UBC is streamlining its approach to data protection and security with the launch of a new integrated service – the Privacy and Information Security Risk Assessment. This initiative comes in response to a significant rise in demand for Privacy Impact Assessments (PIAs) and a growing need for robust Security Threat Risk Assessments (STRAs).
Previously, UBC offered separate PIAs, mandatory for projects involving personal information, and STRAs, recommended for all systems. The new Privacy and Information Security Risk Assessment service combines these processes into a single, efficient assessment, ensuring comprehensive coverage regardless of the data involved.
Why the Change?
The rise in PIA requests highlights the growing importance of data privacy at UBC. However, the current system has struggled to keep pace with demand, leading to longer processing times and potential risks going unnoticed. Additionally, the separate PIA and STRA processes created a gap for systems without personal information, leaving them vulnerable to security threats.
The Privacy and Information Security Risk Assessment service aims to address these concerns by:
- Enhancing Efficiency: A redesigned assessment process will streamline workflows and reduce administrative burdens.
- Early Risk Identification: Proactive risk identification will allow for earlier intervention and mitigation strategies.
- Unified Coverage: All UBC information systems, with or without personal information, will be assessed for potential risks.
What is the Privacy and Information Security Risk Assessment?
The Privacy and Information Security Risk Assessment is a comprehensive framework that evaluates an information system's security practices, identifies vulnerabilities, and recommends mitigation strategies. This includes assessing the likelihood and impact of potential threats and ensuring appropriate safeguards are in place.
Who Needs a Privacy and Information Security Risk Assessment?
A Privacy and Information Security Risk Assessment is recommended for a variety of situations, including:
- Deploying new information systems or making significant modifications.
- Experiencing a security incident or data breach.
- Proactively identifying and mitigating security vulnerabilities.
- Aligning data protection practices with industry best practices.
How to Get Started with a Privacy and Information Security Risk Assessment
UBC faculty and staff can initiate a Privacy and Information Security Risk Assessment request through the UBC Self-Service Portal. For research projects, specific resources and contact information are available through the Advanced Research Computing (ARC) Sensitive Research Team.
UBC's commitment to data privacy and security remains a top priority. The Privacy and Information Security Risk Assessment service represents a significant step forward in ensuring a more efficient, comprehensive approach to protecting UBC's information systems and the data they contain.