Data Security

Portable devices such as laptops, PDA’s , smartphones, external hard drives and USB flash drives are particularly vulnerable to loss and theft, with potentially significant privacy consequences in cases where they contain confidential information.  To mitigate against such risks these devices must protect this data via encryption or other security safeguards where encryption is not possible.  All Faculty provided smartphones must be password protected and encrypted, if available.  External hard drives and unencrypted USB flash drives are not to be used to store confidential information.

 
At the Daniels Faculty certain security measures are already in place:

All Faculty provided PC laptops are encrypted using Window’s bitlocker technology.  To guard against potential data loss it is strongly recommended that data stored on the local hard drive should be backed up.  There is a an increased risk that hardware failure of an encrypted drive can result in data loss.  The bitlocker technology can be extended to an external USB hard drive which can be used for backup.  


All Faculty provided MacBooks have fileVault to encrypt user directories.  Sensitive data should not be stored outside of your user directory.  MacBooks provide a feature to synchronise your user directory to your “home” directory on the Daniels Faculty file server.  This should be turned on to ensure a backup of this data. 

All Faculty laptops should have a password protected screensaver at a short interval (5 minutes) to prevent modification of any of these settings in the event of theft of a logged on computer.

 
All iPads and iPhones should be password protected and encrypted if the device supports this technology.  iPhones should have Auto-lock set to 1 minute, Passcode Lock ON, (with minimum 4 digit passcode) and set to “Erase all data on iPhone after 8 failed attempts.”  Email accounts connecting to Daniels email server should be using SSL.  We do strongly recommend that all Faculty and Staff that are personal BlackBerry users implement both password protection and encryption on their devices.


External hard drives and USB flash drives should not be used to store personally identifiable data.  If you choose to use these devices for other data it is recommended you purchase devices that have utilities to enable data encryption to protect your data.
For more information on data security on portable drives and USB sticks, please check University of Toronto Encryption pages at: http://encrypt.utoronto.ca 

John H. Daniels Faculty of Architecture, Landscape, and Design | University of Toronto
230 College Street | Toronto ON M5T 1R2 | CANADA