Privacy

Emily Carr is committed to protecting the personal information in its custody and control. The Freedom of Information and Protection of Privacy Act (FIPPA) requires that Emily Carr protect personal information by making reasonable security arrangements against unauthorized access, collection, use, disclosure or disposal.

Employee Responsibilities

Emily Carr employees, services providers and volunteers must abide by FIPPA in their duties associated with the University. Contractors, volunteers and businesses must be advised that Emily Carr is covered under FIPPA as there are specific legal responsibilities to be considered by Emily Carr and its partners in education.

As stated in the employee Code of Conduct and university policies, employees must take all reasonable steps available to protect the privacy of anyone whose personal information is held by the University. They should be aware of their FIPPA obligations when collecting, using and disclosing personal information based on the following principles:

Key Privacy Protection Principles

  • Individuals own their personal information and have a legal right to privacy protection
  • Emily Carr may only collect information that is directly relevant and necessary to the operations of the University
  • Emily Carr must notify individuals of all intended purposes for collecting the information
  • Emily Carr must use or disclose information only for the original purpose identified; a purpose consistent with the original purpose; a different purpose as authorized by the individual; or a specific purpose identified in FIPPA
  • Emily Carr must limit access to information to only those employees who need the information to perform their duties
  • Employees must prevent the unauthorized disclosure of personal information and must immediately report any such disclosures to the Information + Privacy Officer
  • Protection of public health and safety overrides protection of privacy, therefore there are certain situations when information must be disclosed
  • Emily Carr must make reasonable security arrangements to protect personal information in the custody or control of the University, including ensuring that it is stored and accessed only in Canada
  • Complaints about how personal information has been collected, used or disclosed can be directed to the Information + Privacy Officer at privacy@ecuad.ca

Information Incident / Privacy Breach

An information incident or privacy breach is a serious matter and should be reported immediately. Breaches occur when personal information is accidentally or purposefully accessed, used, or disclosed in ways that do not comply with FIPPA. If an employee has experienced, witnessed or is responsible for a breach of personal information, immediately notify the Information + Privacy Officer.


Useful Resources

Protection of Privacy FAQ

What is a record?

Records refer to all recorded information in paper and electronic form.

A record is defined in FIPPA as any books, documents, maps, drawings, photographs, letters, video/audio tapes, vouchers, papers, email and any other items on which information is recorded or stored by graphic, electronic, mechanical or other means.

What is personal information?

Personal information is any recorded information about an identifiable individual other than business contact information. Personal information includes information such as: name; home address; home phone number; race; origin; colour; political or religious beliefs; age; sex; sexual orientation; marital or family status; genetic information; personal history; health; education; finances; employment histories and any identifying number, symbol or other particular assigned to an individual.

All student information is personal information.

Can a faculty or staff member release student contact information, timetables, attendance records or tuition information to a third party, even the parent of an underage student or a faculty member?

No, not without the individual’s consent. A faculty or staff member may disclose certain information to another Emily Carr employee if the information is required for the individual to perform their job duties (on a “need to know” basis). Certain exceptions apply in an emergency situation and you may contact the Information + Privacy Officer for further information.

Can marked student reports or grade books be left in a publicly accessible area?

No. It is good practice to leave grade books in a secured drawer or filing cabinet to prevent unauthorized collection of personal data and to arrange for secure pick up of marked assignments.

Can student information be posted in a public place such as a hallway or office door?

No. Any personal and/or identifying information (e.g., names, emails) cannot be posted in a public place. If information must be posted, post by random student number only.

Can faculty or staff carry student information, grades or other personal information on their laptops or flash drives?

It is best not to carry such information this way. However, in some cases, employees may have Emily Carr information on their portable electronic devices and therefore encryption and passwords must be used to protect the information. Refer to University Policy 9.7 Laptop Security for more information. Should the information or device containing personal information be stolen or lost, immediately notify the Information + Privacy Officer as this may be a privacy or security breach.

Can employees store personal information collected on behalf of the University at any place other than Emily Carr?

No, all information collected for University business should remain secured on campus.

Do references required by potential students or employers require individual’s permission?

Reference checks must have consent from the individual prior to release of this type of personal information. The individual is normally entitled to copies of these references upon request, however certain exceptions apply. Contact the Information + Privacy Officer for further information.