The University of Toronto
had a problem with its e-mail. It just wasn't good enough. It was slow and feature-lacking and students had noticed. So the IT department for the university decided that a change was in order. Being an academic institution, however, before they could make that change, they needed to make sure everyone's needs would be met.
Robert Cook, the University of Toronto’s first ever chief information officer, explained the university's methodology behind the decision to upgrade the school's IT infrastructure during Microsoft's Cloud Security Roundtable
. He said it involved assessing the existing system followed by a lot of discussion. “We were not providing services according to (the students') academic needs,” he said. “This was a new experience and as befitting Canada's largest university...we’ve cautiously, and with a lot of information, done something that’s both good for our students and good for us meeting our responsibilities.”
Cook said that the update was strongly informed by the Privacy by Design principles
, which is particularly important to the university. Firstly, because they are bound by legal obligations under the Freedom of Information and Privacy Association and because it was what students valued most. “We looked at features...accessibility, reliability, administrative ease,” he said. “The university is an open community and based on the sharing of knowledge, but despite that, we knew that two key factors were on our communities mind; security and privacy.”
Cook said they polled students and faculty, held town halls and solicited feedback through email, a result of what he calls “a culture of consultation.” “Consistently through this process (of discovering priorities), we would consult and communicate with them,” he said. “What we were impressed with though was the very important ranking that students gave to issues of security and privacy...it was clear that they expected us to take the security of their information and privacy of their personal information very strongly, but they trusted us.”
, information and privacy commissioner of Ontario, attributes some of U of T’s success in creating its end product to Privacy by Design. “Privacy by design enables you to embed privacy as an integral component in everything you do including everything you do in the cloud.”
Cook said that the end structure of the new systems was “very strongly informed by the PbD principles.”
“(We) used it as the guiding structure in developing the information that would help judge the viability of our privacy situation.”
This year, after about a year and a half of deliberations, U of T found the right mix of cloud to use.
“We concluded that through our local efforts paired with the efforts of our provider, Microsoft, we could meet our obligations,” Cook said. “It was better than we could do, had been doing, and could do in the future, on our own.” The service debuted in September for new students and will start rolling out to alumni this winter.