Principles
The Freedom of Information and Protection of Privacy Act (FOIP) supports an "open, accessible and responsible" university structure. Part 1 of FOIP deals with freedom of information, i.e. access to information. Part 2 of FOIP deals with the protection of personal information.
PART 1 - FREEDOM OF INFORMATION
This part is based upon the principle that the public has the right to access information in records that are under the custody and control of the university (with some limited and specific exceptions). This allows people to make "FOIP requests", or access requests.
PART 2 - PROTECTION OF PERSONAL INFORMATION
- Accountability - The university is responsible for personal information in its custody or under its control.
- Identifying Purpose - An individual must be notified of the purposes for which his or her personal information is collected at or before the time the information is collected.
- Consent - If the university wishes to use or disclose personal information for a purpose other than the purpose it stated to the individual at the time of collection, it must obtain the individual's consent first (unless it is for a purpose that is specifically permitted by law).
- Limiting Collection - The university will only collect personal information that is necessary for an operating program or activity of the organization.
- Limiting Use, Disclosure, and Retention - The university will only use or disclose personal information for the purposes for which it was collected, unless the individual consents to a different purpose or FOIP specifically permits it. Personal information will only be retained for as long as necessary to fulfill those purposes.
- Accuracy - Personal information will be kept accurate, compete, and up to date.
- Safeguards - The university must protect personal information with security safeguards against risks such as unauthorized access, collection, use, disclosure or destruction. The safeguards should be appropriate for the sensitivity of the information.
- Openness - The university has an obligation to let people know about the different repositories of personal information it holds.
- Individual access - An individual has the right to know what personal information the university has about him or her, and to have access to that information. An individual can challenge the accuracy of that information and have it amended as appropriate.
- Challenging compliance - If an individual has any concerns about whether the university is following these principles, he or she can contract the university's Information and Privacy Office for assistance. In addition, the Office of the Information and Privacy Commissioner of Alberta oversees the university's compliance with FOIP.
Update October 1, 2014