SR1 must be reviewed every three years to assure alignment with the BC Personal Information Protection Act, and was updated last month by the Governance Committee and privacy officer Sheldon Goldfarb.
The updated policy includes a clause which indicates that AMS staff “shall not use [non-AMS file-sharing services] for storing or sharing personal information.”
The previous SR1 policy had no explicit mention of where personal information should be stored, and staff were able to use third-party storage like Google Drive and Dropbox.
In a statement to The Ubyssey, AMS Chief Technology Officer Hong-Lok Li wrote that this “loophole” was a significant privacy issue.
Staff are still able to use third party platforms for uses other than transmitting and storing personal information, but are encouraged to transition to the AMS’s OneDrive.
But, Li said there has never been a known case involving personal information being stored on a third party storage platform.
“We simply felt it was important to be more explicit to better ensure the protection of private information going forward,” Li wrote.