Privacy and information security is of critical importance to UBC. At UBC, we have the responsibility of protecting the personal information of our students, faculty, and staff, as well as the medical and financial information of the community we serve.

The Privacy Matters @ UBC initiative aims to increase the awareness of privacy and information security at UBC. Higher education institutions are often the target of data breaches, which not only affect the individuals whose personal information is compromised, but also the organization experiencing the breach.

Through comprehensive communication strategy and online training, our goal is to provide the campus community with the information needed to protect personal information and to keep UBC’s data secure.

UBC IT Policies

At UBC, we are responsible for substantial amounts of personal information about students, faculty and staff as well as any other confidential information we hold on behalf of the university. The CIO and the Chief Information Security Officer (CISO) oversee UBC’s efforts to safeguard personal information assets in order to comply with regulations, laws, and policies set in British Columbia.


  • In order to protect UBC’s information assets, UBC’s Chief Information Officer (CIO) has issued binding Information Security Standards that must be followed. Groups that wish to deviate from these Information Security Standards are required to request a variance from the CIO via the Department Head.
  • More information can be found in the following link
  • Contact:


  • Since UBC is a public institution, British Columbia’s Freedom of Information and Protection of Privacy Act (FIPPA) requires UBC to conduct a privacy impact assessment (PIA) for all new or substantially modified enactment, system, project, program, or activity that supports UBC business.
  • More information, including how to submit a PIA request, can be found in the following link
  • Contact:


  • Before anyone who is not a UBC employee can be given access to personal or otherwise confidential/sensitive information held by UBC, they must agree to protect any information they may access and to comply with B.C.’s privacy legislation by signing a Security and Confidentiality Agreement (SACA), or another agreement that contains equivalent requirements.
  • More information, including sample agreements, can be found in the following link
  • Contact: UBC Legal Counsel, Information and Privacy

UBC Faculty of Medicine IT Governance & Security Policy

The Faculty of Medicine has developed and approved this policy to reduce risk to the Faculty, UBC and our Health Authority partners who host academic activities. The Policy and related procedures apply to all Faculty of Medicine units.

In alignment with UBC’s Information Security Compliance Program, and the Policy & Procedures, all Faculty of Medicine units with their own IT systems will be required to complete a self-assessment of their compliance with Essential Controls. Affected unit IT and administrative leads will be invited to an introductory meeting to the process in the coming months. Departments supported by Digital Solutions will be handled centrally, but will also participate.

The new Policy:

  1. Provides clarity on the application of UBC Policies in all Faculty of Medicine units and environments, particularly locations outside of the UBC Vancouver campus;
  2. Defines reporting requirements of all staff and contractors performing IT-related duties;
  3. Clarifies procedures to ensure compliance with UBC IT related policies and standards; and
  4. Promotes efficient and effective use of technology resources within the Faculty.

Training and Workshops

Why is training on privacy & information security so important?
Nearly every UBC faculty and staff member has access to confidential information, including personal and payment card data. As the loss or disclosure of this information could be very harmful, it’s important for you to know how to protect it.

Who should take the training?
Privacy & Information Security – Fundamentals training is a mandatory requirement for faculty, staff, researchers, student employees and contractors who use UBC Electronic Information and Systems.

Privacy & Information Security – IT Professionals training is a mandatory requirement for faculty, staff, researchers, student employees and contractors who are Technical Owners of UBC systems and University IT Support Staff.​

Cybersecurity Quick Links

Latest Cybersecurity News 

What Do You Do When Your Secure Research Facility Gets Breached? 
April 22, 2024Have you ever felt confident your data was untouchable? Join Privacy Matters @UBC for a gripping online event where we’ll dissect a real-life cyberattack that targeted a supposedly impenetrable research facility at UBC.  Read More >

Your Voice Matters: Information Security Standards Town Hall  
April 2, 2024UBC is committed to safeguarding its sensitive data. As part of this effort, we’re reviewing and revising the Information Security Standards, which outline how everyone at UBC uses and protects university data. Read More >

Important Email Changes Coming in February 2024 
February 2, 2024In response to the evolving landscape of email security and the rise of spam and malicious emails, Gmail and Yahoo will enforce stricter requirements on bulk mail senders, including UBC, starting February 2024. Read More >