Provostial Guideline Regarding Security for Personal and Other Confidential Information

PDAD&C#2, 2011-12

To:   PDAD&C  
From:   Cheryl Misak, Vice-President and Provost
Date:   July 6, 2011 
Re:   Provostial Guideline Regarding Security for Personal and Other Confidential Information


The University is subject to the Freedom of Information and Protection of Privacy Act (FIPPA) and is committed to its requirements.

Please be advised that a brief 'Provostial Guideline Regarding Security for Personal and Other Confidential Information' has been issued that reaffirms core security expectations for personal and other confidential information, to assure University-wide standards. 

This new Guideline as well as 'FIPPA - General and Administrative Access and Privacy Practices' and 'FIPPA - Q & As for Instructors' are available on the Provost's website at http://www.provost.utoronto.ca/policy.htm.

Please note that the Guideline requires that personal and other confidential information in electronic form be protected by properly implemented encryption unless it is kept in a secure server environment with appropriately restricted users rights.  Practical information on the tools available to help you comply with the encryption requirement is available at http://encrypt.utoronto.ca/.

To further support the protection of information, I+TS has published two guides dealing with 'Phishing' (the attempt, through use of spam email, to drive users to disclose personal information to fraudulent websites), and the configuration settings necessary to enable encryption on smart phones (iPhone, BlackBerry, Android and Windows 7) such that their contents are secure in the event of loss or theft of the phone:
http://main.its.utoronto.ca/wp-content/uploads/2013/06/Phishing-Prevention.pdf and http://main.its.utoronto.ca/wp-content/uploads/2013/07/SecuringSmartPhones.pdf.

The "Notice to Faculty and Staff Computer Users re Data Encryption" is a comprehensive message about all these matters suitable for distribution to faculty and staff.  It is available at: http://main.its.utoronto.ca/news/how-to-protect-your-data/.

A more in-depth discussion entitled "Consistent, Effective Information Security" is available at http://main.its.utoronto.ca/wp-content/uploads/2013/07/Information-Security-Guidelines.pdf.