Tips for Avoiding Breaches of Privacy

  1. Ensure that records with sensitive information are not visible to visitors to your office or to anyone else who should not have access to them, whether the records are piled on your desk or apparent on your computer screen.
  2. Keep your sensitive hard copy documents in a filing cabinet that can be locked when you are absent.
  3. If you have sensitive records in your computer, make sure that you have adequate virus, spyware, and spam protection, and that you back up your records.
  4. Shut down your computer if you will be leaving it unattended for any significant period of time.
  5. Don't give out personal information about an individual unless you are sure that (a) the person to whom you are speaking really is who they say they are, and (b) that individual has a right to access the personal information they're seeking.
  6. Try to avoid taking records bearing personal information out of their secure campus locations, but if you have to, make sure that you keep them secure both in their transportation and in their destination:
    1. Ideally, if the records are digital, encrypt them (contact TSC for further information);
    2. If you can't encrypt, protect your computer and/or portable storage devices with strong passwords;
    3. Computers and portable storage devices, as well as hard copy documents bearing personal information, should be locked in the trunk of your car and NOT left on a car seat where they are visible - even if the cabin is locked.  A thief who is prepared to steal your property will have no scruples about breaking into your vehicle to do so - even if it's parked in a public, well-lighted, and widely visible area;
    4. No records of personal information, whether digital or hard copy, should be left in a vehicle overnight.
  7. Equipment Disposal:
    1. To dispose of equipment, for example, computers, with drives or other components bearing digitalized personal information, do NOT drop it in the garbage or leave it outside your door, but submit a Work Order to Physical Plant for removal.  Physical Plant personnel will then pick up the equipment and securely transfer it to an e-waste disposal firm who will securely and irretrievably destroy the components bearing the information.
  8. Emails:
    1. It is very easy to send email with sensitive information to the wrong address.  Recommendation:  Go into "Settings" in your Lakehead email account and enable "Undo Send" for a duration of at least 20 seconds;
    2. Be careful about what you put in your emails; in particular try to avoid including sensitive confidential information, such as grades, identification numbers, financial information, health information, or evaluative comments;
    3. If the email has any sensitive information, add the label "CONFIDENTIAL" to the top of the email;
    4. If you're sending out emails with sensitive information to multiple recipients, use the "Blind Copy" ("Bcc") function.
  9. Instructors:
      1. Taking Attendance:  If you send attendance sheets around a class for students to sign, make sure that student ID numbers have been redacted;
      2. During examinations invigilators should walk around the room to verify student photo ID cards on a student-by-student basis and personally note the attendance on a roster that the students cannot see;
      3. Group Work and/or Peer Evaluation:  At the beginning of the course, inform your students in your course syllabus about what personal information you will collect (e.g. names, telephone numbers, and/or email addresses) and how you will allow it to be used (e.g. to enable group members to communicate with each other and to develop work schedules).  You may then request the students to provide you with the identified personal information;
      4. Collecting Assignments:  If you cannot receive students' work in class, arrange for drop-off in your departmental office, GA office, or some place where assignments can be collected and held securely for your retrieval.  Alternatively, your Department could provide a fixed, secure, drop box or a mail slot in a central area;
      5. Assignment Marks:  Write grades and comments inside test books, papers and other material  where they cannot easily be seen by others.  If grades or comments are easily visible on the external pages of a test book paper or other materials, fold, staple, or tape them closed so the that grades or comments cannot be seen.  Alternatively, you might consider having each student submit a large, resealable envelope with their name on it along with each assignment or test to that their work can be confidentially returned to them in the envelope;
      6. Returning Graded Assignments:  Assignments and class test should be returned in each case only to the student who completed and submitted the assignment or test - unless the student consents in writing otherwise.  They should not be left unattended in public places, such as the front of a classroom or outside an office, where anyone can pick them up and look through them (see the Senate policy, Disclosure of Personal Information - Return of Graded Student Work);
      7. Posting Grades:  Ideally, students' grades should be posted only in the University's secure Marks Management system, where students can see only their own grades (see the Senate policy, Disclosure of Personal Information - Posting of Student Marks).