Storage and sharing of personal data
Personal data about researchers through the Scholars at Risk and Scholar Rescue Fund must be processed according to the GDPR and UiO's guidelines for the processing of personal data. More about Privacy and data protection at UiO. The most important aspects of information security regarding the SAR researchers can be found on the page on data protection for administrative staff. Note that information that is usually considered "green" or "yellow" may become "red" as far as the SAR researchers are concerned, due to their threat situation. The SAR researchers should e.g. be asked if they want a public personal profile on UiO's website. The deptartment/unit should talk with the researcher about whether it is desirable to share information about the researcher's affiliation with SAR, even within their unit. Sharing can be good for networking, but not at the expense of the researcher's safety. E-mail between UiO addresses can be used for up to red data, but not with e-mail addresses outside of UiO.
For internal invoices to cover the host unit's expenses for SAR and SRF researchers, please use either the SAR code or "SAR researcher" and unit name, not the name of the researcher. This is so that they are not identified in the financial system.
The Department for Research and Innovation Administration (FIADM) stores information about the SAR researchers in an access-restricted area (only individual employees have access). Other actors at UiO must also ensure that personal data stored about the SAR researchers is sufficiently secured against access by unauthorized persons.
The Scholars at Risk Committee
The SAR committee can receive personal profiles and other personal information via UiO e-mail (but not private e-mail), and the committee must treat the information confidentially. Personal profiles are stored in an access-restricted folder in the common area of ??FIADM. Agendas and minutes from the meetings, which are not stored in this folder, should not contain the researchers' names, but they can be referred to with the code from SAR or SRF.
Sending personal data between different actors
UiO's institutional contact for Scholars at Risk receives partly sensitive information about the SAR researchers from SAR and SRF in the USA and from the researchers themselves, who are based in many different countries outside Europe. UiO collects information from all of these through UiO's own online form Nettskjema. Files with personal information about the SAR researchers to be sent from UiO to SAR and SRF as well as the researchers themselves are normally sent by e-mail with encrypted files. Passwords must be sent in another channel, e.g. SMS or Signal.
Internally at UiO (between UiO e-mail addresses) it is acceptable to use e-mail for red information.
UiO SAR candidates data collection (online form that only goes to UiO's SAR institutional contact person and can be used for personal data)