Responding to requests for information

Guidelines on responding to requests for information

On June 10, 2006 the university became subject to the Freedom of Information and Protection of Privacy Act (FIPPA).  This guideline explains how the university complies with the obligations imposed by FIPPA in light of its existing policies and procedures.

FIPPA has two distinct purposes. 

  • One purpose is to give members of the public a general right of access to some (but not all) records in the university’s “custody or control”. 
  • The other purpose is to protect individual privacy, in part by giving individuals a right to request access to university records containing their own personal information.  Personal information is information about an identifiable individual.  It includes things such as an individual’s home address and home telephone number, student number and educational history (including grades).  It does not include information that relates to an individual in their professional or employment capacity or as a spokesperson for an organization (e.g. business contact information, business correspondence and other work product of university employees and agents).

Although these purposes do not conflict with the principles underlying the university’s existing policies and procedures, members of the university community may expect some minor changes. The most significant change is the identification of the Privacy Officer, Karen Jack.  As explained further below, part of the Privacy Officer's role is to assess formal requests for access under FIPPA when access issues cannot be resolved informally through normal practices and procedures.

Treatment of student personal information

Since FIPPA imposed new formal requirements with respect to student privacy, Policy 46, Information Management, was amended to reflect the legislation.  As explained in the amended policy, the university continues to disclose the following information about students to members of the public who request it for the purpose of confirming academic status and/or achievement:

  • degree(s) received and date(s) of convocation
  • former or current faculty or college of enrolment
  • former or current programs of study
  • session(s) in which a student is/has been registered
  • awards based on academic merit

The university gives students clear notice of this disclosure practice during the registration process.  Students who prefer that such information not be released are directed to so notify the Registrar’s Office or the Graduate Studies Office in writing.

Students continue to have access to their own personal information.  The rules for access were formally governed by Policy 46 itself, but now are governed by the more detailed rules established in FIPPA.  Faculty members may continue to provide students access to their own personal information as they have done in the past.  In the event of a dispute about whether a student may have access to a record about him or herself (perhaps because it was submitted to the university in confidence), the student should be advised to make a formal access request to the Privacy Officer.

Treatment of employment-related records

FIPPA does not apply to employment-related records.  This means, in general, that members of the public do not have a right to request access to employment-related records in the university’s custody or control.  Although it also means that university employees do not have formal privacy rights under FIPPA, the university continues to protect the privacy of staff and faculty in accordance with established policy and practice.

Faculty members continue to have access to their own files as provided in Policy 75: Official Employment Files of Regular Faculty Members

Staff members continue to have access to their own employment file as provided in Policy 18: Staff Employment, Appendix C.

Public access to administrative records

As explained, FIPPA gives members of the public a general right of access to records in the university’s custody or control.  Importantly, this does not include:

  • records “respecting or associated with research” conducted or proposed by a University employee or a person associated with the University; and,
  • records “of teaching materials” prepared by an employee of the University or by a person associated with the university for use at the university.

Most other administrative records (that are not employment-related) are subject to FIPPA.  There are, however, a number of exceptions in FIPPA.  When these exceptions pertain to specific records, the university may keep these records confidential and the university is required to assess each formal request for access individually to determine whether any of these exceptions apply.  This assessment is conducted by the university’s Privacy Officer in consultation with staff, as appropriate.

Staff and faculty may, from time-to-time, receive informal requests for access to administrative records from members of the public.  FIPPA does not prevent the informal disclosure of records or information and staff and faculty should be “open” and answer informal requests if it is clear that the record or information requested is not confidential.

While it is not possible to define “confidential information” categorically, staff and faculty who receive informal requests for information and records should understand that FIPPA does not change what the university views as confidential.  Here are some examples of university records which contain confidential information:

  • records containing personal information (except the student information listed above)
  • records containing information from third-parties which has been provided to the University in confidence (e.g., tenders, contract bids, leases, agreements)
  • minutes of meetings held in camera
  • records containing advice or recommendations about university administration
  • records relating to academic and human resources investigations

If a person requests access to these or other or records which contain confidential information he or she should be asked to make a formal access request to the Privacy Officer.