Information Security and FIPPO informs U of T community how to protect student information

On Jan. 25, over 370 University of Toronto staff and faculty from across the tri-campus community gathered online for a virtual panel event to learn how to protect students’ information and reduce the risk of data compromise or loss. The event was hosted by Information Security and Freedom of Information and Protection of Privacy Office (FIPPO) as part of the Data Privacy Day campaign.

Isaac Straley, Chief Information Security Officer and Rafael Eskenazi, Director, FIPPO provided practical tips for protecting information and resources available at the University to support faculty and staff in meeting their responsibilities.

“Data Privacy Day acts as a reminder to educate ourselves more about who has access to our personal information and how it is being used. U of T has many resources available to inform and educate our community about protecting information and security. We hope this event provides an excellent opportunity to take stock of and evaluate both personal and institutional security and privacy,” said Isaac Straley, CISO.

The event began with a joint presentation by Isaac and Rafael and was followed by a lively Q and A session where attendees were provided with information and resources related to data classification, remote working, importance of reporting privacy breaches and more.

“Protecting any data or identifiable information is crucial for safety and for security reasons. I’m glad to be a part of this event to help our community understand what they need to do to prevent privacy problems, handle personal and confidential information safely, securely and legally,” said Rafael Eskenazi, Director, FIPPO.

Key takeaways from the event:

  1. If you work closely with personal information (students, staff or faculty), remember to only share it with individuals who need it for official University duties.
  2. The University uses a multi-level scheme to classify data according to their sensitivity. These classifications help you identify what kind of security and sharing is possible with each type of data. Learn more about data classification.
  3. Keep your computer and digital systems updated by following the University’s IT guidance and use only secure, approved University systems.
  4. Enrol in multi-factor authentication services such as UTORMFA and familiarize yourself with the remote work guidelines and FIPPO remote work guidance while working remotely.
  5. The University has a comprehensive tiered privacy breach protocol, which it will engage immediately in case of privacy breaches. If you become aware of or think that there might be a possible privacy issue, report it immediately to FIPPO, your manager or the Freedom of Information Law (FOIL) office.

Visit the  Security Matters website to learn more about protecting yourself online and your data.

Additional resources

  • For more information on how to protect your data, contact FIPPO.
  • For questions about information security, contact us at