Navigation auf uzh.ch

Suche

University Library Zurich

Data Protection

If you own the copyright to your data, you can provide it with a Creative Commons license and publish it. However, if you collect data from individuals, you must additionally observe the legal regulations of data protection to protect the privacy of individuals.

What Data Do I Need to Protect?

All data of persons that can be used to identify them must be securely processed following data protection laws. Personal data does not only include names, email addresses or similar, but also pictures, videos, information on occupation and age, even dance movements can identify people. A special type of personal data that needs extra precautions are called "sensitive data". Which data is classified as sensitive is conclusively defined in the Data Protection Act.

Personal data       Sensitive data
  • name, address, phone number
  • e-mail, username
  • age
  • gender
  • location data
  • etc.
  • data relating to religious, philosophical, political or trade union-related views or activities
  • data relating to health, the private sphere or affiliation to a race or ethnicity
  • genetic data
  • biometric data that uniquely identifies a natural person
  • data relating to administrative or criminal proceedings or sanctions
  • data relating to social assistance measures

How to Handle Personal Data?

Just like any other data, personal and sensitive data can be stored, (collaboratively) edited and shared. In contrast to non-personal data, additional security measures need to be taken:

  1. During data management planning: you organize secure data storage and prepare the consent forms. Consent forms should describe all steps of data processing, preferably also the possibility to share the data at the end. Inform yourself via your faculty's ethic commission about important steps to prepare and fill out the DESAT tool for self-information.
  2. During data collection: you obtain consent from participants to collect, process and potentially also publish the data at the end (in anonymized form). If you use survey tools to collect data, these also have to adhere to legal requirements of data protection. Personal data must also be stored on a server that ensures only authorized access.
    • Informed consent forms: The Data Protection Office of the UZH offers a template for informed consent forms.
    • Surveys: UZH offers the tools Limesurvey and Unipark.
    • Storage: The UZH central IT department provides UZH-internal servers for this purpose. Please contact your institute's IT department for help.
  3. During data processing: Data can only be shared with others for collaborative processing via secure connections, e.g. via SWITCHfilesender.
  4. When publishing data: In order to publish the data, participants must have given their consent to do so. Data can be then published in anonymized form (depending on the informed consent) and made available via restricted access. Additionally, you can also regulate with a license  how the data can be reused.

Important links

The Data Protection Office of the University of Zurich offers a first overview of important topics concerning the handling of sensitive data (see especially their glossary).

Data protection in research projects

The DMLawTool provides help on all legal aspects of research data management. With the help of a decision tree, you receive information on data protection, copyright and licenses specifically geared to your own research project.

DMLawTool 

Website of the University Library on copyright and licenses

With the Self-Assessment Tool of the Data Protection Office at the UZH, you can quickly gain an overview of whether you work with personal data at all in your project, where you need to take a closer look, and whether you need to submit an application to an ethics committee.

To the Self-Assessment Tool Data Protection DESAT


Anonymize and Pseudonymize Data

In order to share personal or sensitive data publicly, you must anonymize or pseudonymize it. Anonymized data do not count as personal data and can be shared openly. In contrast to pseudonymized data they are no longer subject to data protection laws.

Anonymize

Personal or sensitive information is aggregated, regrouped, or deleted in such a way that no one can re-identify individuals in the data without a great deal of additional effort.

Pseudonymize

Personal or sensitive information is aggregated, regrouped, or deleted in such a way that the people behind the data can no longer be identified. However, with the help of the key, the original data can be restored.

Tools for automatic anonymization


Share Metadata Instead of Data

If you can't share your data for ethical, legal, or technical reasons, you still have the option to share the associated metadata or data documentation. This way, the dataset itself is not public, but the information that it exists is. 


Ethically on the Safe Side? Check Your Project.

Are you unsure whether your study is ethically sound? You can find procedures for the ethical evaluation of research projects with the relevant UZH faculty below.

Faculty of Arts and Social Sciences

As a researcher in the humanities or social sciences, you can use the Ethics Committee checklist to determine whether your study requires an ethics application:


Download: Ethics Checklist of the Faculty of Art and Social Sciences
For further guidance, please refer to the Faculty Ethics Committee 

Faculty of Business, Economics and Informatics

At the Faculty of Business, Economics and Informatics, there is an ethical clearance process for economic science projects. For more information, contact the head of the ethics committee, Prof. Michel Maréchal

Faculty of Medicine

The Ethics Committee of the Faculty of Medicine examines those research projects that do not fall under the Human Research Act from an ethical point of view. The "Data Protection and Ethics Self-Assessment Tool" (DESAT) of the University of Zurich should be consulted prior to submission.

Ethics Committee of the Faculty of Medicine

Faculty of Science

Researchers of the Faculty of Science are invited to consult Stephan Neuhauss: stephan.neuhauss@imls.uzh.ch.

Faculty of Theology

At the Faculty of Theology there is an ethical clearance process for projects from Theology and the Study of Religions. Checklist and applications form for the Ethics-Committee Faculty of Theology are provided here.

Cantonal Ethics Committee / Kantonale Ethikkommission

Research projects from all areas of human research are assessed by the Kantonale Ethikkommission (KEK). It verifies compliance with the guidelines of the Human Research Act.


Weiterführende Informationen

Questions about Data Protection?

Team Data Protection at UZH: privacy@rud.uzh.ch

Publish: oa@ub.uzh.ch

Data: data@ub.uzh.ch

Training

We offer a course on "Publishing personal and sensitive data" in January on a yearly basis. Contact us at data@ub.uzh.ch for more details.