1 / 56

Privacy and Confidentiality at Mohawk College

Privacy and Confidentiality at Mohawk College. FOI FIPPA MFIPPA PHIPA. PIPEDA IPC PIA TRA. Definition of Privacy. “The right to be let alone” Judge Thomas Cooley “The right to exercise control over your personal information.” Ann Cavoukian, IPC Comissioner.

duc
Download Presentation

Privacy and Confidentiality at Mohawk College

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy and Confidentiality at Mohawk College

  2. FOI FIPPA MFIPPA PHIPA PIPEDA IPC PIA TRA

  3. Definition of Privacy “The right to be let alone” JudgeThomas Cooley “The right to exercise control over your personal information.” Ann Cavoukian, IPC Comissioner

  4. Definition of Confidentiality • Ensuring that information is accessible only to those authorized to have access

  5. How well do you know our rights to privacy? • A quiz …

  6. Question 1 • My name, job title and work phone number is personal information. • TRUE? • FALSE?

  7. Question 1 • My name, job title and work phone number is personal information. • TRUE • FALSE

  8. False • Personal information (PI) is: • Factual or subjective • Recorded or not • …about an identifiable individual

  9. Home address Home phone number Home email Photo ID SIN Income Marital status Employment history Employee number Performance appraisals Financial information Educational credentials Medical records Fund raising records Opinions or views on the person Personal information includes:

  10. …and of course, the “A” word • “… they even know my age!” Pat Macdonald Associate Dean, Continuing Education

  11. Question 2 • A man phones you asking if his wife is attending your class. You are allowed to tell him. • TRUE? • FALSE?

  12. Question 2 • A man phones you asking if his wife is attending your class. You are allowed to tell him. • TRUE • FALSE

  13. Question 3 • A police officer conducting an investigation phones you asking if a graduate was registered in a C.E. course. You are allowed to tell her. • TRUE? • FALSE?

  14. Question 3 • A police officer conducting an investigation phones you asking if a graduate was registered in a C.E. course. You are allowed to tell her. • TRUE • FALSE

  15. Question 4 • A student about to write an exam does not have an ID card, so the instructor asks for his SIN card as ID. This is illegal. • TRUE? • FALSE?

  16. Question 4 • A student about to write an exam does not have an ID card, so the instructor asks for his SIN card as ID. This is illegal. • TRUE • FALSE

  17. Question 5 • A new student does not yet have her student ID number, or a driver’s licence, and so you note her health card number as proof of identity. You just broke the law. • TRUE? • FALSE?

  18. Question 5 • A new student does not yet have her student ID card, or a driver’s licence, and so you note her health card number as proof of identity. You just broke the law. • TRUE • FALSE

  19. Question 6 • Someone hit your car in the parking lot and you ask Security if you can view the recording to see the incident. Security tells you that is illegal. • TRUE? • FALSE?

  20. Question 6 • Someone hit your car in the parking lot and you ask Security if you can view the recording to see the incident. Security tells you that is illegal. • TRUE • FALSE

  21. Question 7 • A family member arrives at the Front Desk saying that there has been a death in the family. They want to know what classroom their father is in so that they can inform him. The receptionist cannot give them that information. • TRUE? • FALSE?

  22. Question 7 • A family member arrives at the Front Desk saying that there has been a death in the family. They want to know what classroom their father is in so that they can inform him. The receptionist cannot give them that information. • TRUE • FALSE

  23. Question 8 • Sears Security department phones the Associate Dean of your department and says that they suspect that one of your students has been stalking an employee. They ask if the college can provide a photo to confirm this. The Associate Dean could email an ID photo to help in the investigation. • TRUE? • FALSE?

  24. Question 8 • Sears Security department phones the Associate Dean of your department and says that they suspect that one of your students has been stalking an employee. They ask if the college can provide a photo to confirm this. The Associate Dean could email an ID photo to help in the investigation. • TRUE • FALSE

  25. Question 9 • An employer sponsoring one of your students asks if the student passed the course, so that they can reimburse him. It’s OK to confirm. • TRUE? • FALSE?

  26. Question 9 • An employer sponsoring one of your students asks if the student passed the course, so that they can reimburse him. It’s OK to confirm. • TRUE • FALSE

  27. How did you do?

  28. Our privacy • is protected by Federal and Provincial legislation

  29. The Acts …

  30. Freedom of Information and Protection of Privacy Act (FIPPA) • Safety & Corrections • WSIB • Community & Social Services • District Health Councils • Consumer & Business Affairs • Ontario Human Rights • Colleges and universities

  31. Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) • Municipalities • Boards of Education • Boards of Health • Police Services • Public utilities • (2,500 in total)

  32. The College gathers personal information from… • Students • Staff • Donors • and clients • and is committed to protecting that information

  33. Information is collected by … • Human Resources • Payroll • Financial Services • OH&S • Health Services • Registrar • Continuing Education

  34. So, what is a record? • Any record of information, however recorded, whether in printed form, on film, by electronic means or otherwise.

  35. Application forms Registration forms OSAP forms Section lists Class lists Exams Address books Memos Draft memos Agendas Records include …

  36. Plus … • files on your hard drive • files on your iPhone • files on your Blackberry • your email • your voice mail

  37. and even …

  38. Privacy Laws & College policies dictate how information is: • Collected • Used • Disclosed • Retained • Destroyed

  39. Collection: We must • have legal authority to collect • collect it directly from the person • provide a notice of collection, stating the above and provide the title, business address and telephone number of a college official.

  40. So what do we have to do? • Safeguard our User Name and Passwords • Access records only relevant to our duties • Do not disclose personal information to any unauthorized person • Protect personal information of staff and students

  41. Specifically: Do • Protect students’ (and employees’) information • Phone numbers • Addresses • SIN numbers • Employee number • Student number • Grades and marks

  42. Specifically: email/voice mail • Don’t leave PI on voice mail - call back • Email should be called epostcard! • Assume additional copies exist • Assume it will be forwarded

  43. There was a privacy breach… What do I do?

  44. What is a privacy breach? • A privacy breach occurs when personal information (PI) is: • Collected • Retained • Used • Disclosed in ways that are not in accordance with FIPPA.

  45. Most common breaches: • Unauthorized disclosure of personal information, contrary to Sect. 42, for example: • a file is misplaced • a USB flash drive is lost • a form is mailed to the wrong person • a document is left in the photocopier • a fax is sent to the wrong number • an email is sent to the wrong address • a document is not disposed of correctly • a laptop is stolen

  46. Privacy breach protocol • Prevention • Scope • Containment • Notification • Investigation • Remediation

  47. Prevention 1 • Know your department’s procedures on; • Collection • Retention • Use • Disclosure • Security • Disposal

  48. Prevention 2 • Know that you are accountable for the PI in your custody • Do not discuss PI in public places • Do not leave documents where they can be seen by the public • Do not disclose PI to those who do not need to know it • Turn your monitor away from the public

More Related