Breach of security safeguards: • The loss of, unauthorized access to or unauthorized disclosure of personal information resulting from a breach of security safeguards or from a failure to establish safeguards.
FIPPA: • The Freedom of Information and Protection of Privacy Act (FIPPA)
Personal information: • Information about an identifiable individual
POLICY ELABORATION: • The purpose of this policy is to protect student privacy in accordance with FIPPA and all other applicable privacy legislation.
• MacMillian collects personal information from students under the legal authority of the Ontario Colleges of Applied Arts and Technology Act. • MacMillian collects personal information from students to offer comprehensive career oriented, post-secondary education and training and for the following related purposes: o making admission decisions and undertaking enrollment
o reviewing, evaluating and improving academic and non-academic programs o providing financial assistance and awards o providing academic and ancillary services o conducting alumni, development, marketing and promotional activities o institutional planning, research and statistics gathering o reporting to government agencies and professional licensing bodies o activities related to employment o making course/program evaluation and graduation decisions o administering the above activities o providing a safe learning and working environment
• MacMillian considers student records to be confidential. It only discloses student personal information to third parties based on written consent, if required by law or as otherwise authorized by section 42 of FIPPA. For example, section 42 of FIPPA permits the College to release personal information to aid a law enforcement investigation and to facilitate the auditing of government programs. The Ministry of Training, Colleges and Universities Act also requires MacMillian to comply with Ministry reporting requirements that may entail the disclosure of student personal information along with statistical or aggregate information.
• It is MacMillian’s policy to make the following information routinely available: o whether or not a student has received a particular academic award, honour or distinction, whether from MacMillian or an external third-party; and o diploma(s) or credential(s) that have been conferred by MacMillian and the date(s) of conferral.
• MacMillian employs reasonable security safeguards: o to protect student personal information in its control from loss, unauthorized access and unauthorized disclosure; and o to protect records in its custody or control from inadvertent destruction or damage.
• MacMillian maintains a procedure for responding to breaches of security safeguards. All employees and others who work for MacMillian are required to immediately report potential breaches to the Access and Privacy Coordinator. Human resources, information technology, executive staff and legal counsel will be consulted as required.
• MacMillian remains accountable for student personal information under its control, including information transferred to service providers for processing. MacMillian will use contractual and other reasonable means to protect personal information that has been transferred to service providers for processing.
• While student records are the property of MacMillian, students have a right of access to their records and personal information under FIPPA. College employees may provide
students with access to their own personal information informally, or may direct students to the Access and Privacy Coordinator to make a formal access request. Requests for records that include other students’ personal information should always be referred to the Access and Privacy Coordinator.
• Student records shall be maintained in accordance with legislative or other record retention requirements and, otherwise, a retention period set at MacMillian’s discretion. MacMillian takes reasonable steps to ensure that when student records are to be destroyed, they are destroyed in such a way that they cannot be reconstructed or retrieved.
• Questions about this policy and the college’s handling of student personal information may be directed to our Access and Privacy Coordinator via phone or email (firstname.lastname@example.org).
REFERENCES: Access to Student Records Procedure Freedom of Information and Protection of Privacy Act (FIPPA) Ministry of Training, Colleges and Universities Act Ontario Colleges of Applied Arts and Technology Act Privacy Breach Procedure
REVISION LOG: Academic Forum 3/15/2015
Academic Coordinating Committee 9/4/2017