Privacy and Security

TMU has undertaken to review the privacy and security risks associated with moving to the cloud using the international standard of Privacy by Design. TMU will continue to monitor and assess privacy and security risks.

Your data will reside in multiple foreign jurisdictions and will be subject to the laws of those jurisdictions including the USA Freedom Act (formerly known as the Patriot Act). Google maintains multiple shared copies of our data in different locations to mitigate against local system failures and IT security risks.

Google will not own our data. All data is the property of TMU and/or you, the end user, and the contract with Google will have no impact on the intellectual property rights, custody, or control of faculty, staff, and student data.

When using your TMU account to access the Google Gemini app, your data is not used or human reviewed to improve their AI models. This makes it a safer alternative to your personal Google account as well as other third-party AI applications.

The data you work with at TMU can be categorized as either high, medium or low sensitivity, or public information. 

• Google Drive can be used to store data that is considered "high" sensitivity, as long as you only share it with individuals or discreet groups of people that are eligible to access this information and require access to it. Note that sharing widely with all of Toronto Metropolitan University is not an appropriate solution for this.
• GMail should only be used to transmit information that is "low" sensitivity or "public". While the application itself is protected, email is not a secure means of transmitting information. If you need to use email to share more sensitive information, be sure to store that sensitive information in a privately shared Google Doc and link to it from the email.  Avoid including sensitive information in the body of the email directly.
• Google Gemini should also only be used to transmit information classified as "low" sensitivity or "public". 

For more information. please refer to TMU's Information Classification Standard and Handling Guidelines. 

For tools like GMail and Gemini, do not upload, input, or share any personal information about yourself or any TMU student, faculty, or staff member. Examples of personal information include any data that is personally identifiable such as protected health information, social insurance numbers, student/staff numbers, birthdates, credit card data, etc. 

Failure to abide by this advice may result in a privacy breach and/or may result in non-compliance with privacy legislation.  

Please review the Privacy and Access to Information Policy, consult with the Privacy office at privacy@torontomu.ca  or report any concerns or incidents through the Privacy Incident Management Process.

All students, faculty and staff are provided with all the features of Google Workspace for Education, including TMU Gmail. You will continue to be responsible for how you use and share confidential information (including personal information) in accordance with university policies.

TMU has completed privacy impact (PIA) and security risk assessments on the Google Workspace applications that we have made available, including Google Docs, Drive, Calendar, Meet, Groups, Sites, Chat, Keep, Contacts, GMail and the prompt-based Gemini app.

TMU has not completed privacy and security assessments for the allowed third-party apps that can be used with TMU Google accounts and therefore we cannot recommend their use. They should not be used to hold university records without a prior privacy and security assessment.

TMU endeavours to make privacy and security default settings in all Google Workspace apps in order to protect users’ communications and data. In some cases you will be able to alter these settings; we are committed to assisting you in making informed decisions about the implications of changing settings.

There will be no advertising or data mining for faculty, staff, and student accounts. Google may display ads in Alumni accounts.

TMU will continue to authenticate your user name and your password. TMU application passwords (example the password you use to log into my.torontomu) will not be sent to Google if you access Gmail or other Google Workspace apps via the web. (with the exception of mobile devices and desktop client using IMAP/POP).

• Privacy and Access to Information Policy
• Information Protection Policy
• Information Classification Standard and Handling Guidelines
• Minimum Cybersecurity Controls Policy
• Acceptable Use of Information Technology
• Records Management Policy
• Respectful Workplace Policy
• Discrimination and Harassment Prevention Policy
• Student Code of Non-academic Conduct (Policy 61)
• Academic Integrity (Policy 60)

Yes. We have a website that provides information on tips for securing your computer, your data and protecting your identity. The number one tip to protecting your identity is choosing good passwords and protecting them. 

You can also watch the recorded session entitled Privacy and Information Security for Going Google!

The session provides useful information on privacy protection and information security best practices related to email and records management.

In April 2025, TMU released the prompt-based Google Gemini app to all employees, with the intention of releasing this functionality to students in late 2025.

As with any generative AI tool, the information it outputs may contain inaccuracies and cannot be considered reliable. It must be closely scrutinized before the information is used - especially for official documentation, learning materials, reports or communications. 

For more information regarding generative AI literacy, please see Generative Artificial Intelligence in Learning and Teaching at TMU provided by the Centre for Excellence in Learning and Teaching.