Last updated: March 3, 2025
Government agencies, including universities like UBC, have a unique responsibility to protect public information. This includes a wide range of sensitive data, from student records to financial reports. The University Act outlines UBC's governance structure and the role of the Board of Governors in overseeing the protection of university information.
A Multifaceted Approach to Cybersecurity
To effectively safeguard public information, a multifaceted approach is required:
Understanding Personal Information:
- FIPPA and Data Protection: The Freedom of Information and Protection of Privacy Act (FIPPA) governs how personal information is handled in British Columbia. UBC's "What is Personal Information?" fact sheet provides clarity on the types of data considered personal and subject to protection under FIPPA. For instance, student contact information, while seemingly innocuous, is classified as personal information and must be handled with care.
Secure Collection Practices:
- Necessary and Proportionate Collection: UBC's "Collecting Personal Information" fact sheet outlines procedures for collecting personal data in compliance with FIPPA. Key principles include:
- Necessity: Personal information should only be collected if it is necessary for UBC's operational activities.
- Proportionality: The amount of personal information collected should be proportionate to the purpose for which it is collected.
- Transparency: Individuals must be informed about the purpose of data collection and how their information will be used.
Secure Storage and Disclosure:
- Cross-Border Data Transfers: With the increasing globalization of computing services, UBC must carefully consider the risks associated with storing data outside of Canada. The "Disclosing Personal Information Outside Canada" fact sheet addresses these concerns.
- Privacy Impact Assessments (PIAs): When data needs to be stored or processed outside of Canada, a PIA is required to assess potential privacy risks and identify appropriate safeguards. PIAs help ensure that data is protected, even when it is transferred across borders.
Employee Awareness and Training:
- Information Security Awareness: UBC mandates privacy and information security awareness training for all staff and faculty. This training highlights the importance of protecting sensitive information and provides employees with the knowledge and skills to identify and respond to potential threats.
- Global Initiatives: UBC leverages Cybersecurity Awareness Month and Data Privacy Week among other events to enhance its training programs and foster a culture of cybersecurity awareness.
Incident Response:
- Incident Reporting: UBC has established procedures for reporting suspected data breaches to the Office of the University Counsel.
Transparency and Public Access:
- Public Disclosure: UBC demonstrates its commitment to transparency by making various types of information publicly available on its websites. This includes financial reports, Board of Governors' minutes, and research information. By being transparent, UBC builds trust with the public and fosters accountability.