Security Reminder when Working Off-Site
If working off-site, follow security requirements for confidential information.
All information that is not officially designated as public is confidential, including information about identifiable individuals, student records, grades, HR records, non-public financial information, etc.
Do not take confidential information offsite (e.g. home for work) unless you have:
- Official Authorization; official University, Division or department policy or practice that permits the record to be taken out. If there is any doubt, consult with your direct report.
For hard copy records, minimize risk as follows:
- Demonstrable operational need/No other reasonable means; the record must be taken offsite to fulfil your duties. There is no reasonable alternative to taking the record offsite.
For electronic records:
- Take as few records as you can for expected work. If possible, take copies, not originals.
- In transit; Carry records in a locked satchel or case. Do not leave records unattended, e.g. at restaurants, washrooms, public transit, etc. Don’t read where others could see records.
- At home; Protect records from unauthorized individuals, including family or friends. Lock records away when not in use, e.g. locked cabinet in your locked home.
- Access records remotely only on authorized, secure networks with encrypted communication.
- Use a strong password to protect your electronic devices and laptop.
- Be sure your computer has up-to-date security, including firewall, anti-virus and anti-spam.
- Electronic records taken out of a secure University IT environment should be encrypted at all times, e.g. use an encrypted USB memory stick or encrypted hard drive on your laptop.
For questions, contact Howard Jones, Coordinator, FIPP Office at 416.946.7303, firstname.lastname@example.org