1.1 On January 31, 2005, the ÎçÒ¹av created its policy in relation to the protection of personal information and electronic documents. The policy recognized the commitment made by the ÎçÒ¹av to protect privacy while, at the same time, providing procedures for the collection, use, and disclosure of information by the ÎçÒ¹av.
1.2 The ÎçÒ¹av is a special member of the community. While it is created by statute and delivers a variety of services to the public, the ÎçÒ¹av is an autonomous institution that has its own governing body, manages its own affairs, allocates its own funds, develops its own relationships with private individuals, businesses and industries, and offers its own diverse range of academic, vocational, and professional programs. This Policy is a reflection of the unique position of the ÎçÒ¹av in the community and must be interpreted with these principles in mind.
2.1 The purpose of this Policy is to enhance the ÎçÒ¹av’s continued commitments to:
3.1 This Policy applies to
4.1 This Policy is effective May 1, 2017 and shall apply to all information created by the ÎçÒ¹av after the effective date of the Policy.
4.2 All requests for information before the effective date of this Policy shall be determined in accordance with the policies and practices in effect at the ÎçÒ¹av at the applicable time.
5.1 The ÎçÒ¹av routinely makes large amounts of institutional and other information available to the public on its website. The ÎçÒ¹av is committed to continuing this online practice. If information is not available on the ÎçÒ¹av’s website, an access request may be filed with the Office of the Chief Privacy Officer (the “Privacy Office”) in accordance with this Policy.
6.1 The ÎçÒ¹av is committed to maintaining and protecting the integrity of personal and other confidential information. If a person believes his or her privacy rights have been breached, the person may file a privacy complaint with the Privacy Office in accordance with this Policy.
7.1 The Privacy Office handles access requests and privacy complaints made to the ÎçÒ¹av. The Privacy Office also carries out other associated duties, such as:
8.1.1 The steps in processing an access request may vary depending on the nature of the request. Generally, the Privacy Office follows these basic steps:
8.2.1 There are certain types of records that are exempt from disclosure to protect institutional interests, the privacy of others, confidentiality, ongoing operations of the ÎçÒ¹av, and other interests important to the ÎçÒ¹av. For example, exemptions and exceptions include, but are not limited, to any information that:
8.2.2. A record may contain information about an individual other than the Requester. Generally, information related to another individual is not disclosed.
8.2.3. A record may contain information that reveals commercial, financial, confidential or other information belonging to an external person, entity or organization. Generally, information related to another party is not disclosed.8. 3. Fees
8.3.1. The ÎçÒ¹av charges fees for the processing of access requests. Responding to an access request requires the ÎçÒ¹av to expend both human and financial resources. An initial and non-refundable fee must therefore be paid to the ÎçÒ¹av before the Privacy Office begins to process the access request and records shall not be released until the Privacy Office receives payment in full of all fees associated with request. All costs incurred by the ÎçÒ¹av will be the responsibility of the Requester and vary depending upon the size and complexity of the access request. Information on fees is found in the Fee Schedule attached in Appendix A, which forms part of this Policy.
9.1 Complaint
9.1.1 For the purpose of this Policy, a privacy breach occurs when there is unauthorized disclosure of personal information or someone has obtained unauthorized access to personal information. If a person believes his or her privacy rights have been breached, the person may file a privacy complaint in writing, addressed to the Privacy Officer, with the Privacy Office. The person making the complaint must complete the Privacy Complaint Form (QF176). In exceptional situations, the Privacy Officer may authorize a privacy complaint to be accepted in some other format for the purpose of accommodating the personal circumstances of the individual.
9.2 Basic Steps
9.2.1 The steps in processing a privacy complaint may vary depending on the nature, circumstances, and complexity of the complaint. Generally, the Privacy Office follows these steps:
10.1 Personal Information
10.1.1 Personal information is regularly collected by the ÎçÒ¹av from students, employees, alumni, donors and other individuals, and this information is intended to be used for the purpose of administering programs and activities at the ÎçÒ¹av, delivering services at the ÎçÒ¹av and carrying out the operations of the ÎçÒ¹av, including:
10.2.1 It is the general policy of the ÎçÒ¹av not to disclose personal information to external individuals or organizations unless:
10.3.1 Individuals have a right to request access to their own personal information and to request the correction of their personal information. Those who wish to obtain access to their personal information or to request a correction should begin by contacting the faculty, administrative office, or service that has possession of the information at the ÎçÒ¹av. Depending on the nature of the request, it may require a written request addressed to the Privacy Officer.
11.1 If an individual disagrees with a decision made by the Privacy Officer under this Policy, the individual may submit a written request for reconsideration to the ÎçÒ¹av’s Vice-President Corporate Services within thirty (30) days of the date of the decision. The decision of the Privacy Officer shall be reconsidered by the Vice-President Corporate Services within thirty (30) days and his/her decision shall be final. In the event that the decision under reconsideration relates to the Vice-President Corporate Services or a conflict of interest exists, then the Vice-President Corporate Services shall designate another Vice-President at the ÎçÒ¹av to hear and decide the request for reconsideration.
12.1 The development and maintenance of this Policy is the responsibility of the President of the ÎçÒ¹av.
12.2 The administration of this Policy is the responsibility of the Privacy Office as set out above.
These are PDFs and will open in a new window.