Privacy, Confidentiality, Security and IT
Updated: 16 April 2018 11:30 AM
Your privacy and confidentiality are extremely important to us in IT Services. We work hard to put services in place that align with relevant privacy, security and accessibility legislation at the Provincial and Federal levels, and OCAD U's Academic and Non-Academic Policies. OCAD IT Services strives to protect the privacy of system users, and will respect the privacy of correspondence between individuals and will not engage in unwarranted inspection of user account emails, files or other communication.
In general, these policies and agreements govern our practices in IT Services:
Who has access to my data?
Are IT Staff bound by confidentiality agreements?
Yes, all IT Services staff sign and are bound by Confidentiality Agreements with their employment at OCAD U that includes language restricting the relaying of confidential data to anyone not directly related to the work being perfomed, except required by law. Staff not adhering to this policy are subject to discipline that may include dismissal or legal action.
Under what circumstances does someone in IT Services access my data?
OCAD IT Services strives to protect the privacy of system users, and will respect the privacy of correspondence between individuals and will not engage in unwarranted inspection of user account emails, files or other communication.
The University may examine, interrupt, or monitor email, files or other communication in the following circumstances:
How private and confidential is my email, file shares and other communications?
Users should be aware that email or other communications sent and received, or files shared with others cannot be considered wholly private nor confidential given the limitations of technology, relevant policy, and user error.
Files: on cloud service
Laptops and Desktops
Removable Media: USB keys and hard drives
Users often believe that their communication in email is private and confidential because no other end users have access to their account, and the nature of content is private and confidential, therefore it's private and confidential. It simply is not true.
"Email has to go through potentially untrustworthy intermediate computers (email servers, ISPs) before reaching its destination, and there is no way to tell if it was accessed by an unauthorized entity. This is different from a letter sealed in an envelope, where, by close inspection of the envelope, it might be possible to tell if someone opened it. In that sense, an email is much like a postcard whose contents are visible to everyone who handles it."