Emily Carr is committed to protecting the personal information in its custody and control. The Freedom of Information and Protection of Privacy Act (FIPPA) requires that Emily Carr protect personal information by making reasonable security arrangements against unauthorized access, collection, use, disclosure or disposal.
Emily Carr employees, services providers and volunteers must abide by FIPPA in their duties associated with the University. Contractors, volunteers and businesses must be advised that Emily Carr is covered under FIPPA as there are specific legal responsibilities to be considered by Emily Carr and its partners in education.
As stated in the employee Code of Conduct and university policies, employees must take all reasonable steps available to protect the privacy of anyone whose personal information is held by the University. They should be aware of their FIPPA obligations when collecting, using and disclosing personal information based on the following principles:
Key Privacy Protection Principles
- Individuals own their personal information and have a legal right to privacy protection
- Emily Carr may only collect information that is directly relevant and necessary to the operations of the University
- Emily Carr must notify individuals of all intended purposes for collecting the information
- Emily Carr must use or disclose information only for the original purpose identified; a purpose consistent with the original purpose; a different purpose as authorized by the individual; or a specific purpose identified in FIPPA
- Emily Carr must limit access to information to only those employees who need the information to perform their duties
- Employees must prevent the unauthorized disclosure of personal information and must immediately report any such disclosures to the Information + Privacy Officer
- Protection of public health and safety overrides protection of privacy, therefore there are certain situations when information must be disclosed
- Emily Carr must make reasonable security arrangements to protect personal information in the custody or control of the University, including ensuring that it is stored and accessed only in Canada
- Complaints about how personal information has been collected, used or disclosed can be directed to the Information + Privacy Officer at email@example.com
Information Incident / Privacy Breach
An information incident or privacy breach is a serious matter and should be reported immediately. Breaches occur when personal information is accidentally or purposefully accessed, used, or disclosed in ways that do not comply with FIPPA. If an employee has experienced, witnessed or is responsible for a breach of personal information, immediately notify the Information + Privacy Officer.
- Freedom of Information and Protection of Privacy Act
- FIPPA Regulation
- The Office of the Information and Privacy Commissioner (OIPC) is an independent office, reporting to the BC legislature, that is responsible for monitoring and enforcing the FIPPA. The OIPC website contains information about the FIPPA as well as copies of all decisions and investigation reports released by the OIPC.
- OIPC Guide to Access and Privacy Protection under FIPPA
- Employee Code of Conduct
- Policy 8.13 Confidentiality and Policy 8.13.1 Procedures
- Policy 9.6 Information Protection