| Policy Number: HR 500 | Policy Title: Access to Information and Protection of Privacy |
| Supersedes Existing Policy? Y | Policy Owner: Executive Director, Human Resources Services |
| Associated Procedure: Y | Date Last Approved by CET: October 16, 2019 |
| Related Documents and Links |
1. Introduction and Purpose
Ontario’s Freedom of Information and Protection of Privacy Act (the Act) gives individuals a legal right of access to information held by the Government and its Agencies, including Ontario’s Community Colleges. The Act also gives individuals a right of access to their own personal information and establishes standards to ensure that this information is protected. Loyalist College has always operated in an open, accessible, accountable, and responsible manner while providing individuals with a general right of access to information and protecting the privacy rights of individuals.
The purpose of the policy is to outline responsibilities regarding access to information and protection of privacy.
2. Application
This policy applies to all members of the College community, including, but not limited to students, employees, former employees, third parties, and members of committees who have access to records under the custody and control of Loyalist College. This policy is intended to complement, not detract from Provincial or Federal legislation or any collective agreements in place at the College adopted under the authority of the Board of Governors.
Where this policy conflicts with legislation, or collective or other existing agreements, the legislation and agreements will take precedence over this policy.
3. Definitions
Personal Information – recorded information about an identifiable individual, including, but is not limited to such basic details as name, home addresses, telephone numbers, gender, sexual orientation, age and marital or family status, race, national or ethnic origin, color, religious or political beliefs or affiliations, identifying numbers such as your social insurance number, or driver’s license, medical, employment or educational history, disabilities, financial information and personal opinions of or about an individual.
Personal information does not include the name, title, business address, and business contact number(s) of an employee. The personal information exemption expires for individuals deceased more than 30 years.
Record – any record of information however recorded, whether in printed form, on film, by electronic means or otherwise, and including but not limited to: correspondence; a memorandum; a book; a plan; a map; a drawing; a diagram; a pictorial or graphic work; a photograph; a film; a microfilm; a sound recording; a videotape; a machine-readable record; any other documentary material regardless of physical form or characteristics, and any copy thereof and any record that is capable of being produced from a machine readable record under the control of the College by means of computer hardware and software or any other information storage equipment and technical expertise used by the College.
Custody or Control of Records – Custody means the keeping, care, watch, preservation or security of a record. Physical possession of a record is the best evidence of custody. Control means the power or authority to manage the record throughout its life cycle, including decisions about the use or disclosure of the record. Evidence of control is the power to decide how records in the College’s custody are classified and organized, how long they are retained, or their final disposition. As a general rule, when the College does not have physical possession of the record but an employee has custody at home, the College still has control of the record.
4. Policy Statement
In keeping with the objectives of the Act, Loyalist College will:
- provide a right of access to information under its control in accordance with the principles that:
- information held by institutions should generally be available to the public
- necessary exemptions from this general right of access should be limited and specific and in accordance with the Act, and
- decisions on disclosure requests should be able to be reviewed independently, and
- protect the privacy of individuals with respect to personal information about themselves held by the College, and to provide individuals with a right of access to that information.
All reasonable steps shall be taken to protect the security and confidentiality of personal information during its collection, storage, transportation, handling and destruction.
The President is responsible for ensuring compliance with the Act as delegated by the Chair of Loyalist’s Board of Governors. The President may delegate that authority and responsibility to the Freedom of Information and Privacy Coordinator to be appointed by the College.
Failure of employees to adhere to this policy could result in the misuse of information and potentially a breach of confidentiality. In such cases, the individual may be subject to disciplinary action. Employees are encouraged to contact the College’s Freedom of Information and Privacy Coordinator if they have any questions about this policy or the Act.
5. Privacy Breach
A privacy breach occurs where personal information in the custody or control of the College is handled in a manner that is not in accordance with FIPPA. Examples of a breach include a file containing personal information being misdirected to an incorrect recipient or the loss of an unencrypted device containing personal information. Actual or suspected privacy breaches are to be immediately reported to the Freedom of Information and Privacy Coordinator at fippa@loyalistcollege.com.
6. References
- Freedom of Information and Protection of Privacy Act (FIPPA), R.S.O. 1990, c.F.31