Development of student data protection culture through privacy policy update in Laurea University of Applied Sciences
Marjotie, Marc (2019)
Marjotie, Marc
2019
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2019052612010
https://urn.fi/URN:NBN:fi:amk-2019052612010
Tiivistelmä
This thesis stemmed from the project initiated by Laurea University of Applied Sciences data protection officer, with the goal of developing Laurea’s student privacy policy statement. The project was focused on the English language version of the privacy policy statement, with an emphasis on including necessary information for exchange and foreign students.
The research goal was to find out that how the Laurea student privacy policy statement could be made more reader-friendly. In addition, it became evident during the project that there was a need to research the data processing practices that take place with exchange and foreign students.
The research methods included content analysis and semi-structured interviews. Content analysis was used as a quantitative research method to analyse other universities of applied sciences privacy policy statements. The findings of the content analysis helped determine the content of the privacy policy statement. Semi-structured interview was used as a qualitative research method to gain more knowledge about exchange and foreign student data processing at Laurea. Staff from Laurea’s international department was interviewed in the research. The interview made it clear that the most relevant privacy policy for exchange and foreign students is the SoleMOVE privacy policy. It was then determined that the privacy policy developed in this thesis did not need as much exchange and foreign student specific information.
The literature chosen for the thesis consisted of: relevant legislation, information security related literature and research guides. The legislation was necessary to assure that the privacy policy statement would cover all the necessary aspects. The European Union’s General Data Protection Regulation requirements dictated heavily the content. Information security related literature provided knowledge about personal data, privacy policies and information security in general. The research literature was used to support the research conducted.
As a result of the research and the development process a new privacy policy statement was created, using the knowledge from the literature and the research findings. The result was a summarized and simpler version, still containing all necessary elements. The creation process was done in dialogue with the data protection officer.
The research goal was to find out that how the Laurea student privacy policy statement could be made more reader-friendly. In addition, it became evident during the project that there was a need to research the data processing practices that take place with exchange and foreign students.
The research methods included content analysis and semi-structured interviews. Content analysis was used as a quantitative research method to analyse other universities of applied sciences privacy policy statements. The findings of the content analysis helped determine the content of the privacy policy statement. Semi-structured interview was used as a qualitative research method to gain more knowledge about exchange and foreign student data processing at Laurea. Staff from Laurea’s international department was interviewed in the research. The interview made it clear that the most relevant privacy policy for exchange and foreign students is the SoleMOVE privacy policy. It was then determined that the privacy policy developed in this thesis did not need as much exchange and foreign student specific information.
The literature chosen for the thesis consisted of: relevant legislation, information security related literature and research guides. The legislation was necessary to assure that the privacy policy statement would cover all the necessary aspects. The European Union’s General Data Protection Regulation requirements dictated heavily the content. Information security related literature provided knowledge about personal data, privacy policies and information security in general. The research literature was used to support the research conducted.
As a result of the research and the development process a new privacy policy statement was created, using the knowledge from the literature and the research findings. The result was a summarized and simpler version, still containing all necessary elements. The creation process was done in dialogue with the data protection officer.