Your privacy is paramount!

May I read your e-mails or join you while you browse the web? What if I access all your personal documents on the DFS or AFS disk spaces? I guess you have nothing to hide and all that information is related to your professional duties… so why would you care?

 

But hold on! The personal use of CERN computing facilities is tolerated (as long as use of resources and bandwidth is negligible). This includes personal mails, reading online newspapers, browsing the web for leisure purposes, or storing private photos on your laptop. In addition, many people bring their own laptops, pads or mobile phones for convenience, instead of using CERN ones. This is because their life at CERN is rather a mixture of working for CERN and for their university, and leisure activities (such as keeping in touch with their families and friends). This implies working hours and leisure time are entangled, and the case is the same for your e-mails and documents.

CERN takes great care to protect the personal data entrusted to it. Your privacy is paramount! Therefore, the GS, HR and IT departments, in collaboration with the Legal Service and the Security Team, have drafted a “CERN Digital Privacy Statement” which is designed to describe how and when CERN collects, uses and shares information when you use CERN's computing facilities, and, how CERN protects personal data stored in CERN's computing facilities.

There can be, and there is, no legitimate reason why the CERN Computer Security Team or the Service Desk - or your colleagues or supervisor/team leader - should have unrestricted access to your e-mails and data. Your CERN mailbox and your “private” folders on AFS and DFS are 100% yours, and strict procedures have been established for the rare cases where such access is necessary. So if you would like to keep things private, put them there. On the other hand, your professional stuff, i.e. software, draft documents, minutes, etc., should never be kept there but rather stored in dedicated project folders on DFS or AFS, or within the CDS or EDMS web services.

Similarly strict rules also apply for accessing automatically recorded logging data (resource usage, IP addresses, visited web sites, interactive commands, physical and digital access information, and telephone records) created by your use of CERN’s computing facilities. While such data is essential to provide, measure, customize and improve services, as well as to monitor system security, those rights come with obligations already respected by the corresponding system, specified for many decades, and now explicitly expressed in this new Privacy Statement.

The Privacy Statement and the procedures for accessing private data are part of a more comprehensive Data Protection Policy currently under preparation. Have a look and stay tuned!

For further information, questions or help, please check our web site or contact us at Computer.Security@cern.ch.

P.S. While CERN does care about your privacy when you use CERN computing facilities, it is your personal responsibility to protect of your privacy when browsing the Internet! Here is a nice video showing how private “private” can be.


Access the entire collection of Computer Security articles here.

by Computer Security Team