Teams often collect personal information as part of their recruitment and financial operation. It is important that teams abide by the relevant privacy standards as groups hosted within a public Canadian institution.
The following information has been sourced from the University Counsel’s Privacy Fact Sheet (http://universitycounsel.ubc.ca/files/2014/01/Fact-Sheet-Disclosure-Outside-Canada.pdf):
Public bodies in British Columbia, including UBC, are subject to restrictions on the storage or access to personal information from outside Canada. These restrictions, which are contained in the Freedom of Information and Protection of Privacy Act (FIPPA), require all personal information in UBC’s custody or control to be stored only in Canada and accessed only in Canada, with a few narrowly defined exceptions.
Many computing services are offered through the Internet, and may be hosted in the United States or other foreign jurisdictions. Using these services to collect, store, transmit or access personal information is a violation of the restrictions against storage or access outside Canada.
Here are some examples of commonly used cloud services, with Canadian-based alternatives:
Student Teams that use non-Canadian services to host private information, including Student Emails and Student Numbers, are required to acquire student consent before doing so.
It is acceptable to store or access an individual’s personal information outside Canada if you have the consent of the individual. This consent must be in writing and must specify:
- who may store or access the personal information;
- if practicable, the jurisdiction in which the personal information may be stored or from which the personal information may be accessed; and
- the purpose of the storage of or access to the personal information.
Since it may not be practical to secure written consent from every student, it is acceptable for [teams] to secure the consent as follows:
- in the [team documents], or in a written communication to the students, describe the cloud-based service and the information that it will be storing or accessing, and explain that if the students choose not to provide their consent to this storage or access, they must see the [team lead] to make alternate arrangements; and
- make alternate arrangements for students who refuse to provide their consent, such as allowing them to sign in to the service using a false name and non-identifying email address.
Teams should note that the restriction on storing personal information on outside servers also applies to sponsors. “Personal information” is defined as “recorded information about an identifiable individual.” A name and work contact information is not considered personal information. However, student teams should still consider this information “sensitive,” because it is not always publicly posted and it is important to consider whether or not the individual would want their information made public (i.e. through a Freedom of Information request). Financial information, including sponsorship amounts, should also be considered sensitive.
UBC IT has rolled out Workspace 2.0. This platform is a cloud-based file sharing system (very similar in nature to Drop Box and Google Drive). Teams are expected to use this service, or a similar Canadian-based service, to store confidential and private information. For more information and how to sign up, visit: https://it.ubc.ca/services/web-servers-storage/workspace-20.
Additionally, teams are encouraged to use their official UBC FASmail as their team’s email accounts, rather than using gmail or hotmail. For more information and how to sign up, visit: https://it.ubc.ca/services/email-voice-internet/ubc-faculty-staff-email-fasmail.
For team related merchandise, visit http://www.brand.ubc.ca/ as a guide for your designs that involve any UBC branding.