UBC IT has blocked the Microsoft Outlook Application (previously known as Acompli) from accessing FASmail accounts. Currently, the app is not compliant with the Freedom of Information and Protection of Privacy Act (FIPPA) and UBC information security policies and standards.
The main privacy concerns that were identified include:
- The app stores a copy of the user's credentials on servers outside of Canada
- Message content is stored on servers located outside of Canada (FIPPA violation)
- After an account is deleted, Microsoft's servers continue to attempt to retrieve email
- The app does not enforce ActiveSync security policies (e.g. device passcode requirements, ability to wipe remotely, etc.)
In addition, the Outlook application is in violation of UBC Information Security Standards. The use of this app by employees handling Personal Information (PI) violates standards #2, #3, #5, and #7:
- Password and passphrase protection
- Transmission and sharing of UBC electronic information
- Encryption requirements
- Securing computing and mobile storage devices/media
In addition, this app violates University Counsel’s requirements for “Privacy of Email Systems” available here: http://universitycounsel.ubc.ca/files/2012/11/Fact-Sheet-Privacy-of-Email-Systems.pdf
If you try to access your FASmail account through the Microsoft Outlook App you will not be able to sign in and you will receive an email notice that the connection from Microsoft Outlook for iOS or Android has been blocked due to security policies. We will keep this page updated with any new information we learn. We are currently reviewing other email applications to determine any other privacy or security concerns.
If you have already downloaded the app, we recommend that you immediately change your CWL password and delete the Outlook app. At this time, using the native email application on your mobile device is a safer option.
If you have any questions, please contact the IT Service Centre Help Desk at 604-822-2008 or fill in a Contact Form.
