Information security for administrative employees

Your responsibility

The most important thing to remember is that you must store and process files and data the correct place. It is not enough to have a secure copy of your files somewhere. You must also be sure that all processing of personal data is done on approved equipment. This is done in three steps:

  1. Answer the question: What type of information, files and data do you usually process?
  2. Find out what information class applies to this information. See examples below.
  3. Look up the data storage guide and follow the rules.

Processing of personal data

Because you are working with administrative task, you probably process data and information that requires special attention. Quite often this is general personal information as well as sensitive personal information. 

Here are some simple rules for processing personal data:

  • Always be aware of what rules apply
  • Always lock your computer or log off before leaving your desk
  • Your user is personal and should never be shared with others.
  • Keep your passwords secret
  • Keep an overview of which systems can be used for which data
  • Help us to prevent routine violations. Report all discrepanices.
  • Avoid all shadow systems that are not mentioned in the storage guide.

Three areas to focus on:

  • Import and export of data, for example Word documents or Excel sheets: Make sure that this is done so that yellow, red or black data is always stored in the correct place.
  • E-mails: Personal information can not be sent in an e-mail to adresses which are not UiO adresses. For example, you can not send an Excel sheet containing personal information to a GMail account.
  • If available, always use Pullprint when printing. Pullprint enables you to collect your prints using your employee card in stead of sending the documents to the printer without any control of who might see the prints before you collect them.

Examples of information in the different classes

Open (Green)

  • Websites made for everyone to see

Limited access (Yellow)

  • Simple work documents
  • Information that is not public
  • Employee lists
  • Interviews with applicants
  • Lists of attendees at office parties, conferences or other gatherings

Confidential (Red)

  • Lists of employee's national identity numbers
  • Lists of employee's health conditions
  • Archival material
  • Personnel files
  • Casework in ePhorte

Strictly confidential (Black)

Information about people with hidden identities.

Published Nov. 30, 2018 10:34 AM - Last modified Apr. 11, 2019 12:55 PM