Safeguards - Privacy Breach Prevention

Reasonable Security Arrangements

The Freedom of Information and Protection of Privacy Act requires a public body to protect personal information by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure or destruction.

Making reasonable security arrangements means guarding against reasonably foreseeable risks to the privacy of personal information held by the university. The university has an obligation to implement deliberate, prudent and functional measures that demonstrate that it considered and mitigated such risks. The nature of the safeguards and measures required to be undertaken will vary according to the sensitivity of the personal information.

Guidance on Implementing Reasonable Security Arrangements or Safeguards can be found at the website of the Office of the Information and Privacy Commissioner, by clicking on the link below:

Securing Personal Information:  A Self-Assessment Tool for Organizations

Information about information technology security can be found at the website of the university's Information Technology Security Office, located here:

Chief Information Security Officer

Procedures and guidance on how personal information on mobile devices is to be protected can be found here:
Chief Information Security Officer: Mobile Security

In the link below, from the Office of the Privacy Commissioner of Canada, see how privacy commissioners within Canada have interpreted the term "safeguards" and what it means to have "reasonable safeguards to protect personal information."

https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-Canada/


Privacy Highlights and Quick Tips

For some quick tips, click here and be redirected to our Resources page for Highlights and Quick Tips.

Misdirected E-mails


Did you know that misdirected emails to individuals who have the same or a similar name as the intended recipient is one of the most common causes of privacy breaches? Before sending personal information by e-mail, please consider the risks of sending this information by e-mail, and consider whether you can use a more secure method of sending the information (e.g. by sharing the personal information on Google Drive).

To review a PDF file with more information, please click here.



June 2016