PIA Guidelines
Guidelines have been developed for the UBC community to build awareness about the PIA process and to manage PIA Requests more effectively. These guidelines outline the expected use of standard services and tools and explain how to comply with FIPPA requirements and the Information Security Standards.
uStore Administration
These tools are used for managing online storefronts and to make items available for purchase through the DPP online marketplace.
Tools covered: TouchNet Marketplace uStore
Event Management Platforms
These tools are used for event registration and associated activities.
Tools covered: Fourwaves, vFairs, EventsAir
Survey Tools
These tools are used to collect and analyze information efficiently.
Tools Covered: Qualtrics (UBC Survey Tool)
Mass E-Mail Tools
These tools facilitate communication with large numbers of users.
Tools covered: CyberImpact, Envoke, UBC Sendy (USEND), Student Communications Tool
Collaboration Tools
These tools facilitate collaboration between users.
Tools covered: MS Teams, Zoom, Blackboard Collaborate
Generative AI Tools
These tools are used to generate new text, images, or other media based on existing data by using machine learning components and algorithms.
Tools covered: ChatGPT, GitHub Copilot,
DALL-E
*Updated
Risk Assessments & Tools
The following tools may be required to support custom risk assessments in emerging or prevalent risk areas to help the University better understand and mitigate privacy and information security risks.
- Application Risk Assessments (ARA) covers technical risk areas such as vulnerability management and privileged access.
- Operational Risk Assessments (ORA) focuses on risks relating to end-user handling of personal information.
- Privacy and Information Security Requirements & Risk Assessment is used to assess the risk level for external products and services. It should be included as part of procurement responses to ensure a vendor/product meets UBC’s privacy requirements.
- Implementation Checklist is used to demonstrate that appropriate controls have been applied in product development and to show that a product is ready for production.
- Privacy / Security Solutions & Services Integration Checklist is used to assess the functional and technical requirements prior to procurement by outlining core security services and integrations.
- Tailored Risk Assessments if none of the above fits your needs, use the PIA Inquiry to request additional information and determine additional documentation requirements.
Please refer to the Privacy Matters Resources for more information.