Privacy and Confidentiality | Office of the Ombudsperson

Confidentiality is the cornerstone of the Ombuds Office. We maintain confidentiality for all visitors and keep all information provided confidential, except when:

You have given staff in the Ombuds Office permission to share information with a specific party or office.
Disclosure is required or authorized by law; or
Compelling circumstances exist that affect anyone’s health or safety.

In return, we ask that all visitors—including students, staff, and support persons—respect the confidentiality of our communications. This includes refraining from recording, distributing, or disclosing information shared during meetings, consultations, or correspondence without the permission of all parties involved.

This mutual commitment to confidentiality helps ensure a safe, respectful, and constructive environment for all individuals engaging with the Office.

How We Protect Your Privacy

Independent Database: The Ombuds Office uses a customized version of SuiteCRM to securely track visitor interactions. This system is independent of University platforms and designed specifically for our work. It allows us to manage cases confidentially and identify systemic patterns and trends—without compromising individual privacy.
No Formal Records: We do not create official University records of your visit.
Limited Access: Only Ombuds staff have access to case documentation.
Retention Controls: Information is retained only as long as necessary for the specific case and then securely deleted.
Compliance: We follow University privacy policies and comply with the Freedom of Information and Protection of Privacy Act (FIPPA).

Introducing Heidi Health

Starting January, the Ombuds Office will use Heidi Health, a secure transcription and note-taking tool, during consultations and investigative interviews. This tool helps us document conversations accurately and consistently while allowing us to focus on listening and supporting fairness.

Key Privacy Features of Heidi Health:

Operates independently of University systems.
Uses Canadian servers and end-to-end encryption.
Full transcripts are not retained; summaries are anonymized before storage.
Participation is optional—you can opt out when booking or at the start of your meeting.

Before adopting Heidi Health, we completed Information Risk and Privacy Impact Assessments and worked with the University’s Privacy Office and Privacy Advisory Committee to ensure the tool meets all legal and institutional standards.

Learn More

Your comfort and trust matter to us. If you have questions about how your information is handled or if you’d like more details about Heidi Health, SuiteCRM, or our confidentiality practices, we’re here to help.

Check out our Frequently Asked Questions for answer to commonly asked questions.
Read the University’s Privacy Policy to understand the broader framework we follow.
Contact the Ombuds Office directly if you’d like to talk through any concerns before your meeting.

We encourage you to ask questions and seek clarity. Understanding how your privacy is protected is an important part of feeling confident and supported when you engage with our Office.

Frequently Asked Questions: Privacy and Confidentiality

Why is confidentiality so important to the Ombuds Office?

Confidentiality is the foundation of our work. It ensures that visitors can speak openly and trust that their concerns will be handled with discretion. We do not create official University records of your visit, and information is only shared with your consent or when required by law or urgent safety concerns.

How does the Ombuds Office store information?

We use a customized version of SuiteCRM, an independent database designed specifically for our Office. This system allows us to:

Track visitor interactions securely.
Identify systemic patterns and trends without compromising individual privacy.
Access is strictly limited to Ombuds staff, and retention follows University privacy protocols.

What is Heidi Health?

Heidi Health is a secure transcription and note-taking tool that helps us document consultations and investigative interviews accurately and consistently. It allows us to focus on listening and supporting fairness rather than manual note-taking.

Is my information safe if Heidi Health is used?

Yes. Heidi Health was reviewed through a Privacy Impact Assessment and approved for use by the University’s Privacy Office and Privacy Advisory Committee. Key safeguards include:

Canadian data residency.
End-to-end encryption.
Independent operation (not connected to University systems).
No audio recordings.
Full transcripts are not retained; summaries are anonymized before storage.

Do I have to use Heidi Health?

No. Participation is optional. You can opt out when booking your appointment or at the start of your meeting.

What happens to my information after the meeting?

Transcripts are reviewed immediately and deleted.
Summaries are anonymized and stored in SuiteCRM for internal documentation and case tracking.
Information is retained only as long as necessary for the specific case, then securely deleted.

Can I ask for a copy of my meeting summary?

Yes. If you request a copy, we will provide a summary that excludes personally identifiable information wherever possible.

What if I have concerns about privacy?

Your comfort matters. If you have questions or concerns about how your information is handled, please contact the Ombuds Office directly at ombuds.office@uwaterloo.ca.

We encourage you to ask questions and seek clarity before your meeting.