Emily Carr is committed to protecting the personal information in its custody and control. The Freedom of Information and Protection of Privacy Act (FIPPA) requires that Emily Carr protect personal information by making reasonable security arrangements against unauthorized access, collection, use, disclosure or disposal.

Employee Responsibilities

Emily Carr employees, services providers and volunteers must abide by FIPPA in their duties associated with the University. Contractors, volunteers and businesses must be advised that Emily Carr is covered under FIPPA as there are specific legal responsibilities to be considered by Emily Carr and its partners in education.

As stated in the employee Code of Conduct and university policies, employees must take all reasonable steps available to protect the privacy of anyone whose personal information is held by the University. They should be aware of their FIPPA obligations when collecting, using and disclosing personal information based on the following principles:

Key Privacy Protection Principles

  • Individuals own their personal information and have a legal right to privacy protection
  • Emily Carr may only collect information that is directly relevant and necessary to the operations of the University
  • Emily Carr must notify individuals of all intended purposes for collecting the information
  • Emily Carr must use or disclose information only for the original purpose identified; a purpose consistent with the original purpose; a different purpose as authorized by the individual; or a specific purpose identified in FIPPA
  • Emily Carr must limit access to information to only those employees who need the information to perform their duties
  • Employees must prevent the unauthorized disclosure of personal information and must immediately report any such disclosures to the Information + Privacy Officer
  • Protection of public health and safety overrides protection of privacy, therefore there are certain situations when information must be disclosed
  • Emily Carr must make reasonable security arrangements to protect personal information in the custody or control of the University, including ensuring that it is stored and accessed only in Canada
  • Complaints about how personal information has been collected, used or disclosed can be directed to the Information + Privacy Officer at

Information Incident / Privacy Breach

An information incident or privacy breach is a serious matter and should be reported immediately. Breaches occur when personal information is accidentally or purposefully accessed, used, or disclosed in ways that do not comply with FIPPA. If an employee has experienced, witnessed or is responsible for a breach of personal information, immediately notify the Information + Privacy Officer.

Useful Resources

Protection of Privacy FAQ

What is a record?
What is personal information?
Can a faculty or staff member release student contact information, timetables, attendance records or tuition information to a third party, even the parent of an underage student or a faculty member?
Can marked student reports or grade books be left in a publicly accessible area?
Can student information be posted in a public place such as a hallway or office door?
Can faculty or staff carry student information, grades or other personal information on their laptops or flash drives?
Can employees store personal information collected on behalf of the University at any place other than Emily Carr?
Do references required by potential students or employers require individual’s permission?