In the last issue of the Bulletin, we have discussed recent implications for privacy on the Internet. But privacy of personal data is just one facet of data protection. Confidentiality is another one. However, confidentiality and data protection are often perceived as not relevant in the academic environment of CERN.


But think twice! At CERN, your personal data, e-mails, medical records, financial and contractual documents, MARS forms, group meeting minutes (and of course your password!) are all considered to be sensitive, restricted or even confidential. And this is not all. Physics results, in particular when being preliminary and pending scrutiny, are sensitive, too. Just recently, an ATLAS collaborator copy/pasted the abstract of an ATLAS note onto an external public blog, despite the fact that this document was clearly marked as an "Internal Note". Such an act was not only embarrassing to the ATLAS collaboration, and had negative impact on CERN’s reputation --- it is also a serious violation of the CERN Computing Rules, and has been followed up with the people concerned.

If you own data, documents, code or web sites which are supposed to be sensitive, confidential or restricted in access, make sure that they are clearly marked as such, and that access is restricted in a way that only people with a need to read them, can do so. AFS, DFS, and the central web service provide means to properly protect your documents. If you have access to a restricted document, do not violate the rules: only share the documents with those who are eligible. If in doubt, check with the owner of that document, and ask for authorization. Finally, if you are a developer or system administrator, ensure that your code and servers are secured and do not leak data! Follow the appropriate CERN Technical Training courses for designing secure software, when in doubt.

Of course, if you have questions, suggestions or comments, please contact the Computer Security team or visit us.

by Computer Security Team