Aalto University

V Our responsibility for information and data

We advance responsible and innovative data usage practices and culture. Our responsibility for information and data is the fifth pillar in Aalto University’s Code of Conduct.
Responsible sharing

We advance responsible and innovative data usage practices and culture in order to build data driven operations and to maximise the value of data in all activities of Aalto University. We value the transparency and openness of data.

Taking care of data security and data protection as a part of the day-to-day processing of data is everyone’s responsibility at Aalto University.

Responsible sharing of research results

We promote open science and research and open access to research outputs. Our policy is to publish research results and to advance the use of innovations and other results of our work in order to maximise our societal impact. At the same time, we respect the intellectual property rights of others and the confidentiality of information they own.

Responsibility for data and privacy

We follow the guidelines for creating data for common use and recognise that sharing data helps to ensure the quality of data. Whenever processing personal data we follow Aalto data protection policy as well as instructions on personal data processing. Processing of personal data should always be based on a legitimate purpose and relevant to such purpose, and shall be fair, accurate, transparent and informed.

Information security

We are aware of the classification of any data we use and share. It is everyone’s responsibility to follow Aalto guidelines on information security management. We use only university validated services and applications to ensure information security.


*   *   *   *   *


  1. Start your journey towards data-driven way of working already today.
  2. Know your data and which restrictions (such as e.g. third party IPRs, confidentiality obligations or privacy rules) might hinder publishing or other use of data.
  3. Maintain data security in all activities when processing personal data or classified information and data, regardless of format, storage method or location.
  4. Follow a clean desk and clean screen policy. When not in use, classified materials shall be kept in a locked space that fulfils the requirements of the classification.
  5. Make sure that you are familiar at least with Cyber Security Quick Guide 

  6. When you process personal data in course of your work and research, remember especially to: 

    • Ensure lawful basis for use.

    • Minimise processing of personal data e.g pseudonymisation or anonymisation are recommended actions whenever possible.

    • Inform data subjects with privacy notice.

  7. Regularly delete unnecessary information, especially when it contains personal data.



Return to the Code of Conduct main pageReturn to pillar IV: Our responsibility for assets

  • Published:
  • Updated:
URL copied!