
If you have very sensitive data or confidential information, you may need to handle it the same way you would with special categories of personal data.
Choose secure programs and devices
Ensure secure programs and devices when conducting interviews, remote interviews, surveys, and more.
Interviews
- MyJYU AI Transcription is a secure program for recording and transcribing interviews. You can use your own smartphone and the MyJYU app to record interviews. Always ensure you have the latest version of the MyJYU app! You can also record interview material containing special categories of personal data or other sensitive information with your own phone and the MyJYU app, provided your phone meets the following criteria: 1) biometric authentication has been implemented; and 2) the operating system is Android 10 or newer / iOS 17 or newer.
- If your phone does not support biometric authentication or the latest system updates, use the Zoom program with JYU credentials at: https://jyufi.zoom.us
- Instructions for using Zoom for research interviews — Intranet Uno (jyu.fi)
- If the interview involves special personal data, Zoom should be used on university devices. Consider if this is possible for you.
- Additionally, recording should be done on the U-drive whenever possible, not on your personal computer.
- If you do not process special categories of personal data, you can also use the university's M365 Teams with JYU Microsoft credentials.
- Zoom and Teams can be used for both remote interviews and when you are in the same room.
- Or, use a tape recorder borrowed from the university.
- The tape recorder should have a function for encrypting recordings.
- "The recording shall be removed from the tape recorder once it has been transferred for processing. The encryption keys of the device must be changed when the device is transferred to a new user." Recording and processing of research interviews — Intranet Uno (jyu.fi) (Finnish)
Transcriptions
- Researchvideo and MyJYU AI Transcription are the university's own secure AI-powered tools for transcription. You can use them for transcribing material containing special categories of personal data. For example, if you used a recorder to record the interviews and there's special personal data, you can use Researchvideo to transcribe.
- If your material does not contain special personal data or other sensitive information, you can also use the transcription functions of M365 Teams and Word with JYU Microsoft credentials.
Surveys
- Surveys are made with JYU Webropol or JYU REDCap.
- Google Forms, SurveyMonkey or other commercial survey platforms should not be used.
- JYU Webropol is a practical tool for collecting one-time surveys.
- If the survey contains sensitive information, such as special categories of personal data
- JYU Webropol can be used under certain conditions:
- The survey link is delivered to the respondent personally via encrypted email. You can do this with the Encrypt function in the sending settings of your JYU email.
- Avoid naming the questionnaire so that the name reveals sensitive information about the respondent, such as "questionnaire for the depressed".
- Choose Public link to collect answers.
- More detailed instructions for secure use of Webropol
- Or use the University of Jyväskylä's REDCap survey software, which is intended specifically for processing sensitive data. REDCap is a secure platform that is especially suitable for longitudinal and recurring surveys.
- JYU Webropol can be used under certain conditions:
- RedCap survey software
- Order your REDCap user rights using a form in HelpJYU, see instruction for account set up. On the form, mark "Studying" as the purpose of use. REDCap rights are then valid for the duration of your study right.
- The software makes it possible to build versatile online surveys and forms that can be used in field research (e.g. structured interview).
- Carefully familiarize yourself with the data security principles and functionalities of REDCap and look at the guidelines when you plan to implement a survey containing sensitive information. REDCap is quite versatile in its functionality and its user interface is in English, so you should start familiarizing yourself with it about 3-4 weeks before sending the survey.
Other devices and software
- For example, if you intend to film a group of participants, etc., make sure that you also have secure devices, such as a video camera.
- It is recommended that you ask your supervisor about the devices provided or recommended by the university.
- If you are considering the use of other software not mentioned on this page, ascertain whether the software is AI-assisted and whether JYU recommends its use.
The processing of the data must be carried out in such a way that the information to be protected is not revealed to third parties.
For example, transcriptions of interviews are not made in public spaces. Especially if the data contains special personal data or other sensitive data, it is a good idea to process the data alone, for example, at home.
Choose secure storage locations
Data cannot be stored wherever if it contains for example personal data.
Use the storage locations provided by the university:
- JYU Office 365 OneDrive is ok if the data does not contain special personal data or other sensitive information.
- A more protected place for your data is the U-drive. Use it if your data has special personal data or is otherwise sensitive.
- It is a storage location owned and backed up by the university. The U-drive can be accessed from your own computer with the university's VPN connection. See the instructions for digital services for remote access to the U drive with a VPN connection.
- The problem with the U-drive is that it is personal and when you leave the university, access to it is blocked.
- Researchvideo is a secure place to store video data with special personal data
- The secure services used by university staff can often also be used as a student. For example, CollabRoom is a service intended for sharing confidential data within a research group, for which students can also get credentials if necessary. CollabRoom credentials can be applied for in the HelpJYU portal (https://help.jyu.fi), Services and guidance > Research > Resources > CollabRoom.
If you are working with a research group or with finished data, the project may provide more detailed instructions on the secure processing and storage of the data.
- As part of a research group, you may have the opportunity to access the research group's folder in the Nextcloud service or on network drives (S drive). You can apply for access to Nextcloud using the grant researcher form.
Do you process special categories of personal data? According to the university's instructions, data is encrypted using the Cryptomator program.
- See instructions
- The program can be downloaded from the Cryptomator website.
- Note the risk: A password is created for Cryptomator. If you forget your password, it cannot be recovered and you would lose access to your data. Choose a password that you are sure to remember and/or write it down in a safe place.
- When encrypted, O365 OneDrive could also be used to store special personal data if, for example, the progress of work requires it.
The university's table of processing confidential information explains in more detail what information can be stored where. As a clarification to the table, a network drive means, for example, the U drive.
The university's data policy states that it is the researcher's responsibility to use the university's secure storage solutions in storing data. If you use something else, justify it in your data management plan.
- Are you considering your own or your workplace's computer as a storage location for the data? In this case, you are responsible for data security. Also, you may not have automatic backup enabled on your own computer, which is one of the criteria for a good storage location.
- Do not use standard USB drives or unprotected external hard drives.
Backup
- The U-drive is automatically backed up, but still make your own backups – especially before major data processing operations. You can make your own backups to the U drive.
- If there is no special personal data in the data, you can also use the university's O365 OneDrive for backup (or vice versa).
- Please note that the code key related to personal data must be located in a separate security location, such as a locked desk drawer.
If the data is sensitive, any transfers must be made over a secure network, such as a VPN connection. Transferring with a flash drive should be avoided.
This section is related to the FAIR principles Findable and Re-usable.