Skip To Content

Athabasca University

< back to guidelines

Guidelines - Authentication of Identity

Guidelines - Authentication of Identity; Providing Information to Students via Telephone

General Considerations

Privacy protection requires authentication of identity. Authentication of identity is the process of ensuring that someone is who he or she purports to be.

Authentication typically relies on one or more of the following:

  • something you know (e.g. password, security question, mother's maiden name)
  • something you have (e.g. identification card, key)
  • something you are (e.g. biometric data such as fingerprints, iris scans, voice patterns)

The Freedom of Information and Protection of Privacy (FOIP) Act, R.S.A 2000, c. F-25 requires that Athabasca University (AU) protect personal information against unauthorized use or disclosure by making reasonable security arrangements. The degree of authentication must be appropriate to the nature of the use or disclosure and the sensitivity of the personal information involved. In circumstances requiring a higher level of authentication, AU should use multi-factor authentication (i.e., two or more forms of authentication to confirm identity).

When AU interacts with a person exercising the rights of another person under Section 84 FOIP Act, AU must authenticate the identity of the person exercising the right. Authentication requires that AU obtain a copy of the document granting the person the right to act for another (e.g., guardianship order, personal directive, power of attorney).

Providing Information to Students Over the Telephone

Before disclosing a student's personal information (e.g., grades) to a caller who purports to be the student, AU must verify that the person is who they say they are. Various methods may be used; for example a "shared secret" where the person provides some information know only to him or her and AU, such as information about a previous transaction, a case number or password created for the purpose of authentication. So long as there is no reason to distrust the caller, a student identification number can be accepted as proof of authentication. If for whatever reason, you doubt the truthfulness of the caller, use a second form of authentication. For example, ask the caller what was the last course he or she completed.

Acknowledgment

AU wishes to acknowledge its reliance on publications issued by the Access & Privacy Branch, Alberta Government Services, which were used in the preparation of this guideline.


Office of the University Secretariat, July 2006

Updated May 30 2014 by Office of the University Secretariat

AU, CANADA'S OPEN UNIVERSITY, is an internationally recognized leader in online and distance learning.