Policy 90 - Access to Information and Protection of Privacy

Approved Board of Governors 2012.2

ACCESS TO INFORMATION AND PROTECTION OF PRIVACY

PURPOSE

1.    The purpose of this Policy is to confirm the University of Ottawa’s continued commitment to the principles of access to information, whether personal information or institutional information, and protection of privacy in light of applicable access and privacy legislation.

INTERPRETATION

2.    The University of Ottawa is subject to Ontario’s Freedom of Information and Protection of Privacy Act (“FIPPA”) and its regulations.  This Policy is not intended to restate the provisions of FIPPA or any other access to information and protection of privacy statutes and regulations that may apply to the University (“applicable access and privacy legislation”).

3.    This Policy must also be read in conjunction with the University’s Procedure on Handling Access to Information Requests and Privacy Breach Complaints.  

4.    In certain circumstances, collective agreement provisions may also apply to matters of access to personal information and privacy. For matters concerning student records, please consult the University’s Policy 14a - Student Records.    

ACCESS TO INFORMATION

5.    The University routinely makes large amounts of its institutional information available to the public on the University's website. If the information is not available on the University’s website, a request for information may be made to the University’s Director, Compliance, Access to Information and Privacy, according to the University’s Procedure 20-5 on Access to Information and Protection of Privacy.

PRIVACY

6.    The University is committed to maintaining and protecting the integrity of personal and confidential information. If a person believes his or her privacy rights have been violated, the person may file a written complaint with the University’s Director, Compliance, Access to Information and Privacy, who, in turn, will investigate the complaint in accordance with the University’s Procedure 20-5 on Access to Information and Protection of Privacy.

RESPONSIBILITIES AND DELEGATION OF POWERS

7.    The Vice-President Governance is responsible for the oversight of access to information and privacy matters at the University.

8.   For the purposes of FIPPA, the “head” or the individual responsible for compliance with the requirements of FIPPA is the President of the University.  The President delegates to the Vice-President Governance and to the University’s Director, Compliance, Access to Information and Privacy, all powers and duties related to the University’s compliance with the requirements of FIPPA.  This delegation is pursuant to FIPPA and does not in any way limit the authority of the President as the designated “head” from exercising any of the delegated powers and duties under FIPPA.

NOTICE OF COLLECTION OF PERSONAL INFORMATION

9.    Personal information is collected under the authority of the University of Ottawa Act, 1965, submitted to it by a student, employee, alumni, donor or other individuals and is intended to be used for the purposes of and those consistent with the administration of University programs and activities and in order to carry out other University services and functions, including the following:
•    recruitment, admission and registration, academic programs and evaluations, graduation
•    evaluation of academic and non-academic programs
•    assisting student associations and the University’s Alumni Association
•    financial assistance and awards
•    alumni and development activities
•    institutional planning and statistics
•    reporting to government agencies and professional licensing bodies
•    employment related matters
•    safety and security
•    promotion in its print electronic and internet publications.

Questions by an individual regarding the collection and use of their own personal information in a particular instance should be addressed to the University faculty, administrative office or service responsible for such collection and use.  Questions of a general nature regarding the collection, use and disclosure of information should be addressed to the University’s Director, Compliance, Access to Information and Privacy, by email at aipo@uottawa.ca, by telephone at 613-562-5800 or by mail at University of Ottawa, Access and Privacy Office, 550 Cumberland Street, Ottawa, ON, KIN 6N5.

DISCLOSURE

10.  It is the University’s policy not to disclose personal information to external individuals or organizations unless,
a)   covered by the Notice of Collection of Personal Information in this Policy,
b)   the individual is notified when the personal information was collected,
c)   the individual has consented to the disclosure, or
d)   permitted under applicable access and privacy legislation or by law.

INFORMATION COLLECTED FOR PUBLIC PURPOSE

11.  The University considers the following information as information collected and maintained for the purpose of creating a record that is available to the public and may be published in print, electronic format or on the Internet:
a)   the degree or degrees conferred by the University and the date received; and )
b)   the recipient of  excellence scholarships or other prizes or honours awarded by the University or other third party.

CORRECTION OF PERSONAL INFORMATION

12.  Individuals have a right to request access to their own personal information and to request the correction of their personal information.  Those who wish to obtain access a document containing their personal information or to request a correction should begin by contacting the faculty, administrative office or service that is likely to have the information. Depending on the nature of the request or request for correction, it may require a written request to the University’s Director, Compliance, Access to Information and Privacy.

PERSONAL INFORMATION BANKS

13.  As required by FIPPA, the University maintains an index of personal information banks which outline all areas that create and maintain personal information banks for their day to day work. The directory of personal information banks is located on the University’s web site.

RETENTION AND DISPOSAL OF PERSONAL INFORMATION

14.  The records retention schedule established by the University’s Archives sets out the University’s practices regarding the retention and disposal of records.  Personal information that has been used by the University is retained for a minimum of one year after use unless the individual to whom the information relates consents to its earlier disposal.

IMPLEMENTATION

15.  The Vice-President Governance is responsible for the establishment and review of this Policy and amendments to it may be made with the approval of the Administration Committee.

Revised January 24th, 2012

(Office of the Vice-President, Governance)

Back to top