Information Session Confidentiality and Privacy of Student Records
- Slides: 22
Information Session Confidentiality and Privacy of Student Records
Confidentiality and Privacy of Student Records Overview of session: • Introduction of Policy • Review of FOIPOP Act, personal information, access and privacy rights, PIIDPA • Implementation & enforcement • Questions…
The Registrar and His Office ü maintain/protect student records ü control access to student information ü are authorised to release official information
Three Points. . . 1. In the process of getting students from admission to graduation CBU must collect personal information from students. • there is a duty to ensure that information is used only for the intended purpose • there is a duty to ensure that information is held in confidence and that students’ privacy is respected
Three Points… 2. The Registrar is the guardian for students’ records at CBU. • access is controlled • official information may only be released by the Registrar and his office under certain conditions
Three Points… 3. A clear distinction must be made between public and private information. • expectations about privacy are changing due to changes in legislation and decisions rendered by the courts • only a very few pieces of information may be released without the student’s permission
Disclosures Authorized by FOIPOP Ø period of registration Ø programme of studies Ø credentials awarded Ø dates of graduation
Freedom of Information and Protection of Privacy Act (FOIPOP) • Nova Scotia was the first province in Canada to enact a Freedom of Information Act in 1977. • The Act was replaced in 1993 by the considerably improved Freedom of Information and Protection of Privacy Act (in force 1994). • In 1999, the provincial Act was also extended to cover local public bodies including hospitals, universities, colleges and school boards (in force 2000).
A Summary of FOIPOP … “…all public bodies, municipalities and local public bodies are obliged to adopt a policy of accountability, openness and transparency and to provide a right of access to information with limited exceptions. They are also obliged to ensure the protection of individuals' personal privacy. ” - NS Freedom of Information and Protection of Privacy Review Office
Information and Privacy Rights You have two major rights under the Acts: • the right of access to records in the custody or under the control of a public body, including your own personal information; and • the right of protection of the privacy of your personal information in the custody or under the control of a public body.
What is a record under the Act: • A record is documented or fixed information. This information may be correspondence, a video, emails, databases or any other source of recorded or stored information. • The Act applies to all records in the custody or under the control of the public body. • You have the right to request access to all
Personal Information: “Personal Information” section 3. 1 (i) the individual’s name, address or telephone number, (ii) the individual’s race, national or ethnic origin, colour, or religious or political beliefs, (iii) the individual’s age, sexual orientation, marital status or family status, (iv) an identifying number, symbol or other particular assigned to the individual, (vii) information about the individual’s educational, financial, criminal or employment history, (viii) anyone else’s opinion about the individual,
FOIPOP: a balance of access and the protection of privacy 15 exemptions under the Act including: • someone else's personal information; • an applicant’s personal information if the disclosure would be an unreasonable invasion of a third party’s personal privacy; • any information that would reveal advice, recommendations or draft regulations developed by or for a public body or minister; • information of any kind obtained by a conciliation board, conciliation officer, or mediator.
Basic Privacy Rules • • No collection unless authorized No use unless authorized No disclosure unless authorized Keep personal information secure
Personal Information International Disclosure Protection Act (PIIDPA) • public bodies and municipalities are required to ensure personal information held by them (or a service provider acting on their behalf), remains in Canada, is accessed, and is disclosed only in Canada, unless certain circumstances exist. • PIIDPA makes it illegal for public bodies and municipalities to disclose information outside of Canada, or store personal information at (or allow it to be accessed from) locations outside Canada, unless certain circumstances exist. • if a public body or municipality, or their service providers (inside or outside Canada), stores your information outside of Canada, or allows anyone to view your files, they must tell the Minister of Justice why it is necessary to do so. • Any individual employee who violates the provisions of this law is
Seriousness of Confidentiality & Privacy • CBU must ensure student records are protected • It’s the right thing to do • It’s the law • Concept of ‘confidentiality’ is not new to employees but ‘privacy’ may be • Requirements are not new – well established in CRA, Health Authorities
Why a Written Policy? • Clarity – for employees and students • - Students who work for CBU are “employees” • Transparency – makes CBU’s commitment public • Protect CBU and Employees • Protect from complaints under the Act • Protect CBU and employees from legal
Why a Written Policy? • Individuals as well as organizations are being sued in Canada • Civil “tort” civil action for “intrusion upon seclusion” • BMO in 2012: $10, 000 damages awarded for viewing of bank records by an employee (Jones v Tsige, 2012 – Ontario) • Class Action Suit – South West Nova DHA • $1 million settlement following employee “inappropriate” access to health information
DISCIPLINARY PROCEDURE: What does this mean for staff “Violation of this policy may lead to disciplinary action, up to and including termination. ” • CBU views a violation as a serious matter • As with any allegation or complaint, the Manager will investigate: • Review of the facts to determine what occurred • Review the employment record any mitigating circumstances • Assess disciplinary penalty • First violation will result in a letter of discipline • Specifics of letter will reflect the facts
Advice Two easy pieces of advice: • Be respectful of students’ privacy, and follow the policy • If in doubt, ask the Registrar
Questions… Contact: Brendan Mac. Donald– brendan_macdonald@cbu. ca x 1853 Bette Yetman – bette_yetman@cbu. ca x 1157 FOIPOP: Catherine Arseneau - catherine_arseneau@cbu. ca x 1326 PIIDPA: Debbie Rudderham –
Resources Web Resources: http: //www. cbu. ca/registrars-office http: //foipop. ns. ca/ http: //novascotia. ca/just/IAP/PIIDPAquest. asp #p 19
Confidentiality and privacy controls
Cvs privacy awareness and hipaa training answers
Safe schools training answers 2020 ferpa
Notice of confidential info rule 2-420
Maintaining student privacy
Social issues in information technology
Revealing information while preserving privacy
Conventional encryption and message confidentiality
Bcc trolling email
Anna easter brown
Uw absn information session
Uts plt
Wharton leadership ventures
Parent information session
Julia lane coleridge
Confidentiality using conventional encryption
Texas address confidentiality program
Confidentiality statement
Professional secrecy in medical ethics
Potential tension between maintaining confidentiality
Uams admissions
Secondary ethical principles
Confidentiality
