Below you will find information about, as well as specific examples of, how to take information security and data protection into account when communicating with students.
Communication with the students must always take place via their student.sdu.dk email or via itslearning. Please note that messages sent from itslearnings messaging system cannot as a rule be deleted. Please inform your students that messages which includes sensitive personal information (health information, race etc.) must be sent via. their student e-mail. See recommendations for using the communication channels in itslearning here.
If you receive an email from a student’s private email, ask him or her to resend it from their SDU email, so that you can be sure which student you are communicating with.
Remember to delete sensitive and confidential personal data from your mailbox within 30 days of receipt and general personal data when you no longer need them/the case is closed. If you need to store sensitive data for more than 30 days, move them to a system approved for longer storage, e.g. SharePoint. Furthermore, pay attention to whether any data need to be kept as records.
Pay special attention to the fact that all specific information about a student’s illness is sensitive personal data, even if the student has ‘just’ broken a leg or caught a cold.
The Executive Board has adopted a policy for data protection in students' independent assignments (only in Danish). It says that the "the concrete guidance in relation to the student's project rests with the student's supervisor on the project" and that "the supervisor supports the student in completing the project in accordance with the professional, legal and ethical standards of the research field and this also includes the data protection legal requirements that apply in the research field."
Often the individual student will be the data controller of the data they process during their studies – but this is not always the case. If the student is involved in a research project where SDU makes data available or asks the student to process data in a specific way, SDU and not the student may be the data controller. If in doubt please read the guidelines on data protection in students assignments (only in Danish) or ask SDU RIO.
For students
You can refer the students to the pages on data protection in assignments on MitSDU or the Danish Data Protection Agency’s website (in Danish). You are of course also welcome to familiarize yourself with the pages on MitSDU.
You can also refer the students to the course on data protection for students at SDU.
For you as a lecturer
SDU RIO has, in collaboration with the faculties, prepared a series of slides which provide an introduction (only in Danish) to what the students must be aware of when writing a thesis or similar. You are welcome to use these in your guidance.