IT Security Essentials: Privacy
Updated: 04 February 2021 03:37 PM
Your privacy and confidentiality are extremely important to us in IT Services. We work hard to put services in place that align with relevant privacy, security and accessibility legislation at the Provincial and Federal levels, and OCAD U's Academic and Non-Academic Policies.
IT Services assumes all data on the network is confidential and will only examine, interrupt, or monitor the contents of email or collaboration services in accordance with the IT Acceptable Use Policy.
Users should be aware that any digital communications or other media sent, stored, received, or shared with others cannot be considered wholly private nor confidential given the limitations of technology, relevant policy, and user error.
How do we manage privacy?
Privacy and security go hand in hand. IT Services employs various security technologies and protocols to keep your data safe.
OCAD U Managed Computers
To keep your data safe on OCAD U managed computers, we use a management tool called Microsoft Intune.
Intune collects information about the computer and enforces security policies to keep your data secure. Intune is required to access OCAD U data. All OCAD U managed computers need to be enrolled.
Intune includes Microsoft Defender for Endpoint to protect against malware and viruses.
Non-OCAD U Managed Computers
Using a personal computer to access OCAD U data is not recommended.
Third-party Service and Cloud Service Providers and Cloud Services
Third-party Service and Cloud Service Providers have passed reviews of their License Agreements, Privacy, Security and Accessibility prior to purchase.
Who can access my data?
Work performed by system administrators or third-party service providers may at times require access to individual user files or data, however those parties will strive to maintain the user’s privacy and handle the information in an appropriate manner.
IT Services staff sign and are bound by Confidentiality Agreements with their employment at OCAD U that includes language restricting the relaying of confidential data to anyone not directly related to the work being performed, except required by law. Staff not adhering to this policy are subject to discipline that may include dismissal or legal action.
Third-Party Service and Cloud Service Providers adhere to the negotiated Privacy agreements and Privacy Impact Assessments.
In general, these policies and agreements govern our practices in IT Services:
External links to resources about internet privacy.
Canadian Centre for Cyber Security – Canada’s authority on cyber security.
Protecting your privacy online – Office of the privacy commissioner of Canada