The Freedom of Information and Protection of Privacy Act (FOIPPA) requires Vancouver Island University (VIU) to protect personal information in its custody or under its control. FOIPPA requires that access to personal information be provided to employees and service providers contracted to VIU based on need-to-know principles and only for a purpose consistent with the original collection notification.
Departments that collect highly sensitive personal information must take extreme care to protect personal privacy. Students using these services are provided with explicit assurance that their personal information is being kept strictly confidential and this confidentiality must be strictly enforced by VIU.
Departments must not share sensitive personal information with other departments without the appropriate authority to do so. There are very few exceptions to the sharing of personal information and VIU should always err on the side of protecting personal information.
Any request for access to personal information outside of these guidelines should be approved by the VIU Privacy Officer.
Definitions
Personal Information is defined as recorded information about an identifiable individual excluding business contact information.
Business Contact Information means information to enable an individual at a place of business to be contacted and includes the name, position name or title, business telephone number, business address, business email or business fax number of the individual.
Recommended Guidelines
Disclosure of personal information between departments at VIU must be based on a need-to-know threshold and only for a use consistent with the original purpose.
Any exchange of personal information between VIU departments must be in support of, or consistent with, the notification provided to an individual at the time of collection. Note that individuals who share sensitive personal information (e.g., counselling files) should be familiar with these guidelines and be encouraged to review it regularly. Any requests for disclosure outside the parameters of notification at the time of collection must be approved by VIU’s Privacy Officer.
Failure to follow this practice could result in a privacy breach. A privacy breach occurs when personal information is collected, used, disclosed, or accessed in a way that does not comply with the provisions of FOIPPA. If VIU discovers that personal information in its custody or under its control has been inadvertently or intentionally disclosed without authorization VIU must immediately follow the procedures outlined in the Privacy Breach Protocol.
Questions
If you have any questions regarding these guidelines, please contact VIU’s Privacy Office at Privacy.Officer@viu.ca.