Protect What Matters: A Guide to Information Security at Okanagan College
Every day at Okanagan College, we send emails, submit assignments, share files, and collaborate online. Some of this information is meant to be public, while some needs to remain private.
Knowing how to safely handle information helps protect you, your classmates, your colleagues, and Okanagan College.
This guide explains what to do and what to avoid when working with information at OC.
Why This Matters
Okanagan College is required by law under British Columbia’s Freedom of Information and Protection of Privacy Act (FOIPPA) to protect personal and sensitive information.
Anything created, sent, or stored using OC systems (such as email, Microsoft Teams, OneDrive, and Moodle/Brightspace) must be handled responsibly.
Safe information practices help prevent:
- Privacy breaches
- Identity theft
- Stress and cleanup after mistakes
- Legal and financial impacts to the College
Know What Type of Information You’re Using
Not all information needs the same level of protection. At OC, information is grouped into four risk levels.
Information Risk Levels
| Risk Level | Examples | What This Means |
|---|---|---|
| Low | Public website content, staff names, work contact details | Information that is publicly available or intended to be shared openly. Unauthorized disclosure would result in little to no harm. |
| Medium | Internal financial data, research projects, restricted library materials | Information intended only for authorized users. Unauthorized access or disclosure could result in moderate organizational, reputational, or operational harm. |
| High | Student or employee IDs, grades, home addresses | Sensitive information that must be protected by law or industry regulation. Unauthorized disclosure could cause moderate harm to individuals and/or Okanagan College. |
| Very High | SIN, banking details, credit card numbers, health information | Extremely sensitive information protected by law or industry regulation. Unauthorized access, use, disclosure, or destruction could result in significant financial, legal, or personal harm. |
Store and Dispose Information Properly
Always use OC‑approved tools for sensitive data. Never store sensitive OC information on personal devices or accounts.
Use OC‑provided applications such as SharePoint, OneDrive, and Microsoft Teams. These platforms are designed to meet OC’s security requirements and are the preferred locations for file storage, provided access is restricted to authorized users.
Storage and Disposal at a Glance
| Risk | How to Store | How to Dispose |
|---|---|---|
| Low | No special protection needed | Recycle or delete |
| Medium | Password‑protected or limited access | Shred or securely erase |
| High/Very High | Approved locations only; encryption required | Shred, pulp, degauss, or securely destroy |
Sensitive documents should never go into open recycling bins.
Share Information Safely
Before sharing information, ask yourself:
- Who actually needs this?
- Am I sharing more than necessary?
This approach is known as the Principle of Least Privilege.
Best OC Tools for Sharing
- SharePoint, OneDrive, Microsoft Teams
- OC Email
- Low Risk: Generally acceptable
- Medium/High Risk: Acceptable (encrypted attachments recommended)
- Very High Risk: Encrypted attachments only
What to Avoid
- Never send sensitive information through personal email (Gmail, iCloud, etc.)
- Never use external tools (Google Drive, Dropbox, Slack) for sensitive OC information.
These services may store data outside of Canada, which can create privacy concerns.
Your Responsibilities at OC
When using College systems, you are expected to:
- Keep your passwords private
- Follow OC IT's policies and standards
- Use only approved software and services
- Share sensitive information only when authorized
Even well‑intended sharing can cause problems if done incorrectly.
Not Sure What to Do?
If you’re unsure which category something falls into, please contact us via email at ITSecurity@okanagan.bc.ca. In the meantime, always assume a higher level of sensitivity until we can confirm it.
Bottom Line
If something seems sensitive, treat it that way. Use OC tools, share carefully, and ask for help when you’re unsure.
Small choices make a big difference in keeping our community safe.
For more details on information handling, please refer to our Standard for Security Classification of College Information, Standard for Transmission and Sharing of College Electronic Information, and our Use of Information Technology Resources policy.