Freedom of Information and Protection of Privacy Requirements
Overview and Compliance
The British Columbia Freedom of Information & Protection of Privacy Act (FOIPPA) covers two main areas that UNBC faculty, staff and student employees need to be aware of:
Important note: In order to comply with the BC Freedom of Information and Protection of Privacy Act (FIPPA) and for the sake of the privacy and security of the UNBC community and security of UNBC’s information, all faculty, staff and students are required to only use the UNBC email system to conduct University business.
Failure to comply with this practice poses a number of risks as the University is accountable for ensuring our information practices align with FIPPA. Those risks include the following:
• Loss of accurate records – Accurate records of actions in a manner that preserves records of enduring value and accountability are easily lost when UNBC Staff and Faculty conduct business through their personal email accounts.
• Inability for UNBC to ensure reasonable security and privacy measures – Personal email accounts, which is are often web-based, are much less likely to take reasonable security and privacy measures to guard against unauthorized access, collection, use, disclosure, or disposal of personal information than the University’s email system. The terms of service for personal accounts may allow third-party access to content in a way that is in contravention of FIPPA, and security features for webmail services may not be adequate for FOIPPA purposes.
• Inability to ensure personal information storage and access is within Canada. Although there are exceptions, FIPPA requires UNBC to store and access personal information only in Canada. Popular email services are not among cloud-based services compliant with FOIPPA.
- Access to Information
- provide the public with the right of access to records in the custody, or under the control, of UNBC;
- provide information as part of a formal FOIPOP request;
- provide routine public information and personal information
- Protection of Privacy
- prevent unauthorized collection, use, or disclosure of personal information; Maintain confidentiality.
- withhold certain records from disclosure (exemptions);
- provide individuals with the right to access and correct personal information about themselves
In a manner consistent with the Act, UNBC provides access to records and information under the custody and control of the University, balanced with ensuring the protection of the personal privacy of all individuals associated with the University.
As we are all public body employees (of UNBC), we have a legal duty to abide by, adhere to, and be responsive to the Act.
Important Definitions
“Personal Information” means recorded information about an identifiable individual other than contact information. Contact information: think business card /UNBC phone list
There is an exemption in the Act related to higher-education that’s important to note:
“A record containing teaching materials or research information of employees of a post-secondary education body…”
“Teaching materials” include any records produced or compiled for distribution to students, to aid an instructor in relating information to students, or otherwise used to teach (e.g. notes prepared to refer to while presenting lectures). Attendance lists, grading, administrative documents would be considered in scope of the Act.
“Cloud” Computing
- Under Section 30.1 of the Act (Storage and Access must be in Canada), we cannot store personal identifiable data outside of Canada or allow a foreign entity access to UNBC identifiable data.
- Therefore, please refrain from using USB keys, portable drives and cloud-based systems (DropBox, iCloud) to store student or personal information.
- Please work with the UNBC Centre for Teaching Learning & Technology or UNBC Information Technology Services to find compliant solutions.
- Whenever possible, ensure appropriate encryption of data and mobile devices is in place. Please contact UNBC Information Technology Services for assistance.
- Also, please ensure you are only using your official “@unbc.ca” email account for corresponding with others on official university business (e.g. faculty, researchers, students, colleagues). We encourage everyone to only email students via their “@unbc.ca” email account. Students have the option of forwarding email to their own personal accounts.
Records Management
- Under the Act, records are considered to be: “books, documents, maps, drawings, photographs, letters, vouchers, papers and any other thing on which information is recorded or stored by graphic, electronic, mechanical or other means…”
- UNBC employees must be aware and take care to create written documentation in an objective and professional manner. Remember that whatever you type, write or record becomes part of a public record that can be accessed.
- Record Retention: Unless otherwise legislated, general rule of thumb is to retain personal information for at least 1 year (CY+1) if used to make a decision that directly affects the individual.
Please visit the Records Management website for more information, guidelines and assistance at: http://www.unbc.ca/records-management
If you would like more information, please contact Dave Kubert, Chief Information Security Officer or Doris Marshall-Greenlaw, the Governance Officer for Access, Privacy and Records Management.