Privacy & Passwords

The WordPress CMS platform is intended to host public-facing content and files.​ Learn more about privacy, passwords and the collection of personal information on digital channels. ​​



There is no way to make a file on the CMS system private or password protected, and sites should not host files that cannot be publicly available. If a file is uploaded to the CMS service, anyone with the URL of that file can download it without any authentication. In addition, any file uploaded to CMS may appear in search engine results.


Unlike files, individual pages can be password-protected on the CMS service. A password must be set for each page in order for that content to be made non-public. Any user who does not have the password cannot access the content. However, since a password can be easily shared from one person to another, sensitive content should not be hosted on the CMS service. 

If a file or pages need to be private or available to a smaller audience, we recommend using a different service to host such files/content. A team site on MedNet may be an ideal solution if the files are intended for an audience internal to the Faculty of Medicine. If you have questions about MedNet team sites, please contact​

Collection of Personal Information

All websites that collect personal information through forms or other means must include a standard privacy notification, as per requirements from the University Counsel Privacy Office. The privacy notification must include a contact email address. In addition, all personal information that has been collected must be retained for a minimum of one year.

A privacy notification can be modeled on the following:

Your personal information is collected under the authority of section 26(c) of the Freedom of Information and Protection of Privacy Act (FIPPA). This information will be used for the purpose of [UNIT NAME]. Questions about the collection of this information may be directed to [EMAIL].

For more information see: http://universitycounsel.ub​

Note: Do not store/collect any sensitive information with Gravity Forms — the online forms plugin available on UBC CMS. Sensitive information includes student numbers, CWL information, and private personal information.