Working outside the university

These guidelines are intended to provide employees with good practices relating to the management of confidential and personal information, whether paper or electronic while working remotely.

FIPPA

The University is subject to the Freedom of Information and Protection of Privacy Act ("FIPPA") of Ontario. Consequently, all employees must comply with FIPPA whether working at university workplace or working remotely.

Information Management and Privacy Special Considerations

First consider whether it is a necessary part of your job that requires taking or accessing records containing personal information remotely. If you need to carry records with you when travelling or if you need to take them home or access them remotely to do work, you should speak to your immediate manager or supervisor in advance. The manager/supervisor should evaluate if the personal information is necessary to be removed from the office for the performance of the employee's duties and discuss with the employee the conditions under which these records will be removed or accessed remotely with a view to reducing risks of unauthorized access to the records. A “RECORD” means any record of information however recorded, whether in printed form, on film, by electronic means or otherwise that can be recovered, reproduced and accessed.

The manager/supervisor should have a description of the records that the employee intends to take with him/her and if at all possible, the employee should avoid taking the original version of paper records.

Employees should be cautious when using cell phones and avoid discussing personal information as they can be easily overheard or intercepted by those around them.

Employees can use Liquidfiles, a secure online service that allows you to send large or confidential files to any email address quickly and securely.

Other considerations when working remotely:

  1. Employees must not leave their University-provided laptop or mobile device unattended.
  2. Employees must avoid storing University information on a personal computer. If employees are using their personal computer, they must save all information to a shared workspace (P:Drive or Docushare) or personal workspace (H:Drive or One Drive) and dispose of all electronic copies, securely, on their personal computer, when they are done working.
  3. Employees must refrain from storing University information on unencrypted personal USB / flash drive devices.
  4. Employees must avoid printing work-related documents to consult remotely. If they must, employees must ensure that they remain under their control and not left unattended. They must ensure that they are securely destroyed when no longer needed.
  5. Employees must not dispose of paper information of confidential nature or containing personal information in their recycle bin at home or in a public area.
  6. Employees must avoid opening or viewing information in a venue were the information or the display panel of their portable device may be seen by unauthorized individuals.
  7. Employees must check their “downloads” folder to ensure that information automatically saved there is deleted such as from web browser and from download folder on personal computer hard drive.
  8. Employees must empty their personal computer recycle bin.

The list above is not meant to be a complete list but is meant to establish basic measures that an employee must take to protect the records.

End of day check list when working from personal computer or device

  • Make sure info is properly saved on a shared workspace (P:drive) or on a personal workspace such as One Drive;
  • Delete records from your download folder from your web browser and any other areas when information could have been saved;
  • Empty your computer’s recycle bin; and
  • Make sure you properly disconnect from the VPN when you are no longer working on your computer

Privacy Breaches

Employees must report Privacy Breaches to their immediate manger/supervisor and the Access to Information and Privacy Office. See Procedure 20-8 – Privacy Breach Response Protocol for more information.

Access to Information and Privacy Office
Tabaret Hall
550 Cumberland Street, Room M407
Ottawa, ON K1N 6N5
Tel.: 613-562-5800, extension 1851
aipo@uOttawa.ca

Back to top