- Get help
- Services
- Announcements & alerts
- Service outages
- Security alerts
- Major initiatives
- Using automation to drive efficiency and innovation at SFU
- Welcome to the new SFU Mail: now faster, secure, intuitive
- Reintroducing IT ServiceHub: Your One-Stop IT Support Platform
- Supporting SFU's Digital Transformation with Exchange Online
- Important changes to SFU email practices
- Transforming the SFU experience through digital improvements - Key Initiatives in Progress
- Jovanna Sauro wins SFU Personal Achievement Award
- Improve your cellular coverage by enabling WiFi Calling
- New committee guides transformative changes at SFU
- Expanded identity options for students within SFU applications
- SFU works toward keeping devices out of landfills
- A journey to improved WiFi
- Help us, help you, connect to better WiFi
- IT Services' new support system: ServiceHub
- Information Security Essential Courses
- IT Services leadership announcement
- University Wide Password Change Initiative
- April 2021 technical issue
- Telephone System Core Infrastructure Upgrade
- Decommissioning fraser.sfu.ca
- About
- Information security
Data security standard
The purpose of the Data Security Standard is to provide guidelines that help the University Community know which Information Systems are appropriate for the handling and storage of different types of data, as classified in the Data Governance Policy.
TYPES OF DATA
Simon Fraser University data classifications help members of the university community to identify, understand, manage, and use university data appropriately.
The data classes and guidelines are meant to be used as recommendations in conjunction with any applicable compliance requirements, such as the Copyright Act, Freedom of Information and Protection of Privacy Act (FIPPA), and Payment Card Industry Data Security Standard (PCI DSS).
Information systems outside of Canada are not suitable for Personal Information because FIPPA prohibits storing or accessing Personal Information outside Canada.
All members of the University Community are required to comply with all ethical, regulatory, statutory, third-party, and other contractual obligations; to use data only for the purposes for which it is collected; to observe any restrictions for its use; and to collect, store, and dispose of data in ways appropriate to risk and impact of unintended disclosure.
Access alone does not authorize use of data.
Public Access Data
Public Access Data is data that is generally available to all employees, the general public, and the media. This information is deemed to be public by legislation or policy.
- Examples of such data at SFU include information contained in the University's Annual Report, published convocation lists, and statistical reports on enrolment.
- There are no restrictions on access.
Internal Data
Internal Data is limited to employees and other authorized users and is stored within a controlled access system. This is the default category, used for information that is not Public Access Data or Regulated Data.
- Internal data is available to those employees with a need for access as part of their job duties. Not all employees have access to all internal data, but free flow of information is critical to the success of the University. Restrictions are applied only with consent of all interested Data Stewards.
- Access is influenced by the employee's job responsibilities and ability to extract value from the data for the greater good of SFU.
- Examples of internal data include student grades and contact information.
Regulated Data
Regulated Data is data of a very sensitive nature that is protected from general distribution and is stored within a controlled access system. This information protected by legal contract, legislation, or regulation.
- Special authorization from a Data Steward must be obtained before regulated data is made available to a Data User. The Steward may choose to only provide limited access.
- Examples of limited access data include employment and education equity declarations, and records pertaining to disciplinary actions.