Reporting deviations from information security regulations

A data security breach is any event that compromises information or data processing. These include, for example

• discovery of information marked confidential on a cafeteria table
• phishing attempt targeted at an individual or the universities community
• attempted data breach, for example, through the technical interception of networked devices
• unauthorised use of a user ID
• illegal file sharing
• etc.

Data security and data protection are closely related. Data protection focuses specifically on the processing of personal data and data security on all data processing. So, if you do not know whether you are dealing with a data security or a data protection breach, please submit a security breach notification.

Where do I send the notification?

• Use the self-service portal https://helpdesk.tuni.fi → Request for advice or report a problem.
• Send email to  it-helpdesk [at] tuni.fi (it-helpdesk[at]tuni[dot]fi)

What do I write in the message?

• Begin the subject line with “data security breach” or “data protection breach”.
• End the line with a short description of the incident.
• Describe the incident in the message
  • What the problem is (lack of guidelines, programme error, development suggestion, information leak, or some other description)
  • Why the problem is related to data security and/or data protection (your own estimate)
  • The time when you noticed the incident (time of the breach)
  • Where did you notice the breach (eg the University’s service X that was used in classroom Z on campus Y, the cafeteria on campus Y or some other precise description)
  • How you noticed it (how could the event be replicated, screen capture, a photograph)

IT Helpdesk
+358 294 520 500
it-helpdesk [at] tuni.fi (it-helpdesk[at]tuni[dot]fi) 
helpdesk.tuni.fi