UofT Data Classification and Health-Related Research/Administration

In an effort to try to help prevent the exposure of sensitive data the University is moving on several fronts, including defining a new data classification policy:


which will help people determine how sensitive their data is. There is a Draft FAQ at the bottom of that webpage which may answer some of your questions.

It is likely that access for research and/or administration to any personal health records as defined by PHIPA, the Personal Health Information Protection Act:


will require some form of MFA (multi-factor authentication), likely a two-factor authentication, and the University has started the MFA application assessment. This will apply to any such data that is accessed or stored on departmental or faculty-owned systems.

If you do any research and/or administration that needs access to personal health records please let us know at requests@math.toronto.edu so that we will try to let you know more details when the new MFA policy is put into effect.  Of course this IT Status site is a good resource for finding out about updates and you should check back here if this affects you.