'Protecting your data is not something you do just for yourself'
How safely do you handle your data? Privacy officer Eric van Hoof assists researchers and staff with this. 'The biggest mistake people make is thinking they have nothing to hide.' He has some useful tips.
'Recording the interview? What phone and app do you use to do that?’ Van Hoof jokes at the start. As Privacy Officer at the faculties of Science and Law, he is constantly concerned how the personal are processed. 'Personal data are basically all the things that have your name on them. A simple example is the receipt from the Albert Heijn supermarket that has your customer number on it and what you bought.'
You obviously can't do much with the data on a receipt, but you can with other personal data. 'There are plenty of parties interested in your data. That ranges from personalised advertising to hacking into your accounts or even stealing your identity.'
Is the software you're working with secure?
To help staff and students work safely, Van Hoof advices on all privacy matters. 'For example, the most simplest question whether the software you want to work with is sufficiently secure. Together we will look at what the purpose of the new software is and which data it will process. Based on that, I give the green light or advise to use another programme.'
Data protection issues can also arise in research interviews and surveys.
A lot of research contains personal data. 'That starts when a researcher creates a contact list of the people they need to contact for their research. At the LACDR, for example, they do a lot of medical research. For that, they obviously need a lot of personal information. But so does non-medical research. Think of big data research at LIACS. They might also use data on religion, internet use and descent, for example.'
This is how to anonymise your data
Data protection issues can also arise in research interviews and surveys. 'The more information you ask from people and the more sensitive that information is, the more security measures you have to take. I can help to check what is allowed within the framework of the research and how we can protect and process that data in the safest way possible.'
Six privacy tips from Eric
- Your data does interest others. So protect them well!
- Through your data, hackers also get to the data of the people in your network. So you are not just only doing it for yourself.
- Use the J drive or storage via Teams within the university as much as possible. Avoid storing your data in Google.
- A USB flash drive is a big risk. Theft or losing the stick is easy. Therefore, use them as little as possible.
- Encrypt your data. Even if your data gets stolen, thieves can't do anything with it. A good and free programme for this is Veracrypt.
- When in doubt about data protection, always contact the privacy officer.
That starts with keeping data in a safe place. 'Store your data on the university disk instead of on your own laptop.' Encrypting the data is also a good option. This way, if they are leaked or stolen, that person will still not be able to do anything with it.'
Another way to protect personal data is to anonymise the data as much as possible. That means taking out any reference to a person until only statistical data remain. 'Include only the data that are really necessary in your research. Be critical. Does it really matter whether someone follows a certain religion for the outcome of a medicine study? If not, just take that information out.'
Protect your own data and thereby others' too
We are becoming more and more aware that protecting our data is important. Yet it often goes terribly wrong. 'The big fallacy that people often use as an excuse for not protecting their data properly is: 'I have nothing to hide' or 'Who am I internationally?' But you have to realise that it's not just about you. It is also everyone around you. If you don't protect your data properly, thieves might be able to access the data of someone in your network.'
And Van Hoof also finds the idea that your data are not interesting a dangerous mindset. 'For others your data is interesting. This is a prejudice I have to fight all the time. You wouldn't be the first whose identity is stolen and abused.'
How careful is the privacy officer himself?
Van Hoof himself is always very alert. 'I am not on Facebook or Instagram, and that is because of my job,' he says. 'And it's just dangerous how the company Meta handles its data.' He also always uses a pseudonym and an alias email address whenever he is on an internet platform. 'That might be a bit of professional deformation,' he laughs. 'You can't be too careful.'