If working off-site, follow security requirements for confidential information.
All information that is not officially designated as public is confidential, including information about identifiable individuals, student records, grades, HR records, non-public financial information, etc.
Do not take confidential information offsite (e.g. home for work) unless you have:
- Official Authorization; official University, Division or department policy or practice that permits the record to be taken out. If there is any doubt, consult with your direct report.
- Demonstrable operational need/No other reasonable means; the record must be taken offsite to fulfil your duties. There is no reasonable alternative to taking the record offsite.
For hard copy records, minimize risk as follows:
- Take as few records as you can for expected work. If possible, take copies, not originals.
- In transit; Carry records in a locked satchel or case. Do not leave records unattended, e.g. at restaurants, washrooms, public transit, etc. Don’t read where others could see records.
- At home; Protect records from unauthorized individuals, including family or friends. Lock records away when not in use, e.g. locked cabinet in your locked home.
For electronic records:
- Access records remotely only on authorized, secure networks with encrypted communication.
- Use a strong password to protect your electronic devices and laptop.
- Be sure your computer has up-to-date security, including firewall, anti-virus and anti-spam.
- Electronic records taken out of a secure University IT environment should be encrypted at all times, e.g. use an encrypted USB memory stick or encrypted hard drive on your laptop.