GUARD IT: Preventing a Privacy Breach

How can I securely share information?

Every time we share information, whether through email, USB stick, fax, or other transmission services, there is a risk that it will be intercepted by unauthorized parties.

Faculty and staff who access UBC Systems or share UBC data have a responsibility to protect this information, especially when it is confidential or sensitive.

With that in mind, it is recommended that you only collect and download the minimum amount of data that you need to do your job, ensure it is properly secured and stored in Canada, and only share information on a need-to-know basis.

28% of information leaks are from lost or stolen portable devices

such as USB drives and laptops.¹

72% of employees use external file sharing services for work purposes

even though 77% of companies prohibit this.²

¹ http://druva.com/blog | ² http://druva.com

1What are the recommended methods for sharing UBC data?

The table below provides guidelines on how to securely share UBC electronic information in adherence with UBC security standards:

Method of sharing	Sharing personal/confidential information (e.g. an Excel sheet with student information)	Sharing public information (e.g. a course outline)
UBC Email Accounts (e.g. FASmail)	The following types of information must be placed in encrypted attachments: Social Insurance Numbers Official Government IDs (e.g. Passport, Drivers' License Number) Bank account information Date of Birth Personal Health Information Employee IDs	Recommended
Personal email accounts (e.g. Gmail, Hotmail)	Not permitted	Acceptable
UBC file sharing services (e.g. MS OneDrive, TeamShare)	Recommended	Recommended
Personal file sharing services (e.g. Dropbox, Google Drive, Google Docs)	Not permitted	Acceptable
Mobile storage devices (e.g. USB drives, CDs)	Encryption is required	Acceptable

For instructions on how to encrypt files using common applications, click here [PDF]. For further guidance or assistance with protecting UBC electronic information, please contact your IT Administrator.

Why can’t I use DropBox or Google Drive?

2Why can’t I use DropBox or Google Drive to share UBC data?

UBC is subject to the Freedom of Information and Protection of Privacy Act (FIPPA), part of which states that faculty and staff cannot store personal information outside Canada without written consent. Many popular file sharing services such as DropBox or Google Drive are based in the United States or overseas. As such, using these services to collect, store, transmit, or access personal information is a violation of FIPPA.

UBC offers several alternatives to these commonly used services, including MS OneDrive, FASmail, and the UBC Survey Tool.

There are several exceptions to this rule; please view the Disclosing personal information Outside of Canada [PDF] Privacy Fact Sheet for more information.

What if I am sharing financial information?

3What if I am sharing financial information?

Due to the sensitivity of Payment Card Industry (PCI) information, sharing financial information is subject to the following additional requirements:

Financial information must never be transmitted via email or instant messaging systems. This activity is prohibited.
Financial information must never be transmitted unencrypted.
Mobile storage devices must be sent via secured courier or other delivery method that can be accurately tracked.
Management must approve all information that is transmitted or moved from a secure area.

Go even further...

For a much more in-depth look at sharing UBC electronic information, review the following:

Complete the full Fundamentals training to learn how to protect yourself and others
Information Security Standard #3: Transmission and Sharing of UBC Electronic Information [PDF]
Policy SC14, Acceptable Use and Security of UBC Electronic Information and Systems [PDF]
How to encrypt files using common applications [PDF]

Share Files Securely