The university's information is a vital resource and a highly functional information handling is a prerequisite for a highly functional organization. Some information can be critical for the university or have a high value for other reasons. In addition to this there are laws and regulations stipulating demands for the information handling at the university. Information can for example include secrecy, be privacy sensitive or demand archiving according to regulations.

More and more of the operations of the university is digitalized and hence there is a need for regulations on how to handle and store information. Information is firstly to be handled in the appointed systems for respective area.

These storage rules seeks to advice the employees to choose appropriate storage areas for each specific type of digital information. All systems/services does not provide the same level of security. Hence it is important to use services where the university has valid agreements and that the right service is used for the type of information handled.

It is not allowed to use storage areas (including collaboration tools) for work related matters if licences, security issues and other matters has not been secured.

Each user has an obligation to judge that the information handled does not break the rules.

Regulations

Regulations for the information handling at the university can be found in for example Freedom of the Press Act, Public Access to Information and Secrecy Act, archives law and the associated regulations, Swedish Civil Contingencies Agency regulations and General Data Protection Regulation (GDPR).

Private accounts and accounts provided by the university

• Private accounts in storage services can not be used for work related matters.
• Accounts in storage services provided by the university can not be used for private matters.

Archiving and culling/erasing

The information management plan of the university stipulates how long the information should be kept and how to archive. As an employee you are obligated to:

• culling/erasing information according to the deadlines in the information management plan
• archive information that must be kept according to instructions in the information management. plan.

Storage table

The storage table describes where information can be stored depending on the type of information.

Recommendation

To handle information that is critical for the university and/or contains sensitive personal data or personal data meriting extra protection or secrecy, the file servers of the university should be used since the university has their own backup and local storage. However consider encryption if the rights of the folders do not match the persons entitled to the information.