If you as a student are going to write a bachelor's or master's thesis and need to use personal information and / or health related information as part of the work, you must be aware that several requirements and expectations are met before you start.
The most important thing you need to do is consult with your supervisor (veileder) before planning and starting up the data collection. The student and supervisor must together ensure that research data is managed in a planned and documented manner at the start of the project. Personal data must always be processed in accordance with laws and regulations.
Student research projects that process personal data must be reported to NSD: Norwegian Center for Research Data. NSD provides privacy services for UiS. The project must be reported to NSD no later than 30 days before the data collection is to start. Medical and health related research projects must also be reported to NSD, this can be done in parallel with the application for ethical prior-approval within the Regional Committees for Medical and Health Research Ethics (REK). Do not start the project until you have received acceptance from NSD (and approval from REK for medical and health related research projects).
Requirements for processing personal data in student projects
The requirements for processing personal data in student projects correspond to the requirements that apply to researchers / PhD candidates at UiS. In addition, the following applies to student projects:
- All students processing personal data in student assignments are obliged to read information about this on NSD's website, and to investigate whether the project must be reported to NSD.
- Bachelor students are recommended to carry out student projects without processing personal data, with the exception of joint registration of projects, or as part of a researcher-led project. It is recommended to use anonymous register data or journal data, or other anonymized data. If the student and supervisor wish to carry out student projects with the processing of personal data, NSD's guide "How to carry out a project without processing personal data?" must be reviewed before the final decision.
- The student can only submit a notification form to NSD in consultation with the supervisor, and share the form with the supervisor. All dialogue with NSD shall take place in consultation with the supervisor. The student is responsible for following up all feedback from NSD and shall not start processing personal data until there is permission from NSD.
- The student must send a message / feedback to NSD at the end of the project, and confirm that all data has been deleted / anonymized. All steps in the process are confirmed in writing to the supervisor.
If you have questions related to NSD's notification form, contact the supervisor or NSD: Telephone (10–12): +47 55 58 21 17 (press 1). E-mail: personverntjenester@nsd.no.
Your responsibility for privacy covers all phases of a research project:
Information security - storage and processing of personal data
The most important thing is that you store, process, share files and data correctly. It is the content and degree of sensitivity of the data that determines where the information can be processed and stored. This is information security. When writing an assignment that requires the processing of sensitive personal data, you must:
- Think carefully about the types of information, files and data you should store and process
- Find out which information classes apply to this information. Understand what is meant by green, yellow, red and black data. You do this by looking up in the classification guide.
You should note in particular that red data is referred to as sensitive personal data and that such data has strict requirements for protection. Health research data and personally identifiable information should not be stored unsecured!
What kind of tools can I use?
After you have clarified which information class is applicable to your data, you should use UiS's guidelines for what equipment you can use when working with your data. You do this by looking up in UiS's storage guide. This storage guide gives you an overview of what are accepted places to store data. Here you should especially note that you are not allowed to work with anything other than green data on your private PC or Mac. UiS recommends students and researchers to use Nettskjema and Nettskjema-Dictaphone for the collection and processing of “yellow” and “red” data. Nettskjema can be used to create surveys, to make audio recordings of interviews and to process sensitive data. It is important to note that inactive information in Nettskjema is automatically deleted after 6 months from the last collected data.
In most cases, this will be an adequate and safe choice of tools for collecting and processing sensitive data.
If Nettskjema turns out not to be a sufficient solution for storage in connection with your task, you must ensure that the information is stored in other secure ways. Alternative storage areas are described in the storage guide and in Guidelines for processing and storage of research data with personal data in student projects at the University of Stavanger.
Deviations and incidents
If you discover discrepancies or incidents in connection with the protection of personal data, it is very important that you notify this so that UiS can help assess, limit and repair the extent of the damage.
Deviations and incidents may be that you discover that someone has gained unauthorized access to a user account or PC, that you lose a memory stick with data, that you classify data incorrectly and store it in the wrong place, that you discover breaches of confidentiality, errors in anonymization and deletion and similar. In such cases, it is very important that you as a student and / or your supervisor report any deviations immediately.
Notification of breaches or possible breaches of privacy goes to the Privacy Representative at personvernombud@uis.no
Notification of breaches or possible breaches of information security goes to it-hjelp@uis.no
Information about Windows:
Help and learning in Windows 10
Device Encryption in Windows 10