Access to Information and Protection of Privacy, Policy on

Access to Information and Protection of Privacy, Policy on

Legislative History:

Approved by Audit Committee: 2004/04/08; Approved by the Board 2004/04/26; Date Effective 2004/04/26; Amended 2006/06/19.

Approval Authority: Board of Governors

Signature: Marshall Cohen

Description: Establishes policy for access to university information while also protecting individual rights to privacy, and brings the University into compliance with Freedom of Information and Protection of Privacy Act (the Act).


I. Definitions

1. “Record” means any record of information however recorded, whether in printed form, on film, by electronic means or otherwise, and includes.

a. correspondence, a memorandum, a book, a plan, a map, a drawing, a diagram, a pictorial or graphic work, a photograph, a film, a microfilm, a sound recording, a videotape, a machine readable record, any other documentary material, regardless of physical form or characteristics, and any copy thereof, and

b. any record that is capable of being produced from a machine readable record under the control of the University by means of computer hardware and software or any other information storage equipment and technical expertise normally used by the institution.

2. “Personal Information” means recorded information about an identifiable individual, including,

a. information relating to the race, national or ethnic origin, colour, religion, age, sex, sexual orientation or marital or family status of the individual,

b. information relating to the education or the medical, psychiatric, psychological, criminal or employment history of the individual or information relating to financial transactions in which the individual has been involved,

c. any identifying number, symbol or other particular assigned to the individual,

d. the address, telephone number, fingerprints or blood type of the individual,

e. the personal opinions or views of the individual except where they relate to another individual,

f.correspondence sent to the University by the individual that is implicitly or explicitly of a private or confidential nature, and replies to that correspondence that would reveal the contents of the original correspondence,

g. the views or opinions of another individual about the individual, and

h. the individual’s name where it appears with other personal information relating to the individual or where the disclosure of the name would reveal other personal information about the individual.

II. Scope

1. This Policy applies to records in the custody or under the control of the University, including those records relating to the operation and administration of the University and those records containing information relating to faculty, staff and students individually.

2. This Policy does not apply:

a. to records placed in the University Archives by or on behalf of a person or organization other than the University;

b. to records collected, prepared, maintained or used by or on behalf of the University in relation to any of the following, subject to exceptions pursuant to the Act:

i. proceedings or anticipated proceedings before a court, tribunal or other entity relating to labour relations or to the employment of a person by the University,

ii. negotiations or anticipated negotiations relating to labour relations or to the employment of a person by the University between the University and a person, bargaining agent or party to a proceeding or an anticipated proceeding,

iii. meetings, consultations, discussions or communications about labour relations or employment-related matters in which the University has an interest,

c. to a record respecting or associated with research conducted or proposed by an employee of the University or by a person associated with the University, subject to exceptions pursuant to the Act; or

d. to a record of teaching materials collected, prepared or maintained by an employee or by a person associated with the University for use at the University, subject to exceptions pursuant to the Act.

III. Policy

York University affirms the importance of conducting its operations as far as possible in ways that are open to public scrutiny.  York University is also committed to the protection of privacy and personal information of individuals who work and study at the University.  Accordingly, the University will both disclose and protect information in accordance with the Act.

1. Basic Principles

a. As a general rule, information contained in university records should be available to members of the university community and to the public.

b. The necessary exemptions from the general principle favouring access should be limited and specific.

c. The collection, retention, use and disclosure of personal information contained in university records should be regulated so as to protect the privacy of individuals who are the subject of that information.

2. Access to Information

a. Access Right

i. The University shall grant access to records in the custody or under the control of the University, unless the University considers, upon reasonable grounds, that the request for access is frivolous or vexatious, or is exempt.

ii. The University shall grant persons access to their own personal information.

iii. The University shall grant access subject to the terms and conditions of this Policy and to the provisions of the Act.

b. Exemptions from the Access Right

The University may refuse access to certain records pursuant to the Act.

3. Protection of Privacy

a. Collection, Use and Disclosure of Personal Information

i. The University shall collect and record personal information as is necessary or desirable for the proper administration of the University and its academic and other programs, or as required by virtue of data collection or government reporting requirements. The University shall use personal information for the purpose for which it was obtained or compiled, or for a consistent purpose, where the individual has identified that information and consented to its use.

ii. The University shall not disclose personal information to third parties except pursuant to the Act.

b. Correction Rights

Every individual who is given access to his or her own personal information has the right to request correction of the personal information where the individual believes there is an error or omission. The University shall attach a statement of disagreement to the information reflecting any correction that was requested but not made.

4. Authority and Responsibility

The President is head of the institution and has authority and responsibility for implementation of this policy. The President may delegate powers or duties to other officers of the University.

5. Relationship with other University Policies, Guidelines and Procedures

a. Policy and Procedure Review

The University shall develop new or revised policies, guidelines and procedures as required to take account of the basic principles set forth above.

b. Existing Policies and Practices

This Policy is not intended to replace or restrict existing procedures and practices within the University relating to access to information that is not personal information, where such procedures and practices give access equal to or greater protection than that provided in this Policy and the Act.