Dear Colleagues,

As members of the Faculty and McGill University, we are subject to a multitude of various policies and guidelines. It is, therefore, helpful to be reminded from time to time and to underscore their importance.

I am writing today about the critical importance of data security. Specifically, it is important that we all know and follow the proper protocols for managing and storing McGill and Faculty-specific data, especially when private and confidential data is involved.

In the digital age, it is vital to protect personal and sensitive data from unauthorized access, theft, damage and other misuses. Compromising data security and privacy can lead to significant repercussions for both an individual, for example through access to one’s bank account or identity theft, and for the Faculty or University.

The University is governed by An Act Respecting Access to Documents Held by Public Bodies and the Protection of Personal Information (“Access Act”), which protects the confidentiality of personal information and generally declares confidential the records, documents and information concerning staff, students, alumni and donors, among others.

What constitutes personal information?

Personal information includes, but is not limited to:

  • name, date of birth, student ID number and permanent code;
  • home address;
  • citizenship information, social insurance number, immigration information;
  • bank/financial information;
  • photographs taken for the purpose of identification cards;
  • academic data, such as degree(s), course registration, grades, grade point average, etc.; and
  • any documents that contain personal information.

It is important to note that all elements of a student’s record are confidential.

What is considered unsafe storage practice?

Examples of unsafe practices include:

  • leaving printed copies of personal information on a desk or visibly accessible in an office;
  • the use of a USB key or a computer’s C-drive or Desktop to store or transfer this type of information; or
  • keeping work-related information or data on unsupported personal storage platforms, such as iCloud.

Instead, always use approved options such as the Faculty servers (Shared drives), McGill servers, MS Teams and Sharepoint, which are secure and approved by McGill IT Security. These options ensure information remains with McGill and accessible in the event of an employee’s departure.

It is crucial that we all practice extreme care and diligence when storing or using personal confidential information. The University has prepared several websites to help guide us on how to improve our cybersecurity, including Secure your journey and Web Services.

Keeping confidential and personal information secure is critical, both from a legal and reputational standpoint, and it is the responsibility of every one of us. With numerous cyberattacks around the world targeting universities and health care institutions, it is even more important to stay both informed and very vigilant.

Thanks for your support and for protecting this data.

For additional resources, please contact the MedIT Helpdesk.


David Eidelman, MDCM Vice-Principal (Health Affairs)Dean of the Faculty of Medicine & Health Sciences