align="center">Privacy and Security
Information for TAs



In BC, protection of
privacy is governed by the href="http://www.bclaws.ca/EPLibraries/bclaws_new/document/ID/freeside/96165_00">Freedom
of Information and Protection of
Privacy Act
(FIPPA).

You have a
responsibility and obligation to protect students' personal
information at all times.

“Personal
information” is defined as “recorded information about an
identifiable individual”, e.g. biographical, financial,
educational
and employment information.  For students this includes
names,
student number, email addresses, etc.

 In a
nutshell, this means, but is not
limited to the following.

  1. All email
    concerning course work or sent to students must be from an
    @ubc address (ie. @phas.ubc.ca, @ubc.ca). 

  2. Personal
    information cannot be transmitted or stored using services
    hosted outside of Canada (e.g. gmail, hotmail, yahoo,
    dropbox).  For file sharing, UBC provides a secure
    dropbox-like service, href="https://files.workspace.ubc.ca/MyDevice/Login">UBC
    Workspace 2.0.

  3. Never send any
    personal student data via email unless it is encrypted. For
    example, do not send an unencrypted spreadsheet of student
    names, student numbers, and grades via email.

  4. Your laptop computer must be encrypted. See below for
    details.

1. Email

In order to comply with FIPPA, you need to make sure your email
address in href="http://elearning.ubc.ca/connect/?login">Connect is set
properly.  If you change your email address in the Student
Service Center (SSC), that will get reflected in Connect. color="#000000">

1.1 How to update your email address in
Connect

1. Go to http://my.ubc.ca/.

2. Click on Student Service Center.

3. Login with your CWL.

4. Under the Personal Info tab select Contact Summary.

5. Update your email address and click the save button.

1.2 How to get a UBC Alumni email address (@alumni.ubc.ca)

This is a forwarding service.  For more information on it
please see href="https://it.ubc.ca/services/email-messaging/student-alumni-email-service/student-and-alumni-email-faq">this URL.



In order to set up your @alumni.ubc.ca address:

1. Go to href="https://id.ubc.ca/">https://id.ubc.ca/ class="moz-txt-link-freetext">.

2. Login with your CWL and follow the instructions given.



We suggest that you start using @alumni.ubc.ca for all your
publications.
 

The forwarding service will stay indefinitely whereas after you have
completed your studies in Physics and Astronomy, your PHAS account
will get closed.

2. Laptop Encryption

As a TA in the
Physics and Astronomy Department (and in the FoS in general), your
laptop,
whether personal or UBC-provided (eg purchased from a supervisor's
research grant) must be encrypted.  This has been
mandated by the Dean of Science.  End of discussion.

Device encryption
helps protect your data by encrypting ("scrambling") it. Only
someone with the right encryption key (like a password) can
decrypt ("unscramble") it.

Windows and Mac
laptops must use Full Disk Encryption (FDE) - not just encrypting
a select group of files.

2.1 General
Procedure for Laptop Encryption

  1. Make at least two backups before turning on FDE (just to be
    safe).
  2. Encrypt your laptop.
  3. Make a new encrytped backup.
  4. Delete the old un-encrypted backups or secure them.
  5. Be sure sure to do regular backups of your laptop since
    encrypted drives are much harder to recover data from if the
    drive becomes corrupted.

For more specific information on encrypting laptops with Windows,
OS-X, or Linux, please see the href="http://www.phas.ubc.ca/encryption">PHAS encryption webpage.



The href="http://www.phas.ubc.ca/contact-sysadmins">PHAS-IT staff
are available to help you with all aspects of encryption of your
laptop including making pre and post encryption backups.


align="center">
The Dean of Science
requires us to report the encryption status of all laptops
in the department.  After your laptop is encrypted,
please create or edit an entry in our href="https://secure.phas.ubc.ca/devcrypt/index.php">encrypted
devices database (login required).


3. Other General Security Pointers

  1. Never use the same password in more than one place.
  2. Never use passwords less than 12 characters in length (and
    with at least 3 character types)
  3. USE A PASSWORD MANAGER- just pick one and use it!

    • LastPass
      - commercial product that is very easy to use.
    • KeePass
      -  a free open source password manager that is a
      little less convenient to use.
    • numerous others...
  4. Beware of phishing emails.  Any email message that is
    asking you for your personal or financial information could be
    fraudulent.

    See the href="https://it.ubc.ca/services/security/ubc-information-security-office/phishing">UBC-IT
    Phishing webpage for details on the most recent phishing
    emails and information on dealing with them.

4. Checklist of What You Should Have in
Place


  •     Data backups (yes, that’s more than one)
  •     Strong passwords (never reused)
  •     Avoiding online piracy (not an impossible
    feat)
  •     Strong cyber security awareness (phishers
    be phishin’)
  •     Never sharing your credentials
  •     Installing software updates as soon as
    they’re available (or automating them)
  •     Using robust security software to protect
    your data from ransomware and other threats.

If you’re interested in exploring more on the subject, read the target="_blank"
href="https://blog.malwarebytes.com/101/2016/08/college-cybersecurity-surviva…">College
Cybersecurity Survival Guide from MalwareBytes.