Jump to Main Content
Decrease font size Reset font size Increase font size
Ontario Institute for Studies in Education, University of Toronto Home| OISE| U of T| Quercus| Site Map | Contact Us | Accessibility | Feeling Distressed?
INSPIRING EDUCATION | oise.utoronto.ca
Education Commons at OISE

Computer & Data Security


The Education Commons has compiled the following guidelines for members of the OISE community to follow to ensure personal IT system and data security. For more information, please contact the Education Commons.

  • Make your passwords complex. Use a combination of numbers, symbols, and letters (uppercase and lowercase).
  • Do NOT give any of your user names, passwords, or other computer/website access codes to anyone, including your IT staff, even if they ask for it. Protect your usernames/UTORids and passwords.
  • Do NOT respond to e-mail requests for your or anyone else's sensitive/personal information.
  • Do NOT open e-mails or attachments from strangers.
  • Do NOT install or connect any non-work related software/hardware to your workplace computer/network.
  • Keep anti-virus software up to date and install vendor software updates to correct known security issues.
  • Critical institutional data should be stored on HomeSpace, which is backed up extensively and is protected against unauthorized access.
  • Use HomeSpace to make back-ups of important personal work files in your “My Documents” folder.

Report suspicious incidents to the Education Commons. This includes:

  • Suspicious or unusual problems with your computer.
  • Attempts to gain information in person, by phone, mail, e-mail, etc., regarding the configuration and/or security of your website, network access, web applications, software, or hardware.
  • E-mails that include unsolicited attachments and/or requests for sensitive personal or organizational information.

Guidelines for Departmental Adminstrators:

  • Manage digital files, administrative records and archives according to University of Toronto Records Management practices and your established departmental plan.
  • Ensure that your department follows central UofT guidelines regarding encryption of any physically insecure devices that contain sensitive information. See: http://www.its.utoronto.ca/security.htm for pending updates and recommended products. This would include portable devices such as laptops or USB keys that contain confidential personal or confidential restricted information.

Reference: http://www.us-cert.gov/reading_room/distributable.html and I+TS Security Information at the University of Toronto

FIPPA: Access and Privacy Practices: General and Administrative

The following are guidelines regarding data security have been excerpted from the documentation on Access and Privacy Practices: General and Administrative related to the application of the Freedom of Information and Protection of Privacy Act (FIPPA) to the University of Toronto:

  • “Protect electronic and hard copy records that contain personal and other confidential information. Only remove such records from a secure institutional environment if you can keep them secure and have official authorization, demonstrable operational need and no other reasonable means to accomplish the task.”

    Note: Do not transport sensitive data in digital formats unnecessarily. Keep important files on OISE HomeSpace and log in remotely to access files. Delete redundant copies of files containing sensitive data from your hard drive. Do not send confidential information via email.
  •  “Prevent unauthorized access to confidential or personal information by keeping it securely locked including using passwords for computers when you are away from your work area.”

    Note: This includes handheld mobile devices.
  • “Dispose of media that contain personally identifiable or confidential information with destruction methods that render all information irretrievable. For example, crosscut shred paper records, cut CDs and DVDs into small pieces...”

    Note: In addition, the Education Commons has a hard drive crusher used to destroy data records on decommissioned workstations.
  • “Prevent loss, theft or exposure – e.g. do not leave personal information in a vehicle.”

    Note: This includes laptops and mobile devices.

For more information on IT systems and data security at UofT see:

University of Toronto – Information Security
University of Toronto - FIPPA
University of Toronto - Access and Privacy Practices: General and Administrative