Share Files Securely
Share Files Securely
GUARD IT: Preventing a Privacy Breach
How can I securely share information?
Every time we share information, whether through email, USB stick, fax, or other transmission services, there is a risk that it will be intercepted by unauthorized parties.
Faculty and staff who access UBC Systems or share UBC data have a responsibility to protect this information, especially when it is confidential or sensitive.
With that in mind, it is recommended that you only collect and download the minimum amount of data that you need to do your job, ensure it is properly secured and stored in Canada, and only share information on a need-to-know basis.
28% of information leaks are from lost or stolen portable devices
such as USB drives and laptops.1
72% of employees use external file sharing services for work purposes
even though 77% of companies prohibit this.2
1What are the recommended methods for sharing UBC data?
The table below provides guidelines on how to securely share UBC electronic information in adherence with UBC security standards:
|Method of sharing||Sharing personal/confidential information
(e.g. an Excel sheet with student information)
|Sharing public information (e.g. a course outline)|
|UBC Email Accounts (e.g. FASmail)||The following types of information must be placed in encrypted attachments:
|Personal email accounts (e.g. Gmail, Hotmail)||Not permitted||Acceptable|
|UBC file sharing services (e.g. MS OneDrive, TeamShare)||Recommended||Recommended|
|Personal file sharing services (e.g. Dropbox, Google Drive, Google Docs)||Not permitted||Acceptable|
|Mobile storage devices (e.g. USB drives, CDs)||Encryption is required||Acceptable|
For instructions on how to encrypt files using common applications, click here [PDF]. For further guidance or assistance with protecting UBC electronic information, please contact your IT Administrator.
2Why can’t I use DropBox or Google Drive to share UBC data?
UBC is subject to the Freedom of Information and Protection of Privacy Act (FIPPA), part of which states that faculty and staff cannot store personal information outside Canada without written consent. Many popular file sharing services such as DropBox or Google Drive are based in the United States or overseas. As such, using these services to collect, store, transmit, or access personal information is a violation of FIPPA.
There are several exceptions to this rule; please view the Disclosing personal information Outside of Canada [PDF] Privacy Fact Sheet for more information.
3What if I am sharing financial information?
Due to the sensitivity of Payment Card Industry (PCI) information, sharing financial information is subject to the following additional requirements:
- Financial information must never be transmitted via email or instant messaging systems. This activity is prohibited.
- Financial information must never be transmitted unencrypted.
- Mobile storage devices must be sent via secured courier or other delivery method that can be accurately tracked.
- Management must approve all information that is transmitted or moved from a secure area.
Go even further...
For a much more in-depth look at sharing UBC electronic information, review the following:Complete the full Fundamentals training to learn how to protect yourself and others
Information Security Standard #3: Transmission and Sharing of UBC Electronic Information [PDF]
Policy SC14, Acceptable Use and Security of UBC Electronic Information and Systems [PDF]
How to encrypt files using common applications [PDF]