Privacy and Security Information for TAs

In BC, protection of privacy is governed by the Freedom of Information and Protection of Privacy Act (FIPPA).

You have a responsibility and obligation to protect students' personal information at all times.

“Personal information” is defined as “recorded information about an identifiable individual”, e.g. biographical, financial, educational and employment information.  For students this includes names, student number, email addresses, etc.

 In a nutshell, this means, but is not limited to the following.

1. All email concerning course work or sent to students must be from an @ubc address (ie. @phas.ubc.ca, @ubc.ca). 

2. Personal information cannot be transmitted or stored using services hosted outside of Canada (e.g. gmail, hotmail, yahoo, dropbox).  For file sharing, UBC provides a secure dropbox-like service, UBC Workspace 2.0.

3. Never send any personal student data via email unless it is encrypted. For example, do not send an unencrypted spreadsheet of student names, student numbers, and grades via email.

4. Your laptop computer must be encrypted. See below for details.

1. Security Training

Successfully completing the UBC Privacy & Information Security online training (https://privacymatters.ubc.ca/fundamentals-training) is mandatory and should be completed as soon as possible. We do track who has successfully completed the training and do not appreciate having to harass people to get it done.

2. Laptop Encryption

As a TA in the Physics and Astronomy Department (and in the FoS in general), your laptop, whether personal or UBC-provided (eg purchased from a supervisor's research grant) must be encrypted.  This has been mandated by the Dean of Science.  End of discussion.

Device encryption helps protect your data by encrypting ("scrambling") it. Only someone with the right encryption key (like a password) can decrypt ("unscramble") it.

Windows and Mac laptops must use Full Disk Encryption (FDE) - not just encrypting a select group of files.

2.1 General Procedure for Laptop Encryption

1. Make at least two backups before turning on FDE (just to be safe).
2. Encrypt your laptop.
3. Make a new encrytped backup.
4. Delete the old un-encrypted backups or secure them.
5. Be sure sure to do regular backups of your laptop since encrypted drives are much harder to recover data from if the drive becomes corrupted.

For more specific information on encrypting laptops with Windows, OS-X, or Linux, please see the PHAS encryption webpage.

The PHAS-IT staff are available to help you with all aspects of encryption of your laptop including making pre and post encryption backups.

The Dean of Science requires us to report the encryption status of all laptops in the department.  After your laptop is encrypted, please create or edit an entry in our encrypted devices database (login required).

3. Anti-Virus

Sophos Anti-Virus is available for all UBC students, faculty and staff.

4. Email

In order to comply with FIPPA, you need to make sure your email address in Connect is set properly.  If you change your email address in the Student Service Center (SSC), that will get reflected in Connect.

1.1 How to update your email address in Connect

1. Go to http://my.ubc.ca/.
2. Click on Student Service Center.
3. Login with your CWL.
4. Under the Personal Info tab select Contact Summary.
5. Update your email address and click the save button.

1.2 How to get a UBC Alumni email address (@alumni.ubc.ca)

This is a forwarding service.  For more information on it please see this URL.

In order to set up your @alumni.ubc.ca address:
1. Go to https://id.ubc.ca/.
2. Login with your CWL and follow the instructions given.

We suggest that you start using @alumni.ubc.ca for all your publications. 
The forwarding service will stay indefinitely whereas after you have completed your studies in Physics and Astronomy, your PHAS account will get closed.
 

5. Other General Security Pointers

1. Never use the same password in more than one place.
2. Never use passwords less than 12 characters in length (and with at least 3 character types)
3. USE A PASSWORD MANAGER- just pick one and use it!
   • Bitwarden - open source product that is easy to use.
   • LastPass - commercial product that is easy to use.
   • KeePass -  a free open source password manager that is a little less convenient to use.
   • numerous others...
   • SANS document (pdf) - very short document on the how's and why's of password managers.
4. Beware of phishing emails.  Any email message that is asking you for your personal or financial information could be fraudulent.
   See the UBC-IT Phishing webpage for details on the most recent phishing emails and information on dealing with them.
5. Use two-factor authentication (eg Google Authenticator) whenever possible (gmail, facebook, etc.)

4. Checklist of What You Should Have in Place

•     Data backups (yes, that’s more than one)
•     Strong passwords (never reused)
•     Avoiding online piracy (not an impossible feat)
•     Strong cyber security awareness (phishers be phishin’)
•     Never sharing your credentials
•     Installing software updates as soon as they’re available (or automating them)
•     Using robust security software to protect your data from ransomware and other threats.

If you’re interested in exploring more on the subject, read the College Cybersecurity Survival Guide from MalwareBytes.