Administrative Procedure 141

PORTABLE TECHNOLOGY SECURITY

Background

All staff are responsible for managing and safekeeping of personal and confidential information collected by the School by ensuring that there is adequate security to prevent unauthorized access, collection, use, disclosure or disposal of such information.
Sensitive and confidential information stored on portable technology such as laptops, personal organizers, cell phones or memory sticks must be kept to an even higher standard due to the greater risk of equipment theft or other loss.

Procedures
1. All password protection mechanisms available on portable technology must be activated and utilized consistently and to the greatest extent possible. Industry standards/methods are to be deployed in the selection of appropriate passwords that are not easy to guess such as names, birthdates, addresses.
2. Established usernames and passwords must be given in strict confidence to the Principal or Superintendent for safekeeping and may not be shared with any other individual. These access codes can be in separate, sealed envelopes for placement in the School’s secure deposit.
3. All files containing sensitive or confidential information that are stored on portable technology must be encrypted.
4. Any personal, sensitive, or critical operational information that is no longer required on portable technology is to be transferred immediately to more secure electronic storage.
5. All security measures adopted for other technology use within the School apply to portable technology.

References: Section 25, 26, 33, 52, 53, 68, 196, 197, 222, 225 Education Act Freedom of Information and Protection of Privacy Act (FOIP)

Personal Information Protection Act Canadian Charter of Rights and Freedoms

Canada Criminal Code Copyright Act