Legislation and VIU's Privacy Management Program
As a public body, VIU must comply with B.C.’s Freedom of Information and Protection of Privacy Act (FIPPA). FIPPA requirements impact VIU’s operations across all employment, commercial, communication, financial, wellness, recreational and educational activities that involve the use of personal information.
FIPPA regulates VIU employees and volunteers, as well as the employees, officers, directors, affiliates and subcontractors of people or companies VIU contracts with to perform services.
FIPPA does not regulate the activities of students unless they are also employees, volunteers or service providers of VIU. It also does not regulate independently incorporated entities that are associated with VIU, such as the Alumni Association.
VIU’s Privacy Management Program (PMP) is a comprehensive road map that sets out VIU’s obligations under FIPPA. VIU’s Access and Privacy Best Practice Guides link the requirements of FIPPA and the PMP to the day-to-day functions that VIU employees carry out in our work. These guides provide more detailed information on the processes that enable VIU employees and service providers to ensure compliance with FIPPA when collecting, using, disclosing, storing, sharing and providing access to information.
VIU’s FIPPA Obligations
FIPPA protections apply to VIU students, faculty members, directors, officers, employees, affiliates and contractors. All have the right to expect public bodies to protect their personal information by ensuring that it is collected, used, disclosed and retained in a lawful and appropriate manner. They also have the right to:
- access their own personal information;
- request correction of their own personal information if they believe it is inaccurate;
- consent to the collection, use and disclosure of their personal information; and
- complain to the Information and Privacy Commissioner about privacy breaches.
These rights, and VIU’s corresponding obligations under FIPPA, fall into two main categories: Privacy and Access.
Privacy is the right to be left alone and includes the control over, and protection of, one’s personal information. To conduct the affairs of the University, VIU collects, uses, stores and discloses personal information and must ensure that it does so in a manner that protects individuals’ privacy as mandated by FIPPA.
Privacy is not the same as Confidentiality. Confidentiality means safeguarding information to ensure that VIU is able to conduct business, make decisions, and operate safely and effectively while having control over what it communicates both internally and publicly. Information, where confidentiality is concerned, does not necessarily include personal information, whereas the privacy arm of FIPPA only deals with personal information. FIPPA does not regulate confidentiality, but often privacy and confidentiality in our work are closely related. For example, when working remotely, VIU employees have privacy related obligations when handling personal information. They also have confidentiality related obligations to work in ways that prevent the release of confidential workplace information to others in their household or other remote work location. VIU’s Privacy Office oversees privacy matters; its Human Resources Department is responsible for confidentiality matters.
Access refers to the ability of individuals to retrieve their own records and make corrections to their personal information. Access also includes the ability of anyone to request copies of their own records as well as VIU records that are mandated under FIPPA to be made publicly available.