How can I securely share information?
Every time we share information, whether through email, USB stick, fax, or other transmission services, there is a risk that it will be intercepted by unauthorized parties.
Faculty and staff who access UBC Systems or share UBC data have a responsibility to protect this information, especially when it is confidential or sensitive.
With that in mind, it is recommended that you only collect and download the minimum amount of data that you need to do your job, ensure it is properly secured and stored in Canada, and only share information on a need-to-know basis.
What are the recommended methods for sharing UBC data?
The table below provides guidelines on how to securely share UBC electronic information in adherence with UBC security standards:
| Method of Sharing | Sharing personal/confidential information (e.g. an Excel sheet with student information) | Sharing public information (e.g. a course outline) |
| UBC Email Accounts (e.g. FASmail) | The following types of information must be placed in encrypted attachments:
| Recommended |
| Personal email accounts (e.g. Gmail, Hotmail) | Not Permitted | Acceptable |
| UBC file-sharing services (e.g. MS OneDrive, TeamShare) | Recommended | Recommended |
| Personal file-sharing services (e.g. Dropbox, Google Drive, Google Docs) | Not Permitted | Acceptable |
| Mobile storage devices (e.g. USB drives, CDs) | Encryption is required | Acceptable |
For instructions on how to encrypt files using common applications, click here [PDF]. For further guidance or assistance with protecting UBC electronic information, please contact your IT Administrator.
Many popular file-sharing services such as DropBox or Google Drive are based in the United States or overseas. As such, using these services to collect, store, transmit, or access personal information is a violation of FIPPA.
UBC offers several alternatives to these commonly used services, including MS OneDrive, FASmail, and the UBC Survey Tool.
There are several exceptions to this rule; please view the Disclosing personal information Outside of Canada [PDF] Privacy Fact Sheet for more information.
- Financial information must never be transmitted via email or instant messaging systems. This activity is prohibited.
- Financial information must never be transmitted unencrypted.
- Mobile storage devices must be sent via secured courier or other delivery method that can be accurately tracked.
- Management must approve all information that is transmitted or moved from a secure area.
Go Further...
- Complete the full Fundamentals training to learn how to protect yourself and others
- Information Security Standard #3: Transmission and Sharing of UBC Electronic Information [PDF]
- Policy SC14, Acceptable Use and Security of UBC Electronic Information and Systems [PDF]
- How to encrypt files using common applications [PDF]