ÌÇÐÄvlog¹ÙÍø

Personal information includes details about an identifiable individual such as:

• Race, national or ethnic origin, religion, age, sex, sexual orientation and marital or family status
• Employment and educational history
• Medical, psychiatric and psychological history, prognosis, condition, treatment and evaluation
• Any identifying number (Social Insurance Number, student number), symbol or other assigned particular
• Home address and telephone number
• Personal opinions of or about the individual
• Name where it appears with or reveals one’s personal information
• Correspondence sent to ÌÇÐÄvlog¹ÙÍø by an individual that is implicitly or explicitly of a private or confidential nature and any reply to that correspondence that would reveal its contents.

Note: Information about individuals acting in their business or professional capacity is not personal information. This includes their name, title, work address (including office location), work telephone number and ÌÇÐÄvlog¹ÙÍø email address.

• Collect only the personal information you need to perform your duties
• Inform people about the collection and what you intend to do with their personal information
• Use personal information only for the purpose(s) for which it was collected, or for a consistent purpose
• Disclose personal information only to the individual to whom it relates (except in limited circumstances as specified in privacy laws and regulations).

Note: ÌÇÐÄvlog¹ÙÍø must provide notice of collection to the individual and in some cases obtain consent. If you have any concerns regarding the collection, use and/or disclosure of personal information, please contact the ÌÇÐÄvlog¹ÙÍø Privacy Office.

A record is considered any information in ÌÇÐÄvlog¹ÙÍø’s custody or control relating to students and employees or to ÌÇÐÄvlog¹ÙÍø’s business operations and the administration of academic programs and services. Records can be in printed form, on film, by electronic means or otherwise and include:

• Correspondence, memoranda, books, plans, maps, drawings, diagrams, pictorial or graphic works, photographs, film, microfilm, sound recordings, videotapes, machine-readable records and other documentary material regardless of physical form or characteristics and any copy thereof
• Any information that is capable of being produced from a machine-readable record under ÌÇÐÄvlog¹ÙÍø’s control by means of computer hardware and software or any other information storage equipment and technical expertise normally used by ÌÇÐÄvlog¹ÙÍø, or to which ÌÇÐÄvlog¹ÙÍø can reasonably gain access
• Emails, including additional/forwarded copies.

A privacy breach involves the improper or unauthorized collection, use, disclosure, retention or disposal of personal information, in contravention of applicable privacy laws and regulations. The breach may affect an individual or a group.

A suspected or confirmed breach of personal information must be reported immediately to your supervisor, who should then contact the ÌÇÐÄvlog¹ÙÍø Privacy Office. If you believe your ÌÇÐÄvlog¹ÙÍø computer and/or email/MyÌÇÐÄvlog¹ÙÍø account have been compromised, immediately call the and change your password.

Preliminary questions to consider when addressing a privacy breach, include:

• What was the date of the incident?
• Where did the incident occur?
• What information/records need to be analyzed?
• When was the incident discovered?
• What was the sequence of events?
• Has the incident been contained (or is it continuing to occur)?

The (FIPPA) is provincial legislation that governs how ÌÇÐÄvlog¹ÙÍø and other public institutions and agencies handle personal information.

FIPPA has two purposes:

1. Access: To provide the public with a right of access to information in the custody or under the control of institutions and agencies. FIPPA covers all ministries of the Ontario Government and any agency, board, commission, corporation or other body designated as an institution in the regulations.
2. Privacy: To protect the privacy of individuals’ personal information held by institutions and to provide a right of access for individuals to their own personal information.

FIPPA authorizes ÌÇÐÄvlog¹ÙÍø to use personal information as required for the purpose of its core business activities and work placements. All employees are obligated to adhere to FIPPA and ÌÇÐÄvlog¹ÙÍø’s Freedom of Information and Protection of Privacy Policy.

The (PHIPA) is provincial legislation that applies to personal health information held by ÌÇÐÄvlog¹ÙÍø, which may include health history, Ontario health card number and records of care. All employees are obligated to adhere to PHIPA and ÌÇÐÄvlog¹ÙÍø’s Personal Health Information Protection Act Statement.

ÌÇÐÄvlog¹ÙÍø collects personal health information when providing counselling, consultation and health services and in compliance with external regulators. Health Care professionals at ÌÇÐÄvlog¹ÙÍø are regulated by the College of Physicians and Surgeons Ontario, College of Psychologists of Ontario, College of Social Workers and Social Service Workers, College of Occupational Therapists Association, College of Nurses of Ontario and other licensing bodies, which may inspect records and interview professional staff as part of their regulatory activities in the public interest.

ÌÇÐÄvlog¹ÙÍø is committed to protecting student and employee privacy and ensuring the confidentiality of personal health information. Individuals have the right to request access to their health records or to request a correction to the record.

On May 25, 2018, the (GDPR) came into effect. It is European Union (EU) regulation on data protection and privacy for all individuals within the EU. It affects all EU-based organizations and those that provide goods and services to, or monitor the behaviour of, individuals in the EU.

ÌÇÐÄvlog¹ÙÍø must comply with GDPR when it processes the personal data of individuals who reside in the EU, including ÌÇÐÄvlog¹ÙÍø students and employees.