31 May 2018
Any loss or theft of equipment or storage media that could allow access to personal or sensitive data for which Charles University is responsible must be reported.
A loss must be reported by the employee who discovers it or the employee’s superior at the address firstname.lastname@example.org.
The officer makes an analysis of the risks arising from the loss and decides how to proceed.
This guideline applies to all equipment used to obtain data, e.g. by cracking encryptions (passwords) or removing a disk and obtaining the data itself or passwords for access to the university’s systems. This usually involves laptops, tablets, office PCs, or mobile phones with access data.
Storage media are typically external disks, unencrypted flash cards, backup disks, etc. that contain personal data or access passwords.
Please remember that personal data also includes the seminar work of students, an overview of their seminar attendance, or awards received.
Charles University is required to document and assess all security issues – circumstances that have caused or could cause damage, loss, or unauthorized access to personal data. It is required to inform the Office for Personal Data Protection, and in certain cases, the data subjects affected by the loss.