As an Undergraduate office, what are my responsibilities regarding the security of information?

You should treat information about applicants as confidential at all times. Confidential information includes the names of applicants, applicant information and program ranking information. Candidate information provided to you by CaRMS should be kept only as long as it is required for the reasons it was collected. You should have procedures in place to destroy, delete, erase or convert personal information into an anonymous form when it is no longer required.

You must have appropriate security measures to protect any information provided by CaRMS. This means you must have technical, physical and procedural controls to protect information against destruction, loss, alteration, unauthorized disclosure to third parties or unauthorized access by employees or contractors employed by the institution, whether by accident or otherwise. For example, the risk of unauthorized disclosure or access increases greatly as soon as information is removed from the CaRMS system. We encourage you to review documents inline and avoid printing or transferring information whenever possible.

As a user of CaRMS services, we recommend that you carefully review the institution contract and CaRMS policies to familiarize yourself with your rights and responsibilities with regards to CaRMS’ security measures. If you have any questions or concerns about your responsibilities in the security of information, please contact compliance@carms.ca.
A note on printing

While it is possible to print applicant lists and other information from our online system, we do not encourage it. In fact, the system has been built in such a way that printing is not necessary – all functions can be performed directly within the system.

There are obvious environmental benefits to keeping records electronic; but even more importantly, keeping records in the system maintains the maximum level of security. Every time a record is printed or removed from the system via a USB drive or other means, the security of this valuable information is compromised. Despite best intentions, a printed sheet or USB drive could be easily left somewhere it would be vulnerable to exploitation.

By encouraging working within the system and avoiding printing or transferring of information whenever possible, you can contribute to keeping sensitive data and applicants’ personal information confidential.

Comments

Article is closed for comments.