About

About

Keeping information safe is a community effort. Together, we can make a big difference in protecting personal information online.

About the initiative

Learn more about why privacy matters at UBC.

Privacy and information security at UBC is largely dependent on faculty and staff taking an active role in keeping data secure. UBC provides security tools such as anti-virus software, firewalls, and spam filtering. However, these tools can only do so much. We need your help.

The Privacy Matters @ UBC initiative aims to increase the awareness of privacy and information security at UBC. Higher education institutions are often the target of data breaches, which not only affect the individuals whose personal information is compromised, but also the organization experiencing the breach.

Through comprehensive communication strategy and online training, our goal is to provide the campus community with the information needed to protect personal information and to keep UBC's data secure.

Privacy and Information Security Management (PrISM)

Privacy and Information Security Management (PrISM) at UBC is a coordinated effort between Risk Management Services, the Office of the University Counsel, and the Office of the CIO.

The mandate of PrISM is to enhance the privacy and security of information in electronic and hard-copy format through a series of campaigns related to technology, maintenance, data mapping and risk management, training, awareness, and communications.

Executive Leadership Committee

Hubert Lai (Chair)

University Counsel, Office of the President

Dr. Andrew Szeri

Provost and Vice President, Academic

Peter Smailes

Vice-President, Finance & Operations

Program Leadership Committee

Paul Hancock (Chair)

Legal Counsel, Information and Privacy, Office of the University Counsel

Jennifer Burns

Chief Information Officer and Associate Vice President, Information Technology

Ron Holton

Chief Risk Officer, Risk Management Services

Don Thompson

Chief Information Security Officer
Prabjit Singh

Prabjit Singh

Program Manager, PrISM, Office of the University Counsel

Zoë Armer

Program Manager, Cybersecurity

Michael Lonsdale-Eccles

Director, PrISM, Risk Management Services

Jennifer Kain

Chief Audit and Risk Officer (non-voting)

Susantha Tennakoon

Senior IT Internal Auditor (non-voting)

Current Projects

Learn more about the current initiatives that are a part of PrISM.

Projects

Online Privacy and Information Security Training

PrISM has developed online privacy and information security training for all faculty and staff at UBC. This 20-30-minute training session will empower you to protect personal information and other confidential UBC information and systems.

Learn more about the training.

Risk Assessment Process

Perform custom risk assessments / investigations into emerging, or prevalent risk areas to assist in better understanding and mitigating privacy and information security risk.

  1. Privacy Impact Assessment (PIA) helps identify and mitigate potential privacy and security issues related to all new or substantially modified systems, projects, programs or activities, thereby fulfilling UBC’s legal requirements.
  2. Application Risk Assessments (ARA) covers technical risk areas such as vulnerability management and privileged access.
  3. Operational Risk Assessments (ORA) focuses on risks relating to end-user handling of personal information.
  4. Tailored Risk Assessments (if none of the above fit your needs).

Encryption

Encryption is the most effective way to keep your personal information and UBC’s data secure. Encryption is a method of making information unreadable in order to protect it from unauthorized access. When information is encrypted, a password is required to make it readable again.

UBC policy and British Columbia law require all mobile devices (including laptops) that are used to store confidential information to be encrypted. The PrISM team is working to encourage encryption of all devices used for work purposes by departments and faculties at UBC. Learn more about encryption.

Awareness and Communication

The awareness and communication project is working to increase education and awareness to change behavior and build a privacy and information security conscious culture. The creation of the Privacy Matters @ UBC initiative to ensure that all faculty and staff are regularly exposed to communications about privacy and information security requirements. The comprehensive communications strategy is working to sustain awareness and engagement among faculty and staff at UBC.

UBC Cybersecurity Confidential Communications

In a continued effort to increase the dialogue and transparency about cybersecurity at UBC, we will be relaunching the confidential communications website for information security. This site will be a secure, non-public environment meant for UBC staff, faculty, researchers, and affiliates. The information posted on the website is confidential and is therefore subject to specific access and sharing restrictions.

Basic access to this site requires Campus-Wide Login (CWL) credentials. If you are located off-campus, a myVPN connection is required.  As an added level of security, users are required to apply for access to privileged information.  A request form is available after logging in to the new site and accepting the Terms and Conditions. The website is now available at cc.cybersecurity.ubc.ca.

Network Security Upgrades (Phase 1)

As part of the ongoing effort to enhance cybersecurity at UBC, network security upgrades will be implemented at the UBC Okanagan campus for all university-based wired and wireless networks (ubcsecure, ubcvisitor, ubcprivate, and eduroam). This upgrade will add a layer of protection to prevent unintentional visits to malicious websites.

After the upgrade, if a user on the UBC network accidently clicks on a link to a high-risk website, their browser will redirect them to a block page. Only websites that are known to be malicious will be blocked by the system, including:

  • Malware sites that host malicious software, mobile threats, and more
  • Phishing sites that aim to trick users into handing over personal or financial information
  • ‘Command and Control Callbacks’ that allow compromised devices to communicate with an attackers’ infrastructure

Please note: this process is automatic and this new service will not track or log individual user website activity.

The network security upgrade at UBC Okanagan is Phase 1 of this project and we will be making similar upgrades at the Vancouver campus within the next few months. More details will be made available shortly.

Information Security Standards Review

To ensure that UBC’s confidential data and information systems are safe from a data breach, the university has Information Security Standards that govern the use and protection of university data and computing resources. As required by Policy #104, Acceptable Use and Security of UBC Electronic Information and Systems, all faculty and staff are responsible and accountable for following these standards.

These Information Security Standards are subject to periodic reviews to adapt to changing expectations and risks. The next review cycle begins this year. All staff and faculty are invited to provide feedback on the standards. You can provide feedback at privacymatters.ubc.ca/issreview or by emailing privacy.matters@ubc.ca.

All feedback will be forwarded to the members of a review team made up of staff and faculty members for analysis. The team will then publish draft amendments to the standards for comment by the campus community. The team will then make final amendments and forward them to the Chief Information Officer for approval.

The current information security standards can be found at https://cio.ubc.ca/information-security-standards

All are encouraged to participate in this important process and your input is greatly appreciated.

Enhanced CWL (Multi-Factor Authentication)

PROTECT IT: Keep personal information secure

What is an 'Enhanced CWL'?

To keep personal information at UBC secure, faculty and staff will be asked to update their Campus-Wide Login (CWL) account to an 'Enhanced CWL' account. This update features an additional layer of protection with multi-factor authentication (MFA) provided by Duo Security.

Multi-factor authentication (MFA) is a security standard across North America, providing an effective way to prevent unauthorized access to information. It requires two items to identify a user:

  • Something you know (i.e. your password)
  • Something you have (typically a trusted mobile phone, land line or hardware token)

This way, even if someone steals your password, the cybercriminal would not be able to hijack your account when it is protected by multi-factor authentication.