Privacy and information security is of critical importance to UBC. At UBC, we have the responsibility of protecting the personal information of our students, faculty, and staff, as well as the medical and financial information of the community we serve.
The Privacy Matters @ UBC initiative aims to increase the awareness of privacy and information security at UBC. Higher education institutions are often the target of data breaches, which not only affect the individuals whose personal information is compromised, but also the organization experiencing the breach.
Through comprehensive communication strategy and online training, our goal is to provide the campus community with the information needed to protect personal information and to keep UBC’s data secure.
UBC IT Policies
At UBC, we are responsible for substantial amounts of personal information about students, faculty and staff as well as any other confidential information we hold on behalf of the university. The CIO and the Chief Information Security Officer (CISO) oversee UBC’s efforts to safeguard personal information assets in order to comply with regulations, laws, and policies set in British Columbia.
VARIANCE REQUEST:
- In order to protect UBC’s information assets, UBC’s Chief Information Officer (CIO) has issued binding Information Security Standards that must be followed. Groups that wish to deviate from these Information Security Standards are required to request a variance from the CIO via the Department Head.
- More information can be found in the following link
- Contact: information.security@ubc.ca
PRIVACY IMPACT ASSESSMENT (PIA):
- Since UBC is a public institution, British Columbia’s Freedom of Information and Protection of Privacy Act (FIPPA) requires UBC to conduct a privacy impact assessment (PIA) for all new or substantially modified enactment, system, project, program, or activity that supports UBC business.
- More information, including how to submit a PIA request, can be found in the following link
- Contact: privacy.matters@ubc.ca
SECURITY AND CONFIDENTIALITY AGREEMENT:
- Before anyone who is not a UBC employee can be given access to personal or otherwise confidential/sensitive information held by UBC, they must agree to protect any information they may access and to comply with B.C.’s privacy legislation by signing a Security and Confidentiality Agreement (SACA), or another agreement that contains equivalent requirements.
- More information, including sample agreements, can be found in the following link
- Contact: UBC Legal Counsel, Information and Privacy
UBC Faculty of Medicine IT Governance & Security Policy
The Faculty of Medicine has developed and approved this policy to reduce risk to the Faculty, UBC and our Health Authority partners who host academic activities. The Policy and related procedures apply to all Faculty of Medicine units.
In alignment with UBC’s Information Security Compliance Program, and the Policy & Procedures, all Faculty of Medicine units with their own IT systems will be required to complete a self-assessment of their compliance with Essential Controls. Affected unit IT and administrative leads will be invited to an introductory meeting to the process in the coming months. Departments supported by Digital Solutions will be handled centrally, but will also participate.
The new Policy:
- Provides clarity on the application of UBC Policies in all Faculty of Medicine units and environments, particularly locations outside of the UBC Vancouver campus;
- Defines reporting requirements of all staff and contractors performing IT-related duties;
- Clarifies procedures to ensure compliance with UBC IT related policies and standards; and
- Promotes efficient and effective use of technology resources within the Faculty.
Training and Workshops
Why is training on privacy & information security so important?
Nearly every UBC faculty and staff member has access to confidential information, including personal and payment card data. As the loss or disclosure of this information could be very harmful, it’s important for you to know how to protect it.
Who should take the training?
Privacy & Information Security – Fundamentals training is a mandatory requirement for faculty, staff, researchers, student employees and contractors who use UBC Electronic Information and Systems.
Privacy & Information Security – IT Professionals training is a mandatory requirement for faculty, staff, researchers, student employees and contractors who are Technical Owners of UBC systems and University IT Support Staff.
- TRAINING:
Privacy & Information Security Fundamentals Part 1 - TRAINING:
Privacy & Information Security Fundamentals Part 2 - TRAINING:
Privacy & Information Security IT Professionals - WORKSHOP:
Monthly Workshops
Cybersecurity Quick Links
- Privacy and Information Security at UBC
- Report a phishing, privacy or information security incident
- UBC Faculty of Medicine IT Policies, Standards, and Guidelines
- Review the online guide to working remotely for information on how to access emails and files, tools and best practices for virtual meetings, and security requirements.
- For the most up-to-date information on outages, maintenance, and status of UBC IT Enterprise Services, please visit https://status.it.ubc.ca
Latest Cybersecurity News
UBC Department of Medicine Cybersecurity Program – Survey open until March 31, 2024
January 30, 2024 Read More >
Privacy Matters @ UBC Symposium 2023
September 11, 2023Stay informed and secure! Join us for the 6th Annual Privacy Matters @ UBC Symposium on October 18th 2023. Read More >
Multi-factor Authentication (MFA) on student accounts at UBC mandatory by November 1, 2023
August 21, 2023The introduction of MFA on student accounts at UBC is a crucial step in enhancing cybersecurity and protecting personal information. Read More >