CIRA privacy information help

What is CIRA and why we need it?

The institution is offering the CIRA cyber security awareness training platform to provide U of T staff, faculty members and librarians with baseline training to help improve their knowledge about essential information security topics and threats.

What data is collected and for what purpose?

The CIRA cyber security awareness training platform is available to all staff members (appointed and non-appointed), faculty members, and librarians for participating units willing to be part in this effort and at their discretion (i.e. units may decide to onboard only a part of their staff and/or faculty). The following publicly available data is collected during the account creation process:

  • First name
  • Last name
  • Email address
  • Division (Department)
  • Title

This data is collected to provide a unique account for everyone using the platform and cater to their security training needs.

Please refer to Orion’s privacy statement for more details on the platform’s data usage and collection practices.

Where is the data stored?

The platform is cloud-based in the Microsoft Azure Cloud. All data is hosted in Microsoft’s redundant Canadian data centres in a secure environment.

How long is the data retained for?

The data will be retained for as long as the user is an account holder or till the end of the service offering by U of T, whichever is longer.

How is access to data managed?

The data relating to individual’s training courses, progress, and other reporting metrics will be accessed and shared with the following groups of users based on a need-to-know basis:

  • U of T divisional Information Security leads or equivalent
  • Beauceron staff
  • CIRA staff
  • Microsoft Azure staff

Please reach out to for any questions or concerns.