Data Encryption Project

Overview

Many laptops and desktop computers used at UBC contain Personal Information (PI) and Protected Health Information (PHI) that is at risk of being compromised as a result of unauthorized access, theft or loss.

British Columbia's Freedom of Information and Protection of Privacy Act (FIPPA) dictates how public bodies, including UBC, must protect PI and PHI. Recent rulings from the BC Information and Privacy Commissioner's Office, which oversees FIPPA's application and compliance, have made it mandatory for PI and PHI to be encrypted on mobile devices. UBC must take the necessary steps to protect its data and be compliant with the rulings.

Following industry standard security practices, the University will be launching a UBC-wide Data Encryption Program to protect PI and PHI assets.

Process

  • UBC IT will be contacting each department to implement the Data Encryption Program
  • Encryption tools and training for the program will be provided by IT; for those supported by UBC IT, the work will be completed by us. For those that are not supported by UBC IT, the work will be performed at the department’s request by departmental IT staff—UBC IT can provide resources if required

Goals

  • To install encryption software on Workstations and Mobile Devices that store or access PI or PHI
  • Evaluate whether a change is storage location will reduce the risk of data loss, and if personal laptop/equipment need to store PI or PHI data

Details


Documents


Support