Recommendations for managing confidential data

Although some TUM processes are not yet managed digitally, the university must still process a large inventory of electronic information. The convenient modern communication methods for handling this data have meanwhile become an indispensable tool. But, these tools also harbor the risk of sensitive information falling into unauthorized hands.

The recommendations outlined here are designed to help assess which protective measures can be undertaken to counteract this danger.

Definition of confidential data

First find out which data is being classified as confidential and how the individual classifications are defined:  definition of confidential data


Below, you will find real scenarios with tips on what to consider from an IT security standpoint.

Neither the tips nor the scenarios outlined here are complete. New scenarios are added on a regular basis. We welcome you to submit suggestions at it-sicherheit(at)

Student data

Do you handle student data - in other words personal information of students? If you do, it's imperative that you bear in mind the issue of data privacy. For centralized systems such as TUMonline or Moodle, data privacy requirements are managed centrally. This is not the case with decentralized systems and applications.

The office of the TUM data privacy representative has published a new brochure for precisely these situations. The brochure is designed for TUM employees who handle student data and in the process use decentralized systems or applications such as purchased software, proprietary or self-developed systems or external web services.

The brochures also can be ordered as a paper version via the IT-Support:

Further information regarding handling personal data

Other tools

In addition, we have put together a list of trustworthy services suitable for integration into your website, or for managing communications and sharing files.