Protecting Personal Information and University Records When Working from Home

What is Personal Information?
What is a University Record?
General Guidance
Removing Physical Records from the Office
Paper Records
Meetings and Conversations
Cybersafe
What do in an event of a privacy breach

Employees may deal with University records and confidential information, including personal information of students, faculty, staff and alumni when working from home. Whenever records and personal information are used outside of the office, there is an increased risk that information may be lost or compromised. As a public body under New Brunswick’s Right to Information and Protection of Privacy Act (RTIPPA), UNB must safeguard personal information in its custody or under its control.

Below are some basic steps to protect University records and personal information while working from home.

What is Personal Information?

Personal information is the recorded information about an identifiable individual.  Found in just about any format, including paper, emails, or audio and visual recordings, personal information includes information about an individual such as name, address, phone number, age, sexual orientation, nationality, marital status, personal health information, political beliefs, education, employment or occupation, educational, employment or occupational history, and personal views or opinions. A full definition can be found in section 1 of RTIPPA.

What is a University Record?

University records are records in any medium or format, within UNB’s custody or under its control that are created or received and maintained as evidence or information in the administration and operation of the activities of the University. Records may contain internal, confidential or highly confidential information that does not necessarily include personal information. Examples include certain security response plans, drafts of strategic plans and annual reports, and contracts and other legal documents. Although some records may not contain personal information, it is equally important to handle all records appropriately.

General Guidance

  • Avoid viewing personal information collected and used for work where others can view it; take precautions when viewing personal information online and don’t leave personal information lying around where others may have access to it. Use a privacy/filter screen if necessary.

  • Log-off or shut down your computer when you are not using it. Set the automatic log-off to run after a short period of idleness, no more than 15 minutes, in case you forget to log-off or shut down the computer.

  • Do not share your electronic device (e.g. laptop, phone, computer) used for work with other individuals, including family members. This practice is risky as it’s difficult to monitor every website, file or folder accessed, which could put data at risk.

  • Do not save any work-related information or data, including personal information, on personal laptops and desktops. Always save information directly to a secure UNB administered location such as the network drive or your UNB OneDrive.

  • Avoid the use of personal email for any UNB work communication, but particularly to transfer records containing personal or confidential information for work purposes.

  • Use UNB Secure FileDrop for transmitting records containing personal and confidential information, rather than email.

Removing Physical Records from the Office

  • Take home the minimum amount of records and personal information and leave the rest behind at the office.

  • Check with your supervisor for approval before removing paper records containing personal information from the office.

  • When removing physical records from the office, best practice is to have a sign-out sheet that includes the name of the person who is taking the records home, a description of the records, dates the records were removed and the name of supervisor/manager that approved the removal. Return records to their original storage location as soon as possible upon returning them to the office.

  • While in transit, physical records should be securely packaged (e.g. in folders, envelope, bag, box) and kept under constant control. Do not leave the records unattended in a vehicle.

Paper Records

  • Store physical paper records in a cabinet or drawer when they are not being used. If possible, the cabinet or desk should only contain work-related records.

  • Ask your supervisor whether it’s okay to print off confidential information at home. If approval is granted, make sure to store the information securely in a cabinet or drawer or securely shred it once you’re done with it. Refrain from printing documents containing confidential information, if possible.

  • Shred any documents containing confidential information; do not place them in a recycling or trash bin. If you do not have a shredder, then keep them securely in a drawer or cabinet until they can be taken back to the office and placed in a secure shredding bin.

Meetings and Conversations

  • Be aware who is around you when having meetings and conversations that involve the discussion of personal or confidential information. Move to a location where you cannot be overheard.

Be cybersafe

Adopt good cybersecurity practices while working from home. Many of these practices are the same as when working in the office; however, there some additional cybersecurity considerations to take into account while working from home.

  • Be careful around smart speakers. Don’t conduct calls or videoconferences near a smart speaker or turn them off during such activities.

  • Keep electronic devices used for work under your control while in transit; do not leave electronic work-devices unattended in a vehicle.

  • Password-protect devices and encrypt data to prevent someone from accessing or stealing information if the device is lost or stolen.

  • If using a non-UNB owned device, ensure anti-virus software is installed and up-to-date.

  • Use UNB’s Virtual Private Network (or VPN) while accessing UNB IT services such as Colleague and the network drive.

  • Take UNB’s online Cybersecurity Training to learn more on how to be cybersafe and cyberaware.

What to do in the event of a privacy breach

If personal information is lost, stolen, disclosed in error, or accessed without authorization, immediately:

  1. Inform your direct supervisor and unit head.

  2. Contain the breach to prevent a release of further information. Containment measures vary depending on the nature of the breach but may include, for example, retrieving breached documents, changing passwords, or removing access to systems.

  3. Contact the UNB Records Management & Privacy Office at rtippa@unb.ca and they will guide you in an appropriate breach response and investigation.

  4. If your UNB device is stolen, immediately contact UNB Security at 648-5675 (Saint John) or 453-4830 (Fredericton).

  5. If your UNB-owned device is lost or stolen, contact ITS immediately to advise them:

Ext. 2222 (on campus)

506-457-2222 (Fredericton)

506-657-2222 (Saint John)

itservicedesk@unb.ca

More Information

Contact rtippa@unb.ca for more information on protecting information and records while working from home.