MFA on VPN

Multi-factor Authentication Required for myVPN Starting July 22, 2024 - Learn More

How Does the PIA Process Work?

May 16, 2024

UBC's PIA process is a highly collaborative and iterative risk-based approach, with the level of review varying according to the project's complexity. Here is a simplified breakdown: 

  1. Initiation:  The process begins with the submission of a PIA request via the UBC Self-Service Portal, where the requestor is assigned an incident ticket number. This step integrates tracking and administrative oversight from the onset. 
  1. Self-Assessment: Following the initiation, the requester completes a detailed Self-Assessment to identify potential privacy and security risks. This foundational assessment is crucial for outlining the scope and risks of the project. 
  1. Risk Advisor Engagement: Depending on the risk profile of the project, either an automated response is generated, and the ticket is closed, or a Risk Advisor from PrISM SRS consults with the requestor, to refine the understanding of risks and tailor the risk management strategies to the project’s specific needs.  
  1. Final Approval and Risk-Based Decision Making:  The Risk Advisor documents the risks, proposed mitigations and complies the report. This report ensures the project complies with FIPPA and UBC's security standards.  
  1. Ongoing Compliance: The Administrative Head of Unit (AHoU) holds the accountability for maintaining privacy compliance throughout the project's lifecycle. Any changes to how personal information are used, stored, or accessed, as well as any significant changes to the project itself, require the AHoU to engage with the PIA team for a potential update to the PIA. 

Benefits of the PIA Process 

The PIA process benefits everyone at UBC. It ensures: 

  • Comprehensive Compliance:Aligns with privacy laws and UBC's Information Security Policy to safeguard personal information effectively. 
  • Improved Project Planning:Addresses privacy and security concerns early, preventing costly delays and redesigns. 
  • Transparency & Accountability: Enhances clarity and responsibility in protecting data, reinforcing UBC’s commitment to data protection. 

This structured approach ensures that UBC upholds the highest standards of privacy and security, supporting the successful delivery of its programs and services. 

  • Article

Privacy Matters @ UBC

Safety & Risk Services | 2389 Health Sciences Mall
University Counsel | 6328 Memorial Road,
UBC Cybersecurity | 6356 Agricultural Road
E-mail privacymatters@ubc.ca

UBC Crest The official logo of the University of British Columbia. Urgent Message An exclamation mark in a speech bubble. Caret An arrowhead indicating direction. Arrow An arrow indicating direction. Arrow in Circle An arrow indicating direction. Arrow in Circle An arrow indicating direction. Chats Two speech clouds. Facebook The logo for the Facebook social media service. Information The letter 'i' in a circle. Instagram The logo for the Instagram social media service. Linkedin The logo for the LinkedIn social media service. Location Pin A map location pin. Mail An envelope. Menu Three horizontal lines indicating a menu. Minus A minus sign. Telephone An antique telephone. Plus A plus symbol indicating more or the ability to add. Search A magnifying glass. Twitter The logo for the Twitter social media service. Youtube The logo for the YouTube video sharing service. Bell Warning