If working offsite, follow security requirements for confidential information. All information that is not officially designated as public is confidential, including information about identifiable individuals, student records, grades, human resources records, non-public financial information etc.
Do not take confidential information offsite (e.g. home for work) unless you have:
- Official Authorization; official University, Division or department policy or practice that permits the record to be taken out. If there is any doubt, consult with your direct report.
- Demonstrable operational need/No other reasonable means; the record must be taken offsite to fulfil your duties. There is no reasonable alternative to taking the record offsite.
For hard copy records, minimize risk as follows:
- Take as few records as you can for expected work. If possible, take copies, not originals.
- In transit; Carry records in a locked satchel or case. Do not leave records unattended, e.g. at restaurants, washrooms, public transit, etc. Don’t read where others could see records.
- At home; Protect records from unauthorized individuals, including family or friends. Lock records away when not in use, e.g. locked cabinet in your locked home.
For electronic records:
- Access records remotely only on authorized, secure networks with encrypted communication.
- Use a strong password to protect your electronic devices and laptop.
- Be sure your computer has up-to-date security, including firewall, anti-virus and anti-spam.
- Electronic records taken out of a secure University IT environment should be encrypted at all times, e.g. use an encrypted USB memory stick or encrypted hard drive on your laptop.
Source: University of Toronto Freedom of Information & Protection of Privacy Office