Privacy and Confidentiality at Mohawk College FOI FIPPA MFIPPA PHIPA PIPEDA IPC PIA TRA.
-
Upload
tyrone-pingree -
Category
Documents
-
view
224 -
download
0
Transcript of Privacy and Confidentiality at Mohawk College FOI FIPPA MFIPPA PHIPA PIPEDA IPC PIA TRA.
Privacy and Confidentiality at Mohawk College
FOIFIPPAMFIPPA
PHIPA
PIPEDAIPC
PIATRA
Definition of Privacy
“The right to be let alone” Judge Thomas Thomas
CooleyCooley
“The right to exercise control over your personal information.”
Ann Cavoukian, IPC Ann Cavoukian, IPC ComissionerComissioner
Definition of Confidentiality Ensuring that information is accessible
only to those authorized to have access
How well do you know our rights to privacy? A quiz …
Question 1 My name, job title and work phone
number is personal information.
TRUE? FALSE?
Question 1 My name, job title and work phone
number is personal information.
TRUE FALSE
False Personal information (PI) is:
Factual or subjective Recorded or not …about an identifiable individual
Personal information includes: Home address Home phone number Home email Photo ID SIN Income Marital status Employment history
Employee number Performance appraisals Financial information Educational credentials Medical records Fund raising records Opinions or views on
the person
…and of course, the “A” word
“… they even know my age!”
Pat MacdonaldAssociate Dean, Continuing Education
Question 2 A man phones you asking if his wife is
attending your class. You are allowed to tell him.
TRUE? FALSE?
Question 2 A man phones you asking if his wife is
attending your class. You are allowed to tell him.
TRUE FALSE
Question 3 A police officer conducting an
investigation phones you asking if a graduate was registered in a C.E. course. You are allowed to tell her.
TRUE? FALSE?
Question 3 A police officer conducting an
investigation phones you asking if a graduate was registered in a C.E. course. You are allowed to tell her.
TRUE FALSE
Question 4 A student about to write an exam does
not have an ID card, so the instructor asks for his SIN card as ID. This is illegal.
TRUE? FALSE?
Question 4 A student about to write an exam does
not have an ID card, so the instructor asks for his SIN card as ID. This is illegal.
TRUE FALSE
Question 5 A new student does not yet have her
student ID number, or a driver’s licence, and so you note her health card number as proof of identity. You just broke the law.
TRUE? FALSE?
Question 5 A new student does not yet have her
student ID card, or a driver’s licence, and so you note her health card number as proof of identity. You just broke the law.
TRUE FALSE
Question 6 Someone hit your car in the parking lot and
you ask Security if you can view the recording to see the incident. Security tells you that is illegal.
TRUE? FALSE?
Question 6 Someone hit your car in the parking lot and
you ask Security if you can view the recording to see the incident. Security tells you that is illegal.
TRUE FALSE
Question 7 A family member arrives at the Front Desk saying
that there has been a death in the family. They want to know what classroom their father is in so that they can inform him. The receptionist cannot give them that information.
TRUE? FALSE?
Question 7 A family member arrives at the Front Desk saying
that there has been a death in the family. They want to know what classroom their father is in so that they can inform him. The receptionist cannot give them that information.
TRUE FALSE
Question 8 Sears Security department phones the Associate
Dean of your department and says that they suspect that one of your students has been stalking an employee. They ask if the college can provide a photo to confirm this. The Associate Dean could email an ID photo to help in the investigation.
TRUE? FALSE?
Question 8 Sears Security department phones the Associate
Dean of your department and says that they suspect that one of your students has been stalking an employee. They ask if the college can provide a photo to confirm this. The Associate Dean could email an ID photo to help in the investigation.
TRUE FALSE
Question 9 An employer sponsoring one of your
students asks if the student passed the course, so that they can reimburse him. It’s OK to confirm.
TRUE? FALSE?
Question 9 An employer sponsoring one of your
students asks if the student passed the course, so that they can reimburse him. It’s OK to confirm.
TRUE FALSE
How did you do?
Our privacy is protected by Federal and Provincial
legislation
The Acts …Legislation Sector Date Fed/Prov
Fed Access to Privacy
Gov. Institutions
1980 Fed
FIPPA Provincial 1987 Prov
MFIPPA Municipal 1991 Prov
PIPEDA Commerce 1999 Fed
PHIPA Health 2004 Prov
Freedom of Information and Protection of Privacy Act (FIPPA)
Safety & Corrections WSIB Community & Social Services District Health Councils Consumer & Business Affairs Ontario Human Rights Colleges and universities
Municipal Freedom of Information and Protection of Privacy Act (MFIPPA)
Municipalities Boards of Education Boards of Health Police Services Public utilities (2,500 in total)
The College gathers personal information from… Students Staff Donors and clients
and is committed to protecting that information
Information is collected by … Human Resources Payroll Financial Services OH&S Health Services Registrar Continuing Education
So, what is a record? Any record of information, however
recorded, whether in printed form, on film, by electronic means or otherwise.
Records include … Application forms Registration forms OSAP forms Section lists Class lists Exams Address books Memos Draft memos Agendas
Plus … files on your hard drive files on your iPhone files on your Blackberry your email your voice mail
and even …
Privacy Laws & College policies dictate how information is:
Collected Used Disclosed Retained Destroyed
Collection: We must have legal authority to collect collect it directly from the person provide a notice of collection, stating the
above and provide the title, business address and telephone number of a college official.
So what do we have to do?
Safeguard our User Name and Passwords Access records only relevant to our duties Do not disclose personal information to any
unauthorized person Protect personal information of staff and
students
Specifically: Do Protect students’ (and employees’)
information Phone numbers Addresses SIN numbers Employee number Student number Grades and marks
Specifically: email/voice mail Don’t leave PI on voice mail - call back Email should be called epostcard! Assume additional copies exist Assume it will be forwarded
There was a privacy breach…
What do I do?
What is a privacy breach? A privacy breach occurs when personal
information (PI) is: Collected Retained Used Disclosed
in ways that are not in accordance with FIPPA.
Most common breaches: Unauthorized disclosure of personal
information, contrary to Sect. 42, for example: a file is misplaced a USB flash drive is lost a form is mailed to the wrong person a document is left in the photocopier a fax is sent to the wrong number an email is sent to the wrong address a document is not disposed of correctly a laptop is stolen
Privacy breach protocol
1. Prevention
2. Scope
3. Containment
4. Notification
5. Investigation
6. Remediation
Prevention 1 Know your department’s procedures on;
Collection Retention Use Disclosure Security Disposal
Prevention 2 Know that you are accountable for the PI in
your custody Do not discuss PI in public places Do not leave documents where they can be
seen by the public Do not disclose PI to those who do not need
to know it Turn your monitor away from the public
Prevention 3 Get written consents before disclosing
PI Know the consequences of a privacy
breach Ensure that documents are shredded
when no longer in use Password protect and/or encrypt data
on your laptop, PDA, Flash drive
Notification Immediately inform
Your boss
Consequences … Compliance orders from IPC Penal offences
Fines ($250K) Possible personal liability ($50K!)
Civil liability Loss of Trust
In summary …
As a new College employee, you are expected to protect the privacy of individuals and the confidentiality of Personal Information under your control!
Q & A
Have you any questions, additional examples, comments?
John Guilfoyle
Director, Corporate Services
Ext. 2174