Hi all,

 

Just happened: "Login details exposed online due to Elsevier data breach" as published yesterday in our university magazine.

 

A few hours later, library director comes to me: Do we exchange personal information to Elsevier? Hmm, IP address based: No. Also SSO: [check] only pseudo identifier. Answer: No, non PII.

 

One hour later, email from DPO: Please explain what do we exchange to Elsevier? Blabla, transient identifier bla bla... "Alright, great!"

 

We happy, but Elsevier should be happy too! (about us at least;)

 

Conclusion: Security is an important topic in our recommendations too...

 

Have a good weekend!

Jos