Building trust through data protection: How to safeguard information at U of T

Published: October 10, 2024

A woman working on a data driven application.

Departments at the University of Toronto collect and utilize data through different administrative processes to drive operations and inform decision-making. With the collection of data, a relationship is established between those whose data is collected and those who collect that data. Our primary goal should be to build these relationships on a foundation of trust. To achieve this, we must ensure that the data in our care is not only secure but also managed with integrity and ethical considerations. It’s about doing what is right, not just what is possible.

At U of T, we all are stewards of the data we encounter through our work; hence secure data management is a shared responsibility.

Here are some actions you can take to protect data that you collect and handle within your department:

  • Know your data: You can’t protect what you don’t know you have. Identify the data you possess, their classification levels and where they are stored. Regularly review this information to stay updated on any changes. Need help with data classification? Learn more about applying the correct classification levels to your data by visiting U of T’s Data Classification Guidance page.
  • Maintain your data asset inventory: Actively track your data and related information in a data inventory. Start with inventorying data that would be considered level 4 or level 3 per U of T’s data classification standard. For more details, check out U of T’s Data Asset Inventory Guidance page.
  • Collect only what is necessary: Minimize security costs and administrative overhead by only collecting the data you need. Remember, the more data you collect, the more risk you take on.
  • Don’t need it? Get rid of it: Dispose of data that are past their retention period. The longer you retain data, the longer you expose them to potential data breaches.
  • Say no to shadow copies: Avoid maintaining unnecessary copies of data. The more copies of data you have, the harder it will be to keep track of them and secure them.
  • Secure your systems: By following data minimization steps above, you should have fewer systems managing your data. Ensure these systems are secure, with assistance from the Information Security team.

You may have noticed that many of the tips shared here aren’t about technology. They’re about business practices and shifting our perspective on data.

Data is a powerful asset that can unlock innovation and provide a competitive edge. But with great power comes great responsibility. It is, therefore, important to evolve how we operate so that data protection and privacy are integral to our daily practices.

Have questions about how you can protect data at the University? Connect with the Information Security Risk team.

Related articles

One researcher working with a microscope while the other person documenting on a laptop.

Top security tips for researchers

November 11, 2024
Researchers working together to build a prototype product

Cyber threats to research

November 11, 2024
Researchers studying their data on a computer monitor

Assessing your research project’s cyber risks

November 11, 2024