Part 1 – Privacy & Personal Information
All Ontario Universities are responsible to fulfill the requirements of the Freedom of Information and Protection of Privacy Act (FIPPA for short).
- FIPPA was enacted to ensure that Ontario’s publicly funded institutions are transparent and accountable to the people of Ontario through access to information and the protection of privacy
- FIPPA is enforced through the office of the Information and Privacy Commissioner of Ontario (IPC)
Two Key Principles of FIPPA:
Public access to information
- The public has a right to request records that the institution has in its custody or under its control.
The protection of personal privacy
- The institution has a responsibility to protect personal information and other kinds of sensitive records from unauthorized uses and disclosures.
A University Record means any record:
- in the custody or under the control of the University;
- created or received, and maintained as evidence of University decisions, transactions, and relationships; and,
- relevant to the administration and operation of University activities.
What is considered Personal Information?
- FIPPA defines Personal Information as information about an identifiable individual
- This includes, but is not limited to, such basic details as name, address, telephone number, gender, age and marital status, employee number, student number, health information, education and employment history, and financial data
- An individual’s name on its own is not personal information unless it discloses other information, which if unauthorized, would be an invasion of privacy
- The views or personal opinions of another individual about the individual (stated opinions of others are the information of those others)
- Personal Information does not include the name, title, business address, and business contact numbers of an employee
Key Points
- Personal information is any information about an identifiable individual (except employees’ names and work contact details)
- The names of students are personal information as they identify the individual as a student of the University.
- Record: A record is any record of information however recorded, whether in printed form, on film, by electronic means or otherwise.
- FIPPA’s rules for the protection of personal information include:
- Collect only the Personal Information (PI) that you need for the proper administration of the University;
- Inform people about the collection and about what you intend to do with their PI by including a Collection Notice whenever you collect PI;
- Only use PI for the purpose(s) for which it was collected, or a consistent purpose;
- Only share PI internally with other Brock employees if they need to know the information for the purpose of their role;
- Don’t disclose PI outside of Brock without consent, other than in limited circumstances as specified in FIPPA; and
- Retain PI for a minimum of 1 year past last date of use.
- Privacy breaches must be reported to Privacy@Brocku.ca
- Be mindful of privacy when handling records containing personal information.
- Email: Use your Brock employee email address for all Brock business related emails.
Learn More
- Access to Information and Protection of Privacy
- Student Records Policy
- Access to University Records
- Collection of Personal Information
What if I’m dealing with Personal Health Information?
Generally, even if you are handling records containing health information, FIPPA will continue to apply. The Personal Health Information Protection Act (PHIPA) only applies to Brock’s units that provide health care on the University’s behalf. Brock University has 3 health care providers who act as Health Information Custodians within the context of PHIPA:
- Student Health Services
- Personal Counselling Services
- Brock Sports Medicine Clinic
If you are an employee of one of the above units, complete the PHIPA Training.
Collection Notice template:
Brock University protects your privacy and your Personal Information. The Personal Information requested on this form is collected under the authority of The Brock University Act, 1964 section 3, and in accordance with the Freedom of Information and Protection of Privacy Act (“FIPPA”). The information will be used to [specify purpose for collecting the Personal Information]. Direct any questions about this collection to the [contact position], of the [your department] at Brock University at (905) 688-5550, ext. [XXXX] or see www.brocku.ca/[your departmental website].
Click here for the next module: Part 2 – Disclosing Personal Information