Annually, on January 28, we celebrate International Data Privacy Day. This year, to mark the day, we're asking you to consider the following three best practices to enhance privacy protection at Ryerson University:
Collect and use the minimum amount of personal information necessary to complete the task.
Employ a procedure to track what you post to shared folders, who has access, what they can to with the information, and when the access should be revoked.
Before you hit "send" on an email, STOP. Take your hands off the keyboard. Review the content of the "To" and "CC" and "BCC" lines to ensure you have the correct recipients and addresses. If you are sharing personal information, consider putting the information into a separate document and password protect the document. You can share the password separately with the correct recipients. This way, if the email goes astray, the personal information remains secure.
Understand the information you are using both in terms of the type of information and the environment in which it will be used. Not all personal information is the same. Personal information can be any type or format of information that renders individuals uniquely identifiable. Some types of personal information seem obvious: names, identifying numbers, educational or medical evaluations. These are all types of direct identifiers. Some forms of data become personal information only in certain contexts (indirect identifiers); for example, IP addresses and postal codes. Personal information has varying sensitivity. Sensitive information requires additional security and rigour for safe use and storage.
The Office of the General Counsel and Board Secretariat has a team to help and advise you on building privacy protection into your workplace practices: Paula Bourne, Compliance Coordinator, Leanne Sachs, Records Management Coordinator, and Heather Driscoll, Director, Compliance and Policy Management, and Privacy Officer.
We look forward to working with you in the upcoming year.