Privacy contact persons
The University of Twente has appointed Privacy Contact Persons (PCPs) in each faculty and service department. The PCPs advise their own unit about privacy and information security and are the first point of contact within their unit. PCPs, thus, are the link between the DPO (see below), the PO (Privacy Officer) and the University of Twente staff. The PCPs, the DPO and the PO meet regularly to bring each other up to date on policy developments and initiate actions to comply with current legislation. The PCPs’ main duties are the following:
- supporting the data processing custodian in reporting this to the PO/DPO;
- acting as adviser, trainer and privacy expert within the unit;
- conducting a Privacy Impact Assessment (PIA) for new data processing;
- being involved with the handling of data breaches and other security incidents.
Data protection officer
The law stipulates that a Data Protection Officer (DPO) must be appointed to protect personal information. The DPO supervises the application of and compliance with privacy legislation in the entire organisation. The DPO's duties include the following:
- issuing advice and information to responsible managers and processors about privacy obligations and processing personal information;
- monitoring data processing within the University of Twente to ensure it meets the statutory requirements;
- advising staff, research scientists and students on any questions about privacy;
- dealing with complaints about the use of personal data;
- monitoring the reports on privacy violations and reporting these where necessary to the Dutch Data Protection Authority and to the parties involved.
Information security officer
The Information Security Officer (ISO) is part of University Information Management and functions strategically and tactically. The ISO and the Head of Information Management advise the Executive Board. It formulates the information security policy and assists in a correct translation to institutional components. In addition, the ISO monitors the uniform compliance with the policy and reports on gaps, inconsistencies and shortcomings.
IT security manager
The IT Security Manager is part of LISA and plays an important role in translating the strategy and policies into tactical (and operational) plans. He does this in consultation with the Information Security Officer.
The IT Security Manager is the coordinator of CERT-UT. He also advises on specific information security measures in projects, varying from standing projects to acquisitions of, for example, software or hardware. Every quarter, a management report is drawn up for the LISA Management team, the Information Security Officer, and the head of Information Management.
CERT-UT
The Computer Emergency Response Team of the University consists of IT professionals from LISA. They investigate all reports in the field of computer security and privacy and engage the necessary (technical) specialists to solve the incident. CERT-UT works directly with the FG team when a report has a privacy aspect. Employees' workplace or device incidents are relayed to the LISA ICT service desk.
CERT-UT also maintains contacts with teams from other educational institutions and with SURFcert.
ICT servicedesk
The Service Desk ICT is part of LISA and the first point of contact for incidents that are not related to security or privacy. If an incident reported to the ICT Service Desk appears to contain one of these components, they will contact CERT-UT.