Privacy and AI: Insights from U of T’s Data Privacy Day event

Data Privacy Day is celebrated annually and serves as a crucial reminder about the importance of protecting personal information and data. This year, Information Security and the Freedom of Information and Protection of Privacy Office (FIPPO) hosted a virtual panel event on Jan. 25 to celebrate Data Privacy Day.

The event, “Privacy in the world of AI”, was joined by 231 participants from all three campuses.

The panel was moderated by Kelly Carmichael, FIPP Coordinator, Freedom of Information and Protection of Privacy Office, and consisted of subject matter experts from the U of T community:

  1. Dr. Nicolas Papernot, Assistant Professor, Electrical & Computer Engineering and Computer Science
  2. Carlos Chalico​, IT Risk and Privacy Consultant, Ernst & Young​ and Instructor, U of T School of Continuing Studies
  3. Avi Hyman​, Director, Academic, Research & Collaborative Technologies (ARC), Information Technology Service

The panelists represented practical, technical and academic perspectives, providing a holistic view of the challenges, emerging trends and ethical considerations in the evolving landscape of AI and privacy.

Takeaways from the event

  • Importance of guidance and resources: The event highlighted the significance of having comprehensive guidelines and resources available to the University community regarding the responsible and intelligent use of AI. Avi Hyman emphasized the efforts of U of T Information Security, Provost Office and School of Graduate Studies in developing guidance around AI usage, with specific focus on its application in teaching and learning. He also mentioned valuable materials prepared by the U of T Libraries aimed at fostering understanding and best practices in AI deployment.
  • Implications of regulatory changes: During the live Q&A, the panelists delved into the potential impact of new EU AI regulations and the ISO 42001 standard for AI management systems. Dr. Papernot outlined the overarching goals of these regulations, which emphasize transparency, accountability and mitigating bias in AI systems. Carlos Chalico emphasized the need for organizations to integrate AI management systems with existing frameworks for data security, privacy and information management. While discussing privacy regulations, Chalico highlighted the benefits of viewing compliance as an opportunity to build trust with stakeholders by prioritizing transparency and obtaining informed consent.
  • Balancing innovation with privacy concerns: The panelists also touched upon the ongoing dialogue surrounding the intersection of AI innovation and privacy concerns. They emphasized the importance of striking a balance between leveraging AI technologies for innovation while upholding privacy rights and ethical principles. Chalico emphasized the significance of considering broader data management and governance perspectives beyond privacy and cyber security to ensure responsible AI deployment.

Following the insightful panel discussion, the audience actively participated in a lively Q&A session, engaging directly with the experts.

Visit the Security Matters website for more information security related news.

Additional resources

  1. Guidelines on privacy and security for mobile apps
  2. AI chatbot Microsoft Copilot available to U of T employees
  3. Freedom of Information and Protection of Privacy (FIPP) Office website
  4. Information Security website

Safeguard your emails to help prevent privacy breaches

While email is one of the most efficient and prevalent forms of communication today, it brings with it the risk of privacy breaches when sharing sensitive data, such as personally identifiable information (PII) or personal health records.

In a recent blog post, the Information and Privacy Commissioner of Ontario (IPC) talks about how misdirected emails are a common source of privacy breaches due to unauthorized disclosure of personal information. Some common mistakes include emails sent to an unintended recipient or emails sent to a group of recipients without using the blind carbon copy (BCC) function.

Everyone who sends emails can make these mistakes, but they are preventable with a few simple steps:

  • Stop and double check the details of your email before sending. Ensure that you have the correct recipient. Always consider whether you need to BCC and do so when appropriate.
  • If the email has an attachment that contains personal information, make sure to encrypt the attachment using a password that you can provide to the recipient by phone. If possible, also restrict who can open the file. For example, if sharing a file using OneDrive, adjust the settings so that only the intended recipient can open the attachment.

The University of Toronto (U of T) community works with many kinds of data, ranging from publicly available website material to confidential research material. This makes the University a target for various forms of cyber attacks. The IPC has posted a fact sheet about communicating personal health information by email that will help you learn more about the risk of sending sensitive data via email and how to mitigate the risk.

By taking simple steps to safeguard your email communications, you can help reduce the risk of privacy incidents at U of T.

How you can protect U of T data

This article is part of a series for Data Privacy Day 2022. To learn about how evolving technology and privacy laws impact higher education, register for the virtual panel event on Jan. 28.

Five data breaches that made headlines in 2021

Data breaches and ransomware have become massive risks costing large losses to both individuals and organizations around the world. IBM reported that 2021 saw the highest average cost of a data breach in the last 17 years, with the cost rising from $3.86 million to $4.24 million USD on an annual basis.

As we prepare to recognize Data Privacy Day on Jan. 28 and raise awareness about safeguarding our personal information, let’s take a look at five data breaches that made headlines in 2021 and learn how to keep ourselves safe online:

Data of more than 500 million Facebook (Meta) users leaked online

Personal information (full names, phone numbers, locations, birth dates and more) of 533 million Facebook (Meta) users was leaked online and made available for free on a hacking forum in April 2021. The data exposed include data of users from 106 countries, including over 32 million records on users in the U.S., 11 million on users in the UK, and 6 million on users in India.

Review these information security tips to learn how to protect yourself online.

Ransomware attack against Superior Plus

In December 2021, Canadian propane distributor Superior Plus reported a ransomware attack which disrupted the company’s computer systems. The company said that theyhad to temporarily disable certain computer systems and applications while they investigated the incident.

Ransomware attacks can lead to long-term and significant damage—from loss of sensitive data to shutting down operations. Learn how you can protect yourself from ransomware.

Luxury retailer Neiman Marcus data breach impacts over 4 million customers

In September 2021, American luxury retailer Neiman Marcus reported a data breach that impacted 4.6 million customers. Though the leak took place in May 2020, it was only detected in September 2021. The leak also included the potential theft of over 3.1 million payment cards belonging to customers.

Check out this blog post to learn how to stay safe while shopping online.

Hackers access personal details of 4.5 million Air India passengers

In March 2021, India’s national airline Air India reported a cyber-attack on its data servers, which affected about 4.5 million customers around the world. The information leaked contained various forms of personal information. The airline claimed that no passwords were stolen but asked its customers to immediately change their Air India password for protection.

Strong passwords are the first line of defense in protecting your institutional data and personal information. Learn more about the importance of safe password practices.

Canada Revenue Agency (CRA) locks out taxpayer accounts after discovering use of unauthorized credentials

Last year, taxpayers were locked out of their CRA accounts for about 800,000 accounts. The CRA claimed that the credentials may have been obtained through email phishing or third-party data breaches.

In today’s age, it is of utmost importance to stay alert and protect ourselves from phishing attacks. Learn how to identify and report phishing attacks.

This article is part of a series for Data Privacy Day 2022. To learn about how evolving technology and privacy laws impact higher education, register for the virtual panel event on Jan. 28.

Mark your calendar for Data Privacy Day 2022!

Data Privacy Day is celebrated worldwide every year on Jan. 28 to raise awareness about technology and privacy rights, including the importance of safeguarding our personal information.

The Information Technology Services (ITS) division is leading a Data Privacy Day 2022 campaign to raise awareness and educate the University of Toronto (U of T) tri-campus community on safe data privacy practices. The campaign will consist of resource sharing, educational blog posts and a virtual panel event featuring subject matter experts who will share their perspectives on how changes in technology and privacy laws impact higher education.

Stay tuned for more updates about Data Privacy Day 2022.