Freedom of Information and Protection of Privacy
Updated May 2017 by Adam Cullum (Information Governance Officer)
Overview and Compliance
The British Columbia Freedom of Information & Protection of Privacy Act [RSBC 1996 c. 165] (FIPPA) contains two main components that UNBC faculty, staff and student employees need to be aware of:
- Access to Information
- the right for the public to request any information under the custody and control of the university.
- parameters that the university must use to sever records to protect personal privacy, business interests, conservation of heritage sites, and confidential information before release.
- parameters that the university must use to disclose information of public interest.
Protection of Privacy
- acceptable limits to the collection, use, disclosure, and disposal of personal information by departments of the university.
- the right for the public to ensure accuracy of their own personal information and request correction.
- the responsibility of the university to make reasonable efforts to protect personal information from unauthorized access.
- whistle-blower protection.
- the responsibility of the university to make categories of records available to the public without request.
- parameters that the university must apply when disclosing personal information for research purposes.
- parameters that the Northern BC Archives and Special Collections must apply when disclosing personal information for archival and historical purposes.
As everyone working for UNBC are public body employees, we have a legal duty to manage personal information according to FIPPA.
The Scope of FIPPA
FIPPA applies to all personal information in the custody and under the control of a public body. “Personal Information” means any recorded information about an identifiable individual other than business contact information. For example, the contact information found on the UNBC directory is not considered personal information but personal contact information needs to be handled according to FIPPA.
Another exception to FIPPA that applies to UNBC, and other universities, includes any record containing teaching materials or research information of a faculty member, teaching assistant, research assistant or other individual carry out teaching or research at a post-secondary institution. Teaching materials and research information include lecture notes and forms of intellectual property belonging to an individual that teaches or researches. Records that serve an administrative or operational purpose, such as attendance lists, resulting grades of students, and your contributions to department operational records need to be handled according to FIPPA.
- Under Section 30.1 of the Act (Storage and Access must be in Canada), we cannot store personal identifiable data outside of Canada or allow a foreign entity access to UNBC identifiable data without documented informed consent from each individual involved.
- Do not use international cloud-based systems (DropBox, Google Drive, One Drive, SpiderOak, iCloud) to store student or personal information.
- Please work with the UNBC Centre for Teaching Learning & Technology, UNBC IT Security or the Information Governance Officer to find compliant solutions.
- Whenever possible, ensure appropriate encryption of data and mobile devices is in place. Please contact UNBC Information Technology Services for assistance.
- Please ensure you are only using your official “@unbc.ca” email account for corresponding with others on official university business (e.g. faculty, researchers, students, colleagues). We encourage everyone to only email students via their “@unbc.ca” email account. Students have the option of forwarding email to their own personal accounts.
- Under the Act, records are considered to be: “books, documents, maps, drawings, photographs, letters, vouchers, papers and any other thing on which information is recorded or stored by graphic, electronic, mechanical or other means…”
- UNBC employees must be aware that any records that are created and stored, even notes, become part of a public record that can be accessed and must be able to be retrieved during an access request.
- Record Retention: Unless otherwise legislated, retain personal information for the rest of the current year plus one year if used to make a decision that directly affects the individual. The year may be a fiscal year, a calendar year, or an academic year depending on the context of the record. If you are unaware how long you need to keep personal information you are managing, please contact the Information Governance Officer.