Data Policy

Introduction

Our mission is to develop, integrate and offer high-quality ICT services for research, education, culture, public administration and companies as part of the national research system.

In order to achieve our strategic goals, we have to promote and adhere to good data management practices within our own operations and for our designated user communities. For our customers, we provide services together with instructions, tools and guidelines to ensure and improve the quality of their data its appropriate management and readiness for future use.

Purpose

This public data policy will promote best data management practices to:
•    emphasize that we undertake appropriate institutional steps to help customers to safeguard the availability, usability and retention of their data.
•    help us to assure compliance with all applicable laws and regulations as well as internal requirements with respect to data management.

This policy covers both customer-owned and CSC-owned data. Depending on the service or action and if data includes personal data, CSC can be in the role of controller or processor of personal data. It should be noted that data types and detailed management practices might vary for service and customer sectors. Furthermore, CSC identifies different data management practices and solutions required by different data types. These are further detailed in the services' terms of use and customer contracts.

This policy is relevant to all our customers and staff, including contractors and visitors. We have appointed a data protection officer with whom this policy may be discussed. Our data protection officer may be reached using the address privacy[at]csc.fi

For more information:
CSC Customer register privacy policy
CSC Stakeholder register privacy policy

Principles

The following data management principles are set in this policy:

1.    Data ownership is clear and management responsibilities agreed upon.
We do not assert ownership or any intellectual property rights to customers' data in our services. It is the responsibility of the customer to ascertain that they have the necessary rights over data destined for our services. Data management plans may be used in the process of providing data services to customers.

2.    Data are documented and their lifecycle defined.
Data management aims to ensure data quality, accuracy, retention and availability along its lifecycle. Data management will be planned in accordance with relevant standards, best practice and FAIR data principles. Data should be systematically produced, structured, identified and documented with metadata and a unique identifier (preferably permanent UI). Documentation will be updated and added along data lifecycle. Beyond technical control and internal integrity checks the quality and accuracy of the data are the responsibility of the data owner. For more information see support for persistent identifiers.

3.    Data publicity and protection are managed appropriately.
Data protection and security will be planned and maintained so that data access, retention and removal are managed in an appropriate and controlled way. Customers as data owners and controllers are responsible for classifying their data according to publicity and protection requirements. Personal data will have a controller and possibly processor(s). We will act as the data processor for customer data when so agreed. These roles and responsibilities will be further detailed in our services' terms of use and customer contracts, when applicable. For more information see security and privacy at CSC.

4.    Data are made as open and as interoperable as possible.
Reuse of data is encouraged when possible. We recognize that some data are more sensitive than others and specific issues related to e.g. legislation, ethics, privacy, security should be considered when data is made publicly available. Standardized file formats should be used and data documentation including identifiers, metadata and relevant licensing information released together with the data.

5.    Data management solutions favor open standards, protocols and software.
Data management solutions used by us and offered by us to customers will build on open solutions whenever feasible. We also contribute back to the open source community.

6.    Data management competencies are recognized and developed in order to support these principles and their implementation.
We will further these principles within our internal activities, customer interaction, training and collaboration with other organizations and infrastructures to ensure compliance with and further development of this policy.