Freedom of Information and Protection of Privacy
Operations and General Administration
Vice-President, Finance and Resources
Authorization: Board of Governors
Approval Date: Dec 12, 2008
Amended: Dec 16, 2013
The purpose of this policy is to ensure that the University of Saskatchewan complies with its obligations under The Local Authority Freedom of Information and Protection of Privacy Act (the "Act") to provide appropriate public access to information and to protect the privacy of Personal Information that is in the possession or under the control of the University of Saskatchewan (the "University").
1. Freedom of Information:
As a publicly funded institution, the University will act in an accountable and open manner when receiving and responding to Requests for information. Requests will be reviewed objectively in terms of the University's obligations to the public and under the Act and will not be based on the individual or organization making the request. In striving to meet this commitment, the University will take into account the rights and interests of any Third Party who may be directly impacted by a Request.
2. Protection of Privacy:
In order to fulfill its mandate, it is necessary that the University collect, create and maintain Personal Information about students, faculty, staff, alumni, retirees and other individuals. In accordance with the terms of this policy and the Act, the University will take reasonable and prudent measures to protect and maintain the privacy of any such Personal Information in its possession or under its control.
All University policies and procedures are subject to and shall adhere to the provisions of the Act unless otherwise expressly permitted by law.
Scope of this policy
This policy applies to all Members of the University Community with access to information maintained by the University. This policy applies to information recorded in any format.
Other University policies may complement this policy, particularly those governing access to institutional data and programs, systems, etc. that collect, use or disclose personal information. These may include, but are not limited to, the following policies:
- Computer Use
- Data Management, Data Access and Data Use
- Electronic Mail (e-mail)
- Management of University Records
In this policy:
- "Act" means The Local Authority Freedom of Information and Protection of Privacy Act;
- "Authorized Employee" means an employee, member of faculty or any other staff member of the University whose position and/or duties require regular or periodic access to Personal Information in the possession or under the control of the University;
- "Members of the University Community" or "Member" means all employees, faculty or other staff as well as agents, contractors, persons or organizations acting for or on behalf of the University;
- "Personal Information" means personal information about an identifiable individual that is recorded in any form, as defined by section 23 of the Act;
- "Regulations" means regulations made by the Lieutenant Governor in Council pursuant to section 57 of the Act;
- "Request" means an application pursuant to section 6 of the Act for access records in the possession or under the control of the University;
- "Third Party" means a person, group of persons or organization, including an unincorporated entity, other than an applicant or the University, and with respect to Personal Information, a person, group of persons or organization, including an unincorporated entity, other than the individual to whom the Personal Information relates; and
- "University" means the University of Saskatchewan.
2. Freedom of Information
- Individuals have the right of access to records in the possession or under the control of the University, subject to exemptions set out in the Act.
- Provision of access to a record may be subject to payment of fees set out in the Regulations.
- The University will continue to provide routine access through existing procedures to information that is in the public domain and/or subject to public disclosure under the Act: i.e. providing access to such information without requiring a formal access to information request in appropriate circumstances.
3. Protection of Privacy
a) Collection of Personal Information
Personal Information will be collected only in the following circumstances:
- when it is necessary for the proper administration of the programs, services or general operations of the University of Saskatchewan;
- when it is expressly authorized or required by an enactment of the Government of Canada or the Province of Saskatchewan; or
- for the purposes of law enforcement.
Members of the University Community responsible for collecting Personal Information will be able to provide the reason(s) that the collection of such information is necessary.
To the extent that the Member collecting Personal Information is unable to answer questions regarding the reasons for collection, the person seeking clarification will be directed to another Member who is better suited to respond to the question(s) being asked.
Personal Information about an individual will be collected directly from that individual unless circumstances require that it be obtained from another source.
b) Protection of Personal Information
The University, and its Members will take reasonable and prudent measures to protect Personal Information from unauthorized collection, access, use, disclosure or destruction.
Personal Information will be accessed by Authorized Employees only for the purposes outlined in Paragraph 3(c) and (d) of this policy.
Personal information will be stored in a manner which limits access to Authorized Employees only. This will include:
- storing Personal Information in locations which are not generally accessible to all employees and/or the general public;
- securing the rooms and/or filing cabinets containing Personal Information during those times that an Authorized Employee or staff member is not present; and
- restricting access to Personal Information that is stored in an electronic format to Authorized Employees by requiring the entry of user names and passwords.
c) Use of Personal Information
The University may only use Personal Information:
for the purpose(s) for which it was obtained or compiled, or for a use consistent with that purpose;
for a purpose permitted, authorized or required by the Act; or
for any other purpose provided that the explicit consent for such use has been provided by the individual to whom the Personal Information relates, or by someone duly authorized to provide such consent on behalf of that individual.
d) Disclosure of Personal Information
The University will only disclose Personal Information to Third Parties or allow it to be made public:
- for the purpose(s) for which it was obtained or compiled, or for a use consistent with that purpose;
- for a purpose permitted, authorized or required by the Act;
- for a purpose which is expressly authorized or required by an enactment of the Government of Canada or the Province of Saskatchewan; or
- for any other purpose provided that the explicit consent for the disclosure has been provided by the individual to whom the Personal Information relates, or by someone duly authorized to provide such consent on behalf of that individual.
e) Access and Correction of Personal Information
The University will make reasonable efforts to ensure that all Personal Information in its possession or under its control is as complete and accurate as is required for the purpose(s) for which it was collected.
Subject to any exemptions or restrictions set out in the Act, or in any other enactment of the Government of Canada or the Province of Saskatchewan, individuals shall have the right to access Personal Information about themselves which is in the possession or under the control of the University. A formal Freedom of Information request may not be required where individuals are seeking access to Personal Information about themselves.
In the event that any of the Personal Information in the possession or under the control of the University is incorrect, incomplete or otherwise inaccurate, the individual to whom that Personal Information relates has the right to request that it be amended or corrected. When such corrections have been requested, the University will review and confirm the corrections and provided that it is satisfied that a correction is warranted, the University will make the correction as soon as reasonably possible.
f) Retention and Disposal of Personal Information
Personal Information will be retained by the University in accordance with the retention schedule applicable to the information and department, college or administrative unit which has responsibility for that Personal Information.
Personal Information that is deemed by the University Archives to be of historical value will be retained on a permanent basis. Such information will be discolsed only in accordance with the Act.
Once Personal Information is no longer needed for administrative, regulatory, legal or historical reasons, it will be disposed of in the following manner:
- Paper records shall be destroyed by shredding, incineration or pulping; and
- Electronic records shall be deleted in such a way that the information they contained cannot be recovered using current technology.
The University may, where it is advisable or necessary for the efficient and proper operation or management of its programs, services or general operations, enter into agreements with external individuals or organizations which allows them access to certain Personal Information in the possession or under the control of the University for specified purposes. Any such agreements will include provisions that obligate the external individuals or organizations to ensure that all such Personal Information is protected and any collection, use or disclosure complies with this policy and the Act.
The Vice-President Finance and Resources is the designated Head for the purposes of section 2(e) of the Act. The Head has authority for all decisions made on behalf of the University pursuant to this policy and under the Act.
An Access and Privacy Officer shall be appointed to advise on and coordinate freedom of information and protection of privacy matters. The Access and Privacy Officer, in consultation with the appropriate colleges, departments, and administrative units, the Head and others as required, is responsible for responding on behalf of the University to all Requests for information. The Access and Privacy Officer will also provide advice to colleges, departments, and administrative units relating to freedom of information and protection of privacy issues.
As appropriate, colleges, departments and administrative units will designate employees to act as unit coordinators for freedom of information and protection of privacy issues in consultation with the Access and Privacy Officer.
The University may take one or more of the following actions against anyone whose actions are in violation of the Act, other applicable privacy laws or this policy:
- Legal action that could result in criminal or civil proceedings; or
- In the case of students, disciplinary action under the Council regulations for Student Academic Dishonesty and/or the University of Saskatchewan Standard of Student Conduct; or
- In the case of employees, faculty or other staff, disciplinary action in accordance with applicable collective agreement(s), legislation and/or common law, up to and including immediate termination of employment.
The Head, in consultation with appropriate colleges, departments and administrative units, may establish guidelines and procedures arising from this policy as required.
Members of the University Community will contact the Access and Privacy Officer for guidance on complying with the Act and applying this policy and any related procedures.
Retention and disposition schedules:
Schedules for the retention and disposition of records are approved and disseminated in accordance iwth the Management of University Records Policy.
There are no other documents associated with this policy.
Contact Person: Access and Privacy Officer