Data privacy Archives - Security MattersSecurity Matters

Privacy and AI: Insights from U of T’s Data Privacy Day event

February 8, 2024

Data Privacy Day is celebrated annually and serves as a crucial reminder about the importance of protecting personal information and data. This year, Information Security and the Freedom of Information and Protection of Privacy Office (FIPPO) hosted a virtual panel event on Jan. 25 to celebrate Data Privacy Day.

The event, “Privacy in the world of AI”, was joined by 231 participants from all three campuses.

The panel was moderated by Kelly Carmichael, FIPP Coordinator, Freedom of Information and Protection of Privacy Office, and consisted of subject matter experts from the U of T community:

Dr. Nicolas Papernot, Assistant Professor, Electrical & Computer Engineering and Computer Science
Carlos Chalico, IT Risk and Privacy Consultant, Ernst & Young and Instructor, U of T School of Continuing Studies
Avi Hyman, Director, Academic, Research & Collaborative Technologies (ARC), Information Technology Service

The panelists represented practical, technical and academic perspectives, providing a holistic view of the challenges, emerging trends and ethical considerations in the evolving landscape of AI and privacy.

Takeaways from the event

Importance of guidance and resources: The event highlighted the significance of having comprehensive guidelines and resources available to the University community regarding the responsible and intelligent use of AI. Avi Hyman emphasized the efforts of U of T Information Security, Provost Office and School of Graduate Studies in developing guidance around AI usage, with specific focus on its application in teaching and learning. He also mentioned valuable materials prepared by the U of T Libraries aimed at fostering understanding and best practices in AI deployment.
Implications of regulatory changes: During the live Q&A, the panelists delved into the potential impact of new EU AI regulations and the ISO 42001 standard for AI management systems. Dr. Papernot outlined the overarching goals of these regulations, which emphasize transparency, accountability and mitigating bias in AI systems. Carlos Chalico emphasized the need for organizations to integrate AI management systems with existing frameworks for data security, privacy and information management. While discussing privacy regulations, Chalico highlighted the benefits of viewing compliance as an opportunity to build trust with stakeholders by prioritizing transparency and obtaining informed consent.
Balancing innovation with privacy concerns: The panelists also touched upon the ongoing dialogue surrounding the intersection of AI innovation and privacy concerns. They emphasized the importance of striking a balance between leveraging AI technologies for innovation while upholding privacy rights and ethical principles. Chalico emphasized the significance of considering broader data management and governance perspectives beyond privacy and cyber security to ensure responsible AI deployment.

Following the insightful panel discussion, the audience actively participated in a lively Q&A session, engaging directly with the experts.

Visit the Security Matters website for more information security related news.

Additional resources

Information Security and FIPPO informs U of T community how to protect student information

February 17, 2023

On Jan. 25, over 370 University of Toronto staff and faculty from across the tri-campus community gathered online for a virtual panel event to learn how to protect students’ information and reduce the risk of data compromise or loss. The event was hosted by Information Security and Freedom of Information and Protection of Privacy Office (FIPPO) as part of the Data Privacy Day campaign.

Isaac Straley, Chief Information Security Officer and Rafael Eskenazi, Director, FIPPO provided practical tips for protecting information and resources available at the University to support faculty and staff in meeting their responsibilities.

“Data Privacy Day acts as a reminder to educate ourselves more about who has access to our personal information and how it is being used. U of T has many resources available to inform and educate our community about protecting information and security. We hope this event provides an excellent opportunity to take stock of and evaluate both personal and institutional security and privacy,” said Isaac Straley, CISO.

The event began with a joint presentation by Isaac and Rafael and was followed by a lively Q and A session where attendees were provided with information and resources related to data classification, remote working, importance of reporting privacy breaches and more.

“Protecting any data or identifiable information is crucial for safety and for security reasons. I’m glad to be a part of this event to help our community understand what they need to do to prevent privacy problems, handle personal and confidential information safely, securely and legally,” said Rafael Eskenazi, Director, FIPPO.

Key takeaways from the event:

If you work closely with personal information (students, staff or faculty), remember to only share it with individuals who need it for official University duties.
The University uses a multi-level scheme to classify data according to their sensitivity. These classifications help you identify what kind of security and sharing is possible with each type of data. Learn more about data classification.
Keep your computer and digital systems updated by following the University’s IT guidance and use only secure, approved University systems.
Enrol in multi-factor authentication services such as UTORMFA and familiarize yourself with the remote work guidelines and FIPPO remote work guidance while working remotely.
The University has a comprehensive tiered privacy breach protocol, which it will engage immediately in case of privacy breaches. If you become aware of or think that there might be a possible privacy issue, report it immediately to FIPPO, your manager or the Freedom of Information Law (FOIL) office.

Visit the  Security Matters website to learn more about protecting yourself online and your data.

Additional resources

For more information on how to protect your data, contact FIPPO.
For questions about information security, contact us at security@utoronto.ca.

Data privacy: A multi-faceted topic in higher education

February 23, 2022

To celebrate Data Privacy Day on Jan. 28, Information Technology Services (ITS) hosted a virtual panel event: Impact of evolving technology and privacy laws in higher education. The one-hour event opened a conversation about data privacy and protection and answered privacy questions from the University of Toronto (U of T) community.

Over 145 attendees including staff, faculty and students from the tri-campus community joined virtually to learn from legal, cybersecurity and privacy experts on how changes in technology and privacy laws impact higher education. The featured panelists were:

Ashley Langille, Information Privacy Analyst
Carlos Chalico, IT Risk and Privacy Consultant, EY & Instructor, School of Continuing Studies, U of T
Daniel Michaluk, Information Security and Privacy Lawyer & Partner, Borden Ladner Gervais LLP
Deyves Fonseca, Associate Director, Information Security Operations

The event was moderated by Rafael Eskenazi, Director, Freedom of Information and Protection of Privacy (FIPP) Office.

“The Data Privacy Day virtual panel event provided a great opportunity to engage with the U of T community, to answer their questions about privacy and to share University resources they can use to protect personal information,” said Kalyani Khati, Associate Director, Information Security Strategic Initiatives.

Highlights from the event

From left to right: Deyves Fonseca (bottom left), Daniel Michaluk (top left), Rafael Eskenazi (top right), Carlos Chalico, Ashley Langille (bottom right)

Daniel Michaluk began the session by speaking about the Freedom of Information and Protection of Privacy Act (FIPPA) and observed how there hasn’t been an adverse regulatory finding about a university’s privacy practices since FIPPA was introduced in Ontario. Michaluk explained that this can be attributed to the good work done by the universities of Ontario, so there is no historical basis for additional regulation in the sector.

“Right from the start in 2006, all the Ontario universities took FIPPA and privacy protection very seriously, and from some good work early on by the Council of Ontario Universities, there’s been a continuous dialogue in the sector about privacy,” he said.

Speaking about the University’s digital transformation, Deyves Fonseca expressed that the pandemic brought significant changes with the move of data to the cloud. He said that the move to using the cloud is going to continue and accelerate as part of U of T’s digital transformation as we prepare to go back to in-person work and learning.

Collaboration was the keyword during Carlos Chalico’s presentation. “We need to think about collaboration across organizations to minimize cyber security risks,” said Chalico. “Alliances are necessary within organizations to protect information as a business issue, not just a tech issue.”

Ashley Langille remarked that the inclusion of stricter General Data Protection Regulation (GDPR) focused language in privacy policies has created issues with informed consent, as the language in these policies often only apply to data of European Union (EU) citizens and is often misinterpreted to apply to all users. Ashley noted that inclusion of a GDPR protection in policy does not necessarily translate to FIPPA compliance.

The presentations were followed by a Q&A session which consisted of pre-submitted and live questions from the audience. Some key highlights from the Q&A session:

Use the information security remote work guideline to protect sensitive information.
Use U of T’s data classification schema to understand what type of data you are using.
To help protect your information, don’t use a work password for personal accounts and be conscious of what you post on social media.
When it comes to human errors that happen when people interact with phishing emails, taking a moment to check emails for any common red flags can help reduce security risks.
If anyone is dealing with health care information at U of T, the FIPP Office is always available for those who have privacy related questions.

Raffle winners

Two attendees were randomly selected to win a $50 U of T Bookstore gift card. Congratulations to the raffle winners:

Bismah Khalid, On Location Accessibility Advisor, University of Toronto Accessibility Services
Linda Ye, Senior Auditor – Information Systems, Internal Audit Department

Visit the Security Matters website to learn more about protecting yourself online and your data.

Join us to celebrate Data Privacy Day on Jan. 28!

January 11, 2022

Data Privacy Day, celebrated on Jan. 28 each year, is an international campaign that empowers individuals and institutions to respect privacy and safeguard information.

On Jan. 28, University of Toronto’s (U of T) Information Technology Services (ITS) division is hosting a virtual panel event: Impact of evolving technology and privacy laws in higher education.

In this one-hour virtual panel, you will hear from subject matter experts from legal, cyber security and privacy sectors and have the opportunity to ask questions in a live Q&A session.

Speakers:

Ashley Langille, Information Privacy Analyst, U of T
Carlos Chalico, IT Risk and Privacy Consultant, EY & Instructor, School of Continuing Studies, U of T
Daniel Michaluk, Information Security and Privacy Lawyer & Partner, Borden Ladner Gervais LLP
Deyves Fonseca, Associate Director, Information Security Operations, U of T

Moderator: Rafael Eskenazi, Director, Freedom of Information and Protection of Privacy Office, U of T

All U of T students, staff and faculty are welcome to attend.

Learn how to protect your data

As the line between our physical and virtual lives diminish, Data Privacy Day acts as a reminder to make safeguarding our personal information a priority. Let’s work together to build, practice and promote safe data privacy practices.

Visit the Security Matters website throughout the month of January to learn how to protect your information.

Join the conversation on social media:

Data Privacy Day hashtags:

#PrivacyAware
#DataPrivacyDay2022
#DPD2022
#InfoSec
#PrivacyAwareness

View more Data Privacy Day 2022 promotional resources.

Mark your calendar for Data Privacy Day 2022!

December 10, 2021

Data Privacy Day is celebrated worldwide every year on Jan. 28 to raise awareness about technology and privacy rights, including the importance of safeguarding our personal information.

The Information Technology Services (ITS) division is leading a Data Privacy Day 2022 campaign to raise awareness and educate the University of Toronto (U of T) tri-campus community on safe data privacy practices. The campaign will consist of resource sharing, educational blog posts and a virtual panel event featuring subject matter experts who will share their perspectives on how changes in technology and privacy laws impact higher education.

Stay tuned for more updates about Data Privacy Day 2022.