lunch & learn – privacy protection · provides security classification scheme for university...
TRANSCRIPT
![Page 1: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/1.jpg)
Lunch & Learn – Privacy Protection
23 April 2018
19 April 2018
![Page 2: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/2.jpg)
Lunch and Learn
Waterloo Privacy Office Privacy Framework General Tips Sharing Information Privacy Breaches Safeguards Who can Help
Agenda
![Page 3: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/3.jpg)
Waterloo Privacy Office
![Page 4: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/4.jpg)
Provides leadership, guidance, and advice Develops and facilitates implementation of
policies & procedures Responds to: access requests privacy breaches complaints
Lunch and Learn
![Page 5: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/5.jpg)
Privacy Framework
![Page 6: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/6.jpg)
Lunch and Learn
Law
Policy
Guidelines
![Page 7: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/7.jpg)
FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY
(FIPPA)
LAW
![Page 8: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/8.jpg)
Since 2006, all Ontario universities have been covered by FIPPA.
FIPPA requires that the University:
Provides right of access to university information (subject to exceptions); and
Protect personal information held by the University, where applicable.
FIPPA is enforced by the Information & Privacy Commissioner of Ontario (IPC).
Lunch and Learn
![Page 9: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/9.jpg)
Lunch and Learn
Collect only information you need
Use only for purpose for which it was collected
Keep information only as long as necessary
Access/disclose information appropriately
Dispose of information securely
Key principles:
![Page 10: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/10.jpg)
Lunch and Learn
When the person has consented
Consistent purpose
To an employee who needs it to perform their duties
Safety of an individual
Use and disclosure:
![Page 11: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/11.jpg)
Personal information
Name, address, home and cell number
Education, financial, medical history
Race, religion, age, marital status
ID number
Written comments and opinions about a person (whether student, faculty, staff or other)
the personal opinions or views of the individual except where they relate to another individual
Lunch and Learn
![Page 12: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/12.jpg)
POLICY 46INFORMATION MANAGEMENT
POLICY
![Page 13: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/13.jpg)
Provides security classification scheme for university information
Outlines responsibilities members of university community have with respect to information security
Defines student information Sets the rules re: need for security controls and breach/loss
response Restricts access only to Waterloo instructional or
administrative staff with a legitimate need Very little student information is considered public
Lunch and Learn
![Page 14: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/14.jpg)
Name
Phone number
Student number
Grades
Class lists
Student assignments
Discipline records
Student Information
Lunch and Learn
![Page 15: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/15.jpg)
• faculty or college of enrolment• programs of study• sessions in which a student is or has been registered
• awards based on academic merit• degrees received and dates of convocation
Public Student Information
Lunch and Learn
![Page 16: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/16.jpg)
GUIDELINES FOR MANAGING STUDENT INFORMATION
GUIDELINES
GUIDELINES FOR SECURE DATA TRANSMISSION
![Page 17: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/17.jpg)
GENERAL TIPS
![Page 18: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/18.jpg)
Lunch and Learn
Collect/record only the information you need Be objective and factual Assume access (includes emails) Handle confidential records confidentially Dispose of transitory records Use secure disposal methods
![Page 19: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/19.jpg)
Lunch and Learn
E-mail messages are records Email containing sensitive personal or
confidential information Verify the e-mail address of recipients Avoid using “reply to all” feature Avoid email lengthy chains Ensure correct attachments!! Return to sender notification
![Page 20: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/20.jpg)
Lunch and Learn
E-mail messages that could be released in an access to information request Email between faculty about a student Email from someone else about a student Emails between instructors and TA’s
![Page 21: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/21.jpg)
Sharing Information
![Page 22: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/22.jpg)
Lunch and Learn
Need to know? Would the student see disclosure as
reasonable? What about mom and dad? Getting consent to share
![Page 23: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/23.jpg)
Privacy Breaches
![Page 24: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/24.jpg)
Lunch and Learn
Loss Unauthorized access Unauthorized disclosure Unintentional or intentional
What is a Privacy Breach?:
![Page 25: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/25.jpg)
Lunch and Learn
Loss Access DisclosureUnintentional Misplaced file Mistakenly look at
a file not related to your work
Show file to wrong student
Mistakenly send email to wrong student
Intentional Shred fileDestroy fileStolen file
Look up marks of your neighbor’s child
Tell your neighbor what you saw
![Page 26: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/26.jpg)
Lunch and Learn
contain
notifyinvestigate & remediate
Responding to a Privacy Breach
![Page 27: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/27.jpg)
contain • Retrieve hard copies• Ensure no copies have been made
Responding to a Privacy Breach
Lunch and Learn
![Page 28: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/28.jpg)
notify• Notify the individuals & Provide details of
breach• Notify IPC (?)
Responding to a Privacy Breach
Lunch and Learn
![Page 29: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/29.jpg)
investigate & remediate
Responding to a Privacy Breach
Lunch and Learn
![Page 30: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/30.jpg)
1. Review circumstances of breach
2. Review adequacy of polices & procedures
3. Identify ways to prevent future breaches
4. Implement recommendations (education, training, new procedures)
5. Share findings of investigation
Lunch and Learn
![Page 31: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/31.jpg)
Safeguards
![Page 32: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/32.jpg)
Physical• Locked drawers, cabinets, doors• “clean desk”, shredder
Administrative• Legislation, policy, procedures• Good business practices (verify IDs)• Training
Technical • Secure passwords, VPN, updates, anti-virus • Encryption, encrypted portable devices
Lunch and Learn
![Page 33: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/33.jpg)
Who can help
![Page 34: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/34.jpg)
Lunch and Learn PAGE 34
Department/Faculty ??
University Resources Privacy Officer: Kathy Winter ext 36101 Privacy Administrator: Melissa Holst ext 36125 University Records Manager: Chris Halonen ext. 38284 Information Security Services: Jason Testart
Province▪ Information and Privacy Commissioner of Ontario
1-800-387-0073
![Page 35: Lunch & Learn – Privacy Protection · Provides security classification scheme for university information Outlines responsibilities members of university community have with respect](https://reader033.vdocuments.us/reader033/viewer/2022052016/602ed8d62d184515ab0b1198/html5/thumbnails/35.jpg)
Questions?