as
revised December 13, 1994
TRENT UNIVERSITY
POLICY ON PRIVACY
PROTECTION AND FREEDOM OF INFORMATION
I.
PREAMBLE
In 1987,
the Ontario Government passed the Freedom of Information and Protection
of Privacy Act, Bill 34. The purpose of the legislation was two-fold:
to give access to information held by the provincial government and
certain of its ministries, agencies and commissions, and, at the
same time, to protect the privacy of individual citizens by disallowing
access to personal information except by the individual involved
or by a designate formally authorized by that individual. The legislation
further allows individuals to ascertain what information is held
about them and whether that information is correct. The privacy of
individuals is given additional protection by the stipulation that
when information is collected, the reason for its collection shall
be given and the information subsequently used only for that stated
purpose.
Universities
are thus far exempt from the provisions of the Act but have agreed
by the end of 1994, to develop their own internal policies on the
protection of privacy and freedom of information which reflect the
spirit and intent of Bill 34. In July, 1993, the Council of Ontario
Universities developed a document entitled "Guidelines on Freedom
of Information and Privacy Protection." The COU document purported
to provide some assistance to individual universities as they set
out to draft their own institutional policies. In response to this
initiative, a 4-person task force was appointed in 1993-94 to review
current practices and try to tailor the suggested guidelines to Trent's
needs. In September 1994, when this policy was to have been presented
for discussion by the Trent community, Ministry officials required
COU to change some of its guidelines and made it clear that the universities
were expected to revise their draft policies accordingly.
In developing
a policy document to assist staff and faculty to manage informa-tion
that accrues in their area of the University, it was recognised that
universities are places of disparate activities involving teaching,
research, academic assessment, government liaison, both centralised
and collegial management structures, peer review processes and compliance
with pre-existing legislation and government programs. It was further
recognized that, where applicable, union collective agreements would
supersede this policy and that special provisions to protect research
interests would be required. The policy which Trent University has
developed generally reflects current practices, is consistent with
the purpose of the COU guidelines and is now recommended for approval.
It is understood that the "Guidelines for Confidentiality and
Disclosure of Student Records" appended to this policy will
be brought forward at a later date for public review and Senate approval.
TRENT UNIVERSITY
POLICY
ON PRIVACY PROTECTION
AND FREEDOM OF INFORMATION
1. PURPOSE OF
POLICY
This policy
establishes the principles for responding to requests for access
to records held in Trent University offices. The policy will guide
departments in implementing procedures which enable staff and faculty
to be generally responsive to requests for information, while ensuring
that the privacy of individuals is protected.
2. RESPONSIBILITY
FOR ADMINISTRATION OF POLICY
All academic
and administrative departments are responsible for complying with
this policy governing privacy protection and access to records. Individual
departments are responsible for developing and implementing their
own procedures to ensure that they reflect the intent of the University's
policy. Periodic review of the policy is the responsibility of the
President and the senior administration of the University.
3. GUIDING PRINCIPLES
Trent University
will handle personal records in a way which protects the privacy
of individuals.
General records
of Trent University, except those which are located in the offices
of faculty or restricted under Section III (2) of this policy, will
be accessible to members of the University community and to the general
public.
II.
PRIVACY PROTECTION: FACULTY, STAFF AND STUDENTS
1. BASIC PRINCIPLES
Trent University
recognizes the importance of protecting the privacy of individuals
whose personal records are in the custody of the University. As a
general rule, personal information contained in University records
should be collected, retained and disclosed in such a way as to protect
the privacy of the individual to whom the information pertains. All
faculty and staff should be aware of the necessity to protect the
privacy of individuals and should exercise the utmost discretion
when asked for personal information by third parties either in person,
in writing, by telephone or electronically.
2. STUDENT PERSONAL
RECORDS
Academic and
administrative departments, colleges and academic advisors should
be guided in their decisions by the "Guidelines for Confidentiality
and Disclosure of Student Academic Records" available from the
Registrar's Office. (The guidelines currently in use are attached
to this policy as Appendix A.)
This document
make it clear that students' names, addresses and tele-phone numbers
are not to be given out by any University office. Instructors who
anticipate a need for their students' telephone numbers should request
that information directly from the students. Except in the circumstances
noted in Section II.6.0 and II.6.1, University offices will provide
outside parties only with confirmation of a student's registration,
degree(s) earned and major(s), unless the student has specifically
authorized the release of additional information
3. PERSONNEL
RECORDS
Specific guidance
on the correct handling of confidential employment records can be
provided by the Department of Human Resources or, in the case of
faculty files, by the office of the Dean of Arts and Science. Department
heads should refer as well to relevant provisions in the faculty
and staff collective agreements, which supersede this general policy.
Department
offices may not provide any personal information about individuals
employed by the University, other than to confirm that they are on
the payroll, unless authorized to do so by the individuals concerned.
4. RECORDS REGULATED
BY OUTSIDE AGENCIES
In cases where
departments operate under outside regulations, such regulations supersede
the University's policy; for example, records maintained by University
Counselling service are protected under the provisions of the Mental
Health Act and the C.P.A. guidelines.
For all other
departments of the University, the following general guidelines are
to be followed in the collection, release and retention of personal
information:
5. COLLECTION
OF PERSONAL INFORMATION
(a) The University
shall collect or compile and record only such personal information
as is necessary for the proper administration of the university and
its academic programs and ancillary services.
(b) The purpose
for the collection of personal information shall be made clear to
the individual about whom information is requested or compiled, normally
by means of a disclaimer on the form.
6.0 LIMITS ON
ACCESS TO PERSONAL INFORMATION
Personal information
shall be accessible only to:
(a) the individual
to whom the information pertains:
(b) a person
or agency formally designated by that individual, and with the individual's
consent;
(c) an officer
or employee of the University who needs the record in the performance
of his or her legitimate duties;
(d) appropriate
persons (e.g. doctor, police officer, University official, parent)
in an emergency or for compassionate reasons affecting the health
or well-being of an individual or the university community providing
the individual is duly notified that such use was made of personal
information.
6.1 Personal
information shall be accessible only:
(a) for the
purpose for which it was explicitly collected or compiled;
(b) for the
purpose of complying with an act of federal or provincial legislation,
or a law enforcement matter normally where the University has been
served with a court order or subpoena;
(c) in order
that individuals may verify the accuracy of the information held
about them and/or request correction or the inclusion of a statement
of disagreement.
6.2 Access to
information in one's own personal record may be denied in the following
circumstances:
(a) if disclosure
would constitute an unjustified invasion of another individual's
personal privacy;
(b) in cases
where information is evaluative or opinionate such as that collected
during peer or other review processes; or in the course of evaluating
candidates for awards, bursaries, research grants, scholarships or
other forms of financial assistance; or while evaluating eligibility
for admission to an academic program of the university; or in the
course of evaluating candidates for employment within the university
or in the awarding of a contract with the university;
(c) where disclosure
would violate the solicitor-client relationship;
(d) where disclosure
could reasonably be expected to seriously threaten the safety or
health of an individual;
(e) where disclosure
could reveal the identity of a source who furnished information in
circumstances where it may reasonably have been assumed that the
identity of the source and/or the information would be held in confidence.
7. MAINTENANCE
OF PERSONAL RECORDS
Records containing
personal information relating to faculty, staff, students, alumni
or volunteers which is collected and maintained in a University administrative
office should be stored in a secure manner, preferably in locked
filing cabinets within offices which are lockable outside of working
hours. Appropriate security precautions should be taken to safeguard
personal information which is stored electronically.
Personal records
should be kept only as long as they might reasonably be expected
to be needed, or as long as required under relevant legislation,
collective agreements, contracts or statutes of limitation for the
courts. For employment records with unspecified retention periods,
reference may be made to the time frames adhered to by the University's
Department of Human Resources. While the electronic student transcript
will be retained in perpetuity, a retention policy for the contents
of the official student academic record is to be developed by the
Registrar's Office.
When personal
records are no longer required, they should be shredded to protect
privacy. Items of historical significance should be transferred to
the University Archives.
III.
ACCESS TO GENERAL UNIVERSITY RECORDS
1. BASIC PRINCIPLE
OF ACCESS
As part of
its commitment to public accountability, Trent University supports
the right of access to general University records. Further, it is
the University's view that the freedom to access information is essential
for an effective and informed University community.
2.0 EXEMPTIONS
FROM ACCESS PRINCIPLE
The following
are instances in which the University may, but will not necessarily,
deny access to general information:
2.1 Trent University
may refuse to disclose information concerning:
the past, present
or proposed research activities of members of the university community
where disclosure would undermine the professional or personal interests
of the researchers or where disclosure would be contrary to the public
interest.
2.2 Trent University
may refuse to disclose a record which contains:
(a) financial,
commercial, scientific or technical information that belongs to Trent
University and has monetary or potential monetary value or could
reasonably be expected to prejudice the economic interest of Trent.
(b) information
owned by Trent, if the disclosure could reasonably be expected to
deprive an individual or Trent University of priority of publication;
(c) questions
that are to be used in University examinations or tests.
2.3 Trent University
may refuse to disclose a record if disclosure could reasonably be expected
to:
(a) prejudice
the competitive position or interfere with the contractual or other
negotiations of a person, group or organization;
(b) result
in information no longer being supplied to Trent where it is in the
University's interest that similar information continue to be so
supplied;
(c) result
in undue loss or gain to any person, group, committee, financial
institution or agency;
(d) reveal
positions, plans, procedures, criteria or instructions to be applied
to any negotiations carried on or to be carried on by or on behalf
of Trent University including information supplied to, or the report
of, a conciliation office, mediator, labour relations officer or
other person appointed to resolve a labour relations dispute;
(e) interfere
with a law enforcement matter;
(f) interfere
with an internal disciplinary proceeding or process for conflict
resolution;
(g) prejudice
the relations between Trent University and federal or provincial
government authorities or other agencies providing funding to the
University or any of its constituent units;
(h) reveal
information received in confidence from federal, provincial or foreign
government authorities or from other universities, colleges and similar
institutions and from organizations formed for the purpose of representing
the interests of such organizations or various constituencies within
them.
(i) prejudice
the solicitor-client relationship.
2.4 Trent University
may refuse to disclose a record where the disclosure would reveal the
substance of any closed-session deliberations of its senior governing
bodies (Board of Governors and Senate) or their committees, or of the
President's Executive Group, or of a presidential advisory committee,
including:
(a) an agenda,
minutes, meeting materials or other record of closed-session deliberations
or decisions;
(b) a record
containing policy options/recommendations or a record containing
background explanations/analyses submitted for consideration in making
decisions or policy, before these decisions or policies are made
or implemented;
(c) draft documents
not yet authorised by the President for release.
2.5 Trent University
may refuse to disclose records pertaining to deliberative processes
where:
(a) such disclosure
would be preliminary or would undermine the effectiveness of those
processes (for example, a record where disclosure would reveal the
confidential advice or recommendations of a person employed by Trent
or a consultant retained by Trent);
(b) the records
would reveal plans relating to the management of personnel or the
administration of Trent University that have not yet been put into
operation or made public.
IV.
POLICY ADMINISTRATION
1. PRIVACY PROTECTION
/ FREEDOM OF INFORMATION OFFICER: ("the Officer")
The University
shall designate an employee to act as the Officer responsible for
assisting the University community to comply with this policy. The
Officer has the authority to receive, and make decisions on, requests
for access to information or for the correction of personal data
under the policy. Such requests may come to the Officer directly
from parties seeking information or corrections, or by referral from
departments or individuals who have been asked to supply or correct
information where there are questions concerning the application
of the policy.
2. PRIVACY PROTECTION/FREEDOM
OF INFORMATION COMMISSIONER: ("the Commissioner")
The University
shall appoint a Commissioner responsible for reviewing decisions
made under this policy by the Officer or by a University department,
when such decisions are appealed. Following investigation, the Commissioner
may advise the President to either confirm or reverse the University's
decision.
The Commissioner
also monitors the University's compliance with this policy and recommends
amendments to the policy, where appropriate. The Commissioner provides
the Board of Governors with an annual report on the nature and disposition
of complaints made to the Commissioner. Where possible, the Commissioner
should be an external volunteer with a legal background. He or she
may serve for a renewable term of up to three years.
3. THE PRESIDENT:
The President
is responsible for making a final decision on any matter under appeal.
In the event that the President does not accept the recommendation
of the Commissioner, this decision and the reasons for it shall be
reported to the Board of Governors.
V.
PROCEDURES FOR ACCESSING RECORDS
1. REQUESTS
IN WRITING:
Persons seeking
access to a University record, other than employees in the course
of their regular duties, shall normally make their request in writing
to the appropriate department head, providing sufficient detail to
make it possible for the department to identify the record. Alternatively,
requesters of information may submit their request directly to the
Freedom of Information/Privacy Protection Officer who shall provide
a copy of the request to the department concerned. Non-routine requests
for information, or those which require policy inter-pretation, should
be referred to the Officer.
2. RESPONSE
TO REQUESTS:
Administrative
and academic departments of the University shall respond to requests
for information in a timely fashion. Responses to non-routine requests
will be provided in writing or electronically, normally within 30 days
and will indicate:
(a) that access
to all or part of the record will be given and the particulars of
how the record may be accessed; or
(b) that access
to all or part of the record will not be given; or
(c) that the
record is not within the control of the University.
If the request
is for a large number of records, or necessitates a time-consuming
search or lengthy consultations, the time limit for responding may
be extended and the person making the request will be advised of the
reason for the delay.
3. CHARGES BY
DEPARTMENTS:
Departments will
normally require a person who requests access to a general university
record (other than an employee in the course of his or her regular
duties) to pay one or more of the following charges:
(a) a search
charge, based on the principle of cost recovery, for every hour of
manual or electronic search or other preparation required in excess
of 1 hour to locate or compile a record;
(b) the cost
of preparing the record for disclosure and providing copies of the
record;
(c) shipping
costs.
Departments shall,
before giving access to a record, provide a reasonable estimate of
the costs involved. Such fees may be the subject of an appeal to the
Commissioner under Section V.4 of this policy. Individuals seeking
access to their own personal information will be charged only for the
costs of preparing transcripts and/or photocopies.
4. APPEALS:
Within 30 days
of receiving notice of a decision by a department head or by the
Officer regarding the release, cost, amendment or withholding of
a record, an appeal pursuant to IV 2(b) may be filed in writing with
the Commissioner.
As soon as
possible following receipt of the appeal, normally within 10 working
days, the Commissioner shall provide the respondent (normally the
person who made the decision being appealed against) with a copy
of the appeal and may invite this individual to make a submission
in support of his or her position. The Commissioner may examine any
record in the custody or under the control of the University and
may meet with the complainant, the respondent and the affected individual(s),
if applicable. Unless the Commissioner is unavailable during all
or part of this time, the investigation should be completed and a
decision rendered within 30 days of receipt of the written appeal.
The Commissioner
may recommend in writing that the President confirm the decision
being appealed, or vary it, in whole or in part. The President then
makes a decision as outlined in IV.3.
| 
