PDAD&C#2, 2011-12
To: PDAD&C
From: Cheryl Misak, Vice-President and Provost
Date: July 6, 2011
Re: Provostial Guideline Regarding Security for Personal and Other Confidential Information
The University is subject to the Freedom of Information and Protection of Privacy Act (FIPPA) and is committed to its requirements.
Please be advised that a brief 'Provostial Guideline Regarding Security for Personal and Other Confidential Information' has been issued that reaffirms core security expectations for personal and other confidential information, to assure University-wide standards.
This new Guideline as well as 'FIPPA - General and Administrative Access and Privacy Practices' and 'FIPPA - Q & As for Instructors' are available on the Provost's website at http://www.provost.utoronto.ca/policy.htm.
Please note that the Guideline requires that personal and other confidential information in electronic form be protected by properly implemented encryption unless it is kept in a secure server environment with appropriately restricted users rights. Practical information on the tools available to help you comply with the encryption requirement is available at http://encrypt.utoronto.ca/
To further support the protection of information, I+TS has published two guides dealing with 'Phishing' (the attempt, through use of spam email, to drive users to disclose personal information to fraudulent websites), and the configuration settings necessary to enable encryption on smart phones (iPhone, BlackBerry, Android and Windows 7) such that their contents are secure in the event of loss or theft of the phone:
http://www.its.utoronto.ca/security/phishing.htm and http://www.its.utoronto.ca/security/smartphones.htm
The "Notice to Faculty and Staff Computer Users re Data Encryption" is a comprehensive message about all these matters suitable for distribution to faculty and staff. It is available at: http://uoft.me/protectdata
A more in-depth discussion entitled "Consistent, Effective Information Security" is available at http://www.its.utoronto.ca/rules-and-regulations/regulations_guidelines/informationsecurity.htm
--- attachment ---
GUIDELINE REGARDING SECURITY FOR PERSONAL AND OTHER CONFIDENTIAL INFORMATION
Personal and other confidential information should at all times be protected with effective security as described in University policy and Information Security and Privacy Practices.
Personal and other confidential information in electronic form should be kept in a secure server environment with appropriate restricted user rights. If it is outside a secure server environment, personal and other confidential information in electronic form must at all times be protected with properly implemented encryption.
Personal and other confidential information in hard copy form should be kept in a secure institutional environment. If it is outside a secure institutional environment, personal and other confidential information in hard copy form must at all times be protected with strong, effective security measures.
June 2011
No comments:
Post a Comment