During the G20, many people employed at the St. George campus will be working offsite. This email attaches a PDF version of a one-pager developed to advise staff and faculty on sound information security practices for confidential information.
It has also been posted on the FIPP Office website at http://www.fippa.utoronto.ca/Page26.aspx
Information detailed on the FIPP Office website and attached to this email should be consistently adhered to when working offsite, not only during the G20.
-------------------------------------------------------------------------------------
Security Reminder for Working Offsite
The St. George campus is to close from 6pm June 23 to Monday, June 28, for the G20 Summit. If working offsite, follow security requirements for confidential information. All information that is not public is confidential, including information about identifiable individuals, student records, grades, HR records, non-public financial information etc.
Do not take confidential information offsite (e.g. home for work) unless you have:
Official Authorization; official University, Division or department policy or practice that permits the record to be taken out. If there is any doubt, consult with your direct report.
Demonstrable operational need/No other reasonable means; the record must be taken offsite to fulfil your duties. There is no reasonable alternative to taking the record offsite.
For hard copy records, minimize risk as follows:
Take as few records as you can for expected work. If possible, take copies, not originals.
In transit; Carry records in a locked satchel or case. Do not leave records unattended, e.g. at restaurants, washrooms, public transit, etc. Don’t read where others could see records.
At home; Protect records from unauthorized individuals, including family or friends. Lock records away when not in use, e.g. locked cabinet in your locked home.
For electronic records:
Access records remotely only on authorized, secure networks with encrypted communication.
Use a strong password to protect your electronic devices and laptop.
Be sure your computer has up-to-date security, including firewall, anti-virus and anti-spam.
Electronic records taken out of a secure University IT environment should be encrypted at all times, e.g. use an encrypted USB memory stick or encrypted hard drive on your laptop.
Resources:
University of Toronto Security for Personal and Other Confidential Information practice: http://www.provost.utoronto.ca/Assets/Provost+Digital+Assets/Provost/fippa.pdf
University of Toronto Encryption resources:
http://www.utoronto.ca/security/UTORprotect/encryption_guidelines.htm
Adobe Encryption of PDF documents:
http://help.adobe.com/en_US/Acrobat/9.0/Standard/WSD012A4E1-51D1-4bcd-BA9F-EF03C6F20BB6.html
Encrypting Windows XP records - http://support.microsoft.com/kb/307877
For questions, contact Howard Jones, Coordinator, FIPP Office at (416) 946-7303, howard.jones@utoronto.ca
No comments:
Post a Comment