TRENT UNIVERSITY
POLICY ON PRIVACY PROTECTION AND FREEDOM OF INFORMATION
I. PREAMBLE
In 1987, the Ontario Government passed the Freedom of Information and Protection of Privacy Act, Bill 34. The purpose of the legislation was two-fold: to give access to information held by the provincial government and certain of its ministries, agencies and commissions, and, at the same time, to protect the privacy of individual citizens by disallowing access to personal information except by the individual involved or by a designate formally authorized by that individual. The legislation further allows individuals to ascertain what information is held about them and whether that information is correct. The privacy of individuals is given additional protection by the stipulation that when information is collected, the reason for its collection shall be given and the information subsequently used only for that stated purpose.
Universities are thus far exempt from the provisions of the Act but have agreed by the end of 1994, to develop their own internal policies on the protection of privacy and freedom of information which reflect the spirit and intent of Bill 34. In July, 1993, the Council of Ontario Universities developed a document entitled "Guidelines on Freedom of Information and Privacy Protection." The COU document purported to provide some assistance to individual universities as they set out to draft their own institutional policies. In response to this initiative, a 4-person task force was appointed in 1993-94 to review current practices and try to tailor the suggested guidelines to Trent's needs. In September 1994, when this policy was to have been presented for discussion by the Trent community, Ministry officials required COU to change some of its guidelines and made it clear that the universities were expected to revise their draft policies accordingly.
In developing a policy document to assist staff and faculty to manage informa-tion that accrues in their area of the University, it was recognised that universities are places of disparate activities involving teaching, research, academic assessment, government liaison, both centralised and collegial management structures, peer review processes and compliance with pre-existing legislation and government programs. It was further recognized that, where applicable, union collective agreements would supersede this policy and that special provisions to protect research interests would be required. The policy which Trent University has developed generally reflects current practices, is consistent with the purpose of the COU guidelines and is now recommended for approval. It is understood that the "Guidelines for Confidentiality and Disclosure of Student Records" appended to this policy will be brought forward at a later date for public review and Senate approval.
TRENT UNIVERSITY POLICY
ON PRIVACY PROTECTION AND FREEDOM OF INFORMATION
1. PURPOSE OF POLICY
This policy establishes the principles for responding to requests for access to records held in Trent University offices. The policy will guide departments in implementing procedures which enable staff and faculty to be generally responsive to requests for information, while ensuring that the privacy of individuals is protected.
2. RESPONSIBILITY FOR ADMINISTRATION OF POLICY
All academic and administrative departments are responsible for complying with this policy governing privacy protection and access to records. Individual departments are responsible for developing and implementing their own procedures to ensure that they reflect the intent of the University's policy. Periodic review of the policy is the responsibility of the President and the senior administration of the University.
3. GUIDING PRINCIPLES
Trent University will handle personal records in a way which protects the privacy of individuals.
General records of Trent University, except those which are located in the offices of faculty or restricted under Section III (2) of this policy, will be accessible to members of the University community and to the general public.
II. PRIVACY PROTECTION: FACULTY, STAFF AND STUDENTS
1. BASIC PRINCIPLES
Trent University recognizes the importance of protecting the privacy of individuals whose personal records are in the custody of the University. As a general rule, personal information contained in University records should be collected, retained and disclosed in such a way as to protect the privacy of the individual to whom the information pertains. All faculty and staff should be aware of the necessity to protect the privacy of individuals and should exercise the utmost discretion when asked for personal information by third parties either in person, in writing, by telephone or electronically.
2. STUDENT PERSONAL RECORDS
Academic and administrative departments, colleges and academic advisors should be guided in their decisions by the "Guidelines for Confidentiality and Disclosure of Student Academic Records" available from the Registrar's Office. (The guidelines currently in use are attached to this policy as Appendix A.)
This document make it clear that students' names, addresses and tele-phone numbers are not to be given out by any University office. Instructors who anticipate a need for their students' telephone numbers should request that information directly from the students. Except in the circumstances noted in Section II.6.0 and II.6.1, University offices will provide outside parties only with confirmation of a student's registration, degree(s) earned and major(s), unless the student has specifically authorized the release of additional information
3. PERSONNEL RECORDS
Specific guidance on the correct handling of confidential employment records can be provided by the Department of Human Resources or, in the case of faculty files, by the office of the Dean of Arts and Science. Department heads should refer as well to relevant provisions in the faculty and staff collective agreements, which supersede this general policy.
Department offices may not provide any personal information about individuals employed by the University, other than to confirm that they are on the payroll, unless authorized to do so by the individuals concerned.
4. RECORDS REGULATED BY OUTSIDE AGENCIES
In cases where departments operate under outside regulations, such regulations supersede the University's policy; for example, records maintained by University Counselling service are protected under the provisions of the Mental Health Act and the C.P.A. guidelines.
For all other departments of the University, the following general guidelines are to be followed in the collection, release and retention of personal information:
5. COLLECTION OF PERSONAL INFORMATION
(a) The University shall collect or compile and record only such personal information as is necessary for the proper administration of the university and its academic programs and ancillary services.
(b) The purpose for the collection of personal information shall be made clear to the individual about whom information is requested or compiled, normally by means of a disclaimer on the form.
6.0 LIMITS ON ACCESS TO PERSONAL INFORMATION
Personal information shall be accessible only to:
(a) the individual to whom the information pertains:
(b) a person or agency formally designated by that individual, and with the individual's consent;
(c) an officer or employee of the University who needs the record in the performance of his or her legitimate duties;
(d) appropriate persons (e.g. doctor, police officer, University official, parent) in an emergency or for compassionate reasons affecting the health or well-being of an individual or the university community providing the individual is duly notified that such use was made of personal information.
6.1 Personal information shall be accessible only:
(a) for the purpose for which it was explicitly collected or compiled;
(b) for the purpose of complying with an act of federal or provincial legislation, or a law enforcement matter normally where the University has been served with a court order or subpoena;
(c) in order that individuals may verify the accuracy of the information held about them and/or request correction or the inclusion of a statement of disagreement.
6.2 Access to information in one's own personal record may be denied in the following circumstances:
(a) if disclosure would constitute an unjustified invasion of another individual's personal privacy;
(b) in cases where information is evaluative or opinionate such as that collected during peer or other review processes; or in the course of evaluating candidates for awards, bursaries, research grants, scholarships or other forms of financial assistance; or while evaluating eligibility for admission to an academic program of the university; or in the course of evaluating candidates for employment within the university or in the awarding of a contract with the university;
(c) where disclosure would violate the solicitor-client relationship;
(d) where disclosure could reasonably be expected to seriously threaten the safety or health of an individual;
(e) where disclosure could reveal the identity of a source who furnished information in circumstances where it may reasonably have been assumed that the identity of the source and/or the information would be held in confidence.
7. MAINTENANCE OF PERSONAL RECORDS
Records containing personal information relating to faculty, staff, students, alumni or volunteers which is collected and maintained in a University administrative office should be stored in a secure manner, preferably in locked filing cabinets within offices which are lockable outside of working hours. Appropriate security precautions should be taken to safeguard personal information which is stored electronically.
Personal records should be kept only as long as they might reasonably be expected to be needed, or as long as required under relevant legislation, collective agreements, contracts or statutes of limitation for the courts. For employment records with unspecified retention periods, reference may be made to the time frames adhered to by the University's Department of Human Resources. While the electronic student transcript will be retained in perpetuity, a retention policy for the contents of the official student academic record is to be developed by the Registrar's Office.
When personal records are no longer required, they should be shredded to protect privacy. Items of historical significance should be transferred to the University Archives.
III. ACCESS TO GENERAL UNIVERSITY RECORDS
1. BASIC PRINCIPLE OF ACCESS
As part of its commitment to public accountability, Trent University supports the right of access to general University records. Further, it is the University's view that the freedom to access information is essential for an effective and informed University community.
2.0 EXEMPTIONS FROM ACCESS PRINCIPLE
The following are instances in which the University may, but will not necessarily, deny access to general information:
2.1 Trent University may refuse to disclose information concerning:
the past, present or proposed research activities of members of the university community where disclosure would undermine the professional or personal interests of the researchers or where disclosure would be contrary to the public interest.
2.2 Trent University may refuse to disclose a record which contains:
(a) financial, commercial, scientific or technical information that belongs to Trent University and has monetary or potential monetary value or could reasonably be expected to prejudice the economic interest of Trent.
(b) information owned by Trent, if the disclosure could reasonably be expected to deprive an individual or Trent University of priority of publication;
(c) questions that are to be used in University examinations or tests.
2.3 Trent University may refuse to disclose a record if disclosure could reasonably be expected to:
(a) prejudice the competitive position or interfere with the contractual or other negotiations of a person, group or organization;
(b) result in information no longer being supplied to Trent where it is in the University's interest that similar information continue to be so supplied;
(c) result in undue loss or gain to any person, group, committee, financial institution or agency;
(d) reveal positions, plans, procedures, criteria or instructions to be applied to any negotiations carried on or to be carried on by or on behalf of Trent University including information supplied to, or the report of, a conciliation office, mediator, labour relations officer or other person appointed to resolve a labour relations dispute;
(e) interfere with a law enforcement matter;
(f) interfere with an internal disciplinary proceeding or process for conflict resolution;
(g) prejudice the relations between Trent University and federal or provincial government authorities or other agencies providing funding to the University or any of its constituent units;
(h) reveal information received in confidence from federal, provincial or foreign government authorities or from other universities, colleges and similar institutions and from organizations formed for the purpose of representing the interests of such organizations or various constituencies within them.
(i) prejudice the solicitor-client relationship.
2.4 Trent University may refuse to disclose a record where the disclosure would reveal the substance of any closed-session deliberations of its senior governing bodies (Board of Governors and Senate) or their committees, or of the President's Executive Group, or of a presidential advisory committee, including:
(a) an agenda, minutes, meeting materials or other record of closed-session deliberations or decisions;
(b) a record containing policy options/recommendations or a record containing background explanations/analyses submitted for consideration in making decisions or policy, before these decisions or policies are made or implemented;
(c) draft documents not yet authorised by the President for release.
2.5 Trent University may refuse to disclose records pertaining to deliberative processes where:
(a) such disclosure would be preliminary or would undermine the effectiveness of those processes (for example, a record where disclosure would reveal the confidential advice or recommendations of a person employed by Trent or a consultant retained by Trent);
(b) the records would reveal plans relating to the management of personnel or the administration of Trent University that have not yet been put into operation or made public.
IV. POLICY ADMINISTRATION
1. PRIVACY PROTECTION / FREEDOM OF INFORMATION OFFICER: ("the Officer")
The University shall designate an employee to act as the Officer responsible for assisting the University community to comply with this policy. The Officer has the authority to receive, and make decisions on, requests for access to information or for the correction of personal data under the policy. Such requests may come to the Officer directly from parties seeking information or corrections, or by referral from departments or individuals who have been asked to supply or correct information where there are questions concerning the application of the policy.
2. PRIVACY PROTECTION/FREEDOM OF INFORMATION COMMISSIONER: ("the Commissioner")
The University shall appoint a Commissioner responsible for reviewing decisions made under this policy by the Officer or by a University department, when such decisions are appealed. Following investigation, the Commissioner may advise the President to either confirm or reverse the University's decision.
The Commissioner also monitors the University's compliance with this policy and recommends amendments to the policy, where appropriate. The Commissioner provides the Board of Governors with an annual report on the nature and disposition of complaints made to the Commissioner. Where possible, the Commissioner should be an external volunteer with a legal background. He or she may serve for a renewable term of up to three years.
3. THE PRESIDENT:
The President is responsible for making a final decision on any matter under appeal. In the event that the President does not accept the recommendation of the Commissioner, this decision and the reasons for it shall be reported to the Board of Governors.
V. PROCEDURES FOR ACCESSING RECORDS
1. REQUESTS IN WRITING:
Persons seeking access to a University record, other than employees in the course of their regular duties, shall normally make their request in writing to the appropriate department head, providing sufficient detail to make it possible for the department to identify the record. Alternatively, requesters of information may submit their request directly to the Freedom of Information/Privacy Protection Officer who shall provide a copy of the request to the department concerned. Non-routine requests for information, or those which require policy inter-pretation, should be referred to the Officer.
2. RESPONSE TO REQUESTS:
Administrative and academic departments of the University shall respond to requests for information in a timely fashion. Responses to non-routine requests will be provided in writing or electronically, normally within 30 days and will indicate:
(a) that access to all or part of the record will be given and the particulars of how the record may be accessed; or
(b) that access to all or part of the record will not be given; or
(c) that the record is not within the control of the University.
If the request is for a large number of records, or necessitates a time-consuming search or lengthy consultations, the time limit for responding may be extended and the person making the request will be advised of the reason for the delay.
3. CHARGES BY DEPARTMENTS:
Departments will normally require a person who requests access to a general university record (other than an employee in the course of his or her regular duties) to pay one or more of the following charges:
(a) a search charge, based on the principle of cost recovery, for every hour of manual or electronic search or other preparation required in excess of 1 hour to locate or compile a record;
(b) the cost of preparing the record for disclosure and providing copies of the record;
(c) shipping costs.
Departments shall, before giving access to a record, provide a reasonable estimate of the costs involved. Such fees may be the subject of an appeal to the Commissioner under Section V.4 of this policy. Individuals seeking access to their own personal information will be charged only for the costs of preparing transcripts and/or photocopies.
4. APPEALS:
Within 30 days of receiving notice of a decision by a department head or by the Officer regarding the release, cost, amendment or withholding of a record, an appeal pursuant to IV 2(b) may be filed in writing with the Commissioner.
As soon as possible following receipt of the appeal, normally within 10 working days, the Commissioner shall provide the respondent (normally the person who made the decision being appealed against) with a copy of the appeal and may invite this individual to make a submission in support of his or her position. The Commissioner may examine any record in the custody or under the control of the University and may meet with the complainant, the respondent and the affected individual(s), if applicable. Unless the Commissioner is unavailable during all or part of this time, the investigation should be completed and a decision rendered within 30 days of receipt of the written appeal.
The Commissioner may recommend in writing that the President confirm the decision being appealed, or vary it, in whole or in part. The President then makes a decision as outlined in IV.3.
|
