As administrators we often have to share confidential information regarding faculty members. When we share this information electronically, we have to follow the requirements set out by UBC’s Chief Information Officer in the Information Security Standard on Transmission and Sharing of UBC Electronic Information. Improper sharing of confidential information at UBC frequently results in privacy breaches. It’s really important to follow the proper protocol to avoid a complaint to the Privacy Commissioner, or a legal claim, or both.
Confidential information includes personal information and financial information relating to payment card transactions. We are allowed to use unencrypted emails to share small amounts of low-risk confidential information. However, we cannot use unencrypted emails to send large amounts of confidential information, or any amount of high-risk information*, because this creates an unacceptable risk. For example, it would be acceptable to send an unencrypted email saying “Joe Smith is sick today and won’t be coming to work.” However, it would not be acceptable to use an unencrypted email to send an appointment form or a medical report, because these documents contain a large amount of confidential information.
You have two options to protect this information:
Option 1: Put the information in an encrypted attachment to your email. The CIO has issued instructions for encrypting these Word, Excel or PDF files. You should give the encryption password to the recipient in a secure manner; do not send it by email!
Option 2: Share the information using Workspace, which is a secure file sharing tool similar to Dropbox. In Faculty Relations we prefer that Dean’s Offices share any forms or documents via the Workspace directory that is set up for each faculty.
Thanks for keeping our confidential information secure! If you want more information about privacy and security, I encourage you to go to the Privacy Matters @ UBC webpage.
*High-risk information includes the following types of information:
- Social Insurance Number (SIN)
- Any official government identity card No. (e.g. Passport ID, Drivers’ License No., etc.)
- Bank account information (e.g. direct deposit details)
- Personal health information
- Biometric data
- Date of Birth