SIMON FRASER UNIVERSITY
?
S.98-77
Office of the Vice-President, Academic
MEMORANDUM
To: ?
SENATE
From:
?
David P. Gagan, Vice-President, Academic
Subject ?
Information Policies
Date: ?
17 September, 1998
In keeping with the recent report of the
ad hoc
Senate Committee on University
Policies and revision of SCAR's terms of reference at the last Senate meeting, I am
forwarding the attached Information Policies to SCAR. These policies have been
developed to reflect the University's obligations under the
Freedom
of
Information
and Protection
of
Privacy Act. I
suggest that:
• ?
Policies 110-01 through 110.07 go to Senate for information, and
• ?
Policies I 10.08, 110.09 and 110.10 should go to Senate for advice
0 ?
Enclosures
C:
?
W.R. Heath
I. Forsyth
0
SIMON FRASER UNIVERSITY*
Policies and Procedures
INFORMATION POLICIES - Table of Contents
I 10
Information Policies
Approval Date
11001
Freedom
Archives,
of
Recorded
Information
Information
and Protection
Management,
of Privacy.
and
March 20 1997
110.02•
Head of the Institution and Delegation of Authority
November 24, 1994
110.03
Freedom of Information Fee Schedule
November
24, 1994
110.04
Access to Information and Protection of Privacy
March 20, 1997
110.05
Collection of Personal Information
March 20, 1997
110.06
FOl Requests that create Conflict of Interest
November 14, 1997
110.07
Security of Facsimile Transmissions
February
5,
1997
110.08
evaluations
Collection and disclosure of Instructor and Course
January 12, 1998
110.09
Retention and disposal of student exams or assignments
January 12, 1998
110.10
Posting student grades and returning exams or assignments
January 12, 1998
.
0
SIMON FRASER UNIVERSITY
Policies and Procedures
POLICY I 10.01 (formerly GP
15)
Archives, Recorded Information
Management, and Freedom of Information and Protection of Privacy.
The University Archives serves the University as a whole and its primary objective is the gathering
and dissemination of knowledge. It has as its first priority, the acquisition, appraisal, preservation and
use of archival records relating to the history, organization, function and structures of Simon Fraser
University. A second priority of the University Archives is to develop manuscript collections which
parallel and complement research resources established by the University. These records and
manuscripts include all media and several technologies, e.g. photographs, computer files, etc.
2. An Archives, Recorded Information Management and Freedom of Information/Protection of Privacy
Committee shall be appointed and operate as contemplated by this policy and Appendix I attached.
3. The Archives of the University include:
a.
Official Records of Simon Fraser University: those records created, received and accumulated
by all University offices and officers and by the various governing bodies of the University.
• ?
These records (which evidence the functions, policies and decisions of the University) include
correspondence, reports, minutes, registers, directives, announcements, publications,
architectural and building plans, and other material produced by the University in pursuance
of its functions. This does not include personal material, such as student, medical and
personnel records.
b.
Non-Official Records of Simon Fraser University: records of University related activities
(such as the Student Society and Faculty Association), manuscripts and papers which reflect
the life of the University community (such as the private papers of faculty, staff and alumni)
and publications of student, faculty and alumni organizations which relate to some aspects of
University life.
c.
Historical Research Records: those records and manuscripts acquired by the University
Archives which are primary source material that enhance the resources of the University's
teaching and research programs and complement the secondary sources in these fields held by
the University Library. The extent of these records and manuscripts will be monitored by the
Archives and Recorded Information Management Sub-Committee.
4. Official records of Simon Fraser University are the property of the University. Officers leaving or
relinquishing their positions with the University shall leave all official records for their successors.
5.
Private papers may be deposited in the Archives, on terms agreed to by the owner and the University
Archivist in accordance with rules and guidelines from time to time approved by the Archives and
Recorded Information Management Sub-Committee after consultation with the University Archivist.
6. The University Archivist shall develop for the approval of the Archives, Recorded Information
. ?
Management and Freedom of Information/Protection of Privacy Committee a Records Management
Program to facilitate the retention and transfer of permanently valuable records to the University
Archives, the recording of records not required in their original form and the disposition of unneeded
and valueless records. The Program and material amendments shall be transmitted to the Board of
Governors for its information. The University Archivist shall implement and monitor the operation of
the Program in consultation with the Archives, Recorded Information Management and Freedom of
Information/Protection of Privacy Committee.
?
0
7.
Public access to official University records transferred to the Archives Department shall be determined
by B.C.'s Freedom of Information and Protection of Privacy Act.
8.
The University Archivist may develop and implement regulations concerning the use and day-to-day
operation of the University Archives. All regulations shall be provided for information to the
Archives, Recorded Information Management and Freedom of Information/Protection of Privacy
Committee.
9.
Each University office shall designate a person in the office to function as a records officer who shall
be responsible for records management within that office, with the advice and assistance of the
Records Manager of the University Archives.
10.
All
University records in the possession of a University office shall be dealt with by that office in
accordance with the Records Management Program and the University Archives regulations.
11.
The University Archivist has final authority to approve all Records Retention Schedule and Disposal
Authorities (RRSDA) prepared by the Archives Department.
APPENDIX I
Archives, Recorded Information Management and Freedom of
This
Information/Protection
Committee is advisory and responsible
of Privacy
to the
Committee
President.
Terms of Reference
.10
A. PURPOSE
Archives and Recorded Information Management Sub-Committee
To advise the President and Vice-Presidents on:
1.
Policies, procedures and standards needed to ensure effective archival and recorded information
management at SFU.
2.
The Archives' acquisition mandate, collection policy and strategy, including its relationship to other
repositories that also collect archives at SFU and within the B.C. and Canadian archival system.
3.
Implementing archival descriptive standards as part of the University's records management program.
4.
Managing electronic records and using computer technology applications and solutions in records
management and archival operations.
5.
A vital records program and preservation assessment, planning and action as a means of preserving
SFU's archives.
6.
Staff training, public awareness, communications and outreach initiatives.
7.
Measures promoting the value of recorded information management and archives as a means of
effective and efficient administration and as an academic resource for teaching, research and learning.
8.
Records scheduling issues and priorities.
Freedom of Information and Protection of Privacy Sub-Committee
To advise the President and Vice-Presidents on:
?
0
3
I . Policies, procedures and standards needed to ensure statutory compliance with the
FOl/POP Act.
2. Changes to administrative practices promoting access and privacy information rights.
S ?
3. Communications, staff training and awareness priorities needed for effective fair information
practices.
4. Identifying University information that could be released routinely.
5.
Computer technology applications that facilitate providing access to information and that protect
personal information and privacy.
B. MEMBERSHIP
Archives and Recorded Information Management Sub-Committee
1. Vice-Presidents, Academic (or nominee)
2.
Vice-President, Finance and Administration (or nominee)
3.
Registrar (or nominee)
4.
Director, Academic Computing Services (or nominee)
5.
University Librarian (or nominee)
6.
Alumni Relations/Development Office
7.
Media and Public Relations
8.
Faculty Administrator
9.
Faculty Member
10.
Departmental or Administrative Assistant
11.
Undergraduate or Graduate Secretary
12.
Student
13.
University Archivist (ex-officio)
Freedom of Information and Protection of Privacy Sub-Committee
1.
Vice-Presidents, Academic (or nominee)
2.
Vice-President, Finance and Administration (or nominee)
3.
Vice-President, Research (or nominee)
4. Registrar (or nominee)
5. Director, Academic Computing Services (or nominee)
6.
Director, Human Resources (or nominee)
7.
Director, Campus Community Services (or nominee)
8. Alumni Relations/Development Office
9.
Faculty Administrator
10.
Departmental or Administrative Assistant
11. Student
12.
University Archivist (ex-officio)
C. METHOD OF APPOINTMENT
Members shall be appointed by the President on recommendation from the Vice-President, Academic.
Ex-officio members shall serve by virtue of their office.
D. TERMS OF OFFICE
Members shall serve staggered two year terms, effective May 1. They shall be eligible for re-appointment.
Ex-officio members shall serve for the periods of their tenure in office.
.
E. COMMITTEE CHAIRS
Each Sub-Committee shall have a Chair who shall be appointed by the President on recommendation from the
Vice-President, Academic from the membership of the Sub-Committee. Chairs shall serve staggered two year
4
terms, effective May 1. They shall be eligible for re-appointment. The University Archivist shall serve as
Secretary to the Committee.
F. COMMITTEE PROCEDURES
WHOLE COMMITTEE
1. The Committee shall meet at least annually in May. Meetings shall be at the call of the Co-Chairs.
2. Each co-chair will chair every second meeting.
3. Each committee member shall be entitled to one vote.
4. A committee member may have a substitute attend in her/his absence.
5.
The University Archivist shall report annually to the Committee through the Dean of Student Services
on matters concerning the Archives Department.
6.
The Committee shall determine any other procedures by which it operates.
ARCHIVES AND RECORDED INFORMATION MANAGEMENT SUB-COMMITTEE
1.
The Committee shall meet at least twice annually in November and April. Meetings shall be at the call
of the Chair.
2.
Each committee member shall be entitled to one vote.
3. A committee member may have a substitute attend in her/his absence.
4.
The committee may call upon expert resource persons as needed to assist it with specialized issues.
5.
The University Archivist shall report annually to the Committee through the Dean of Student Services
on matters concerning the University's archival and recorded information management programs.
6.
The Committee shall determine any other procedures by which it operates.
FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY SUB-COMMITTEE
1.
The Committee shall meet at least twice annually in October and March. Meetings shall be at the call o
the Chair.
2. Each committee member shall be entitled to one vote.
3. A committee member may have a substitute attend in her/his absence.
4.
The committee may call upon expert resource persons as needed to assist it with specialized issues.
5.
The University Archivist shall report annually to the Committee through the Dean of Student Services
on matters concerning the University's archival and recorded information management programs.
6.
The Committee shall determine any other procedures by which it operates.
Approved by the Board of Governors on March 20, 1997
0
6rM
.-I,
SIMON FRASER UNIVERSITY
Policies and Procedures
POLICY I 10.02 Head of the Institution and Delegation of Authority
Head of the Institution
Purpose:
To ensure compliance with the access and privacy provisions of B.C.'s Freedom of Information and
Protection of Privacy Act.
To designate who the head of the University is for the purposes the Act.
Responsibility:
The Board of Governors is responsible for designating the head of the institution under the Act.
Scope:
This policy applies to the University.
Policy:
The President and Vice Chancellor of the University is designated as the head of the institution for the purpose
of administering the University's compliance with the Freedom of Information and Protection of Privacy Act.
Delegation of Authority
Purpose:
To ensure compliance with the access and privacy provisions in B.C.'s Freedom of Information and Protection
of Privacy Act.
To designate those employees who are authorized to approve access and privacy decisions.
Scope:
This policy applies to
all departments.
Policy:
The following Schedule lists the level of officer or employee of Simon Fraser University authorized to approve
and accept the specified transactions (the Decision-making Authority) and the level of office authorized to sign
formal documents (the Implementation Authority).
This delegation does not in any way limit the authority of personnel directly above the indicated lowest level
officers or employees from exercising any of the delegated powers in their area of responsibility.
II
Decision-making
?
Implementation Authority
Transaction ?
Section(s) Authority
I
INFORMATION RIGHTS
NO
Approve access to
records where prior
approval of
4, 6, 8, ?
,
President, Vice-Presidents
Information & Privacy
Executive Council
16
Coordinator
or Attorney General
required
4, 6, 8, 9,
President, Vice-Presidents,
Approve access in
12-15,
Executive Directors, Deans,
Information & Privacy
whole to records
17-22
Registrar, Librarian
Coordinator
Refuse access in
4, 6, 8, 9,
President, Vice-Presidents,
whole or in part to
12-15,
Executive Directors, Deans,
Information & Privacy
Coordinator
records
17-22
Registrar, Librarian
[DISCLOSURE IN THE PUBLIC INTEREST
25
?
President, Vice-Presidents ?
Information & Privacy
Coordinator
[NOTICES UNDER THE ACT
I
Information & Privacy
Information & Privacy
22-25,
J
Coordinator
Coordinator
TRANSFERRING REQUESTS
I
Information & Privacy ?
Information & Privacy
11 ?
Coordinator ?
Coordinator
EXTENSION OF TIME LIMIT
lExtends
[days
up to 30 ?
J
10
Information & Privacy
Coordinator
1
Information & Privacy
J
Coordinator ?
I
Request
Commissioner's
10
Information & Privacy
Information & Privacy
approval of
Coordinator
Coordinator
extension
PROTECTION OF PRIVACY
President, Vice-Presidents,
Approve policy on
collection of
Executive Directors, Deans,
personal
26
Board of Governors
Registrar, Librarian,
information
Information & Privacy
Coordinator
Notice of collection
of personal
27
Information & Privacy
Information & Privacy
information
Coordinator
Coordinator
.
.,.
.
q.
.
.
President, Vice-Presidents,
Approve or refuse
correction of
Executive Directors, Deans,
Information &
Privacy
Personal
29
Registrar, Librarian,
Coordinator
information
Information & Privacy
Coordinator
Approve
accuracy,
policy on
President, Vice-Presidents,
protection and
Executive Directors, Deans,
retention of
28, 30, 31
Board of Governors
Registrar, Librarian,
personal
Information & Privacy
information
Coordinator
President, Vice-Presidents,
Approve policy on
Executive Directors, Deans,
uses of personal
32
Board of Governors
Registrar, Librarian,
information
Information & Privacy
Coordinator
Approve disclosure
President, Vice-Presidents,
of
information
absence
Personalof
ain
the
33
Information
Executive
Registrar, Librarian,Directors,
& Privacy
Deans,
Coordinator
& Privacy
request
Coordinator
Approve disclosure
President, Vice-Presidents,
research
of
information
Personalor
for
35
Registrar,
Information
Executive
Librarian,Directors,
& Privacy
Deans,
Information
Coordinator
& Privacy
statistical purposes
Coordinator
REVIEWS & COMPLAINTS
Make
representations to
56, 57
President, Vice-Presidents,
Information & Privacy
Information & Privacy
burden
Commissioner;
of proof
Coordinator
Coordinator
Disclose on order
Information & Privacy
of Commissioner
59
President, Vice-Presidents
Coordinator
REPORTS
Annual statistical
report to
68
Information & Privacy
Information & Privacy
Information &
Coordinator
Coordinator
Privacy Branch
Maintain SFU's
information in
Freedom of
69
Information & Privacy
Information & Privacy
Information
Coordinator
Coordinator
Directory
L
.
Approved by the Board of Governors on November 24, 1997
in
6V
SIMON FRASER UNIVERSITY
Policies and Procedures
POLICY I 10.03 Freedom of Information Fee Schedule
PURPOSE
• To ensure compliance with the access provisions in B.C.'s Freedom of Information and Protection of
Privacy Act.
• To set fees to be charged when responding to a formal access request.
• To recover in part additional operating costs for which the University is not compensated by the
provincial government to implement and administer FOl/POP.
• To provide a fee schedule policy consistent with other B.C. universities.
RESPONSIBILITY
• The University officials designated by the Board of Governors in the FOl/POP Delegation of
Authority are responsible for ensuring the implementation of this policy.
SCOPE
• This policy applies to all departments.
POLICY
• The University shall use the Schedule of Maximum Fees below when processing formal access
requests under the Freedom of Information and Protection of Privacy Act.
• The University shall not charge fees for a formal access request when the total chargeable fee is twenty
($20) dollars or less.
• Informal access requests are not subject to the FOl/POP fee schedule. They are subject instead to the
University's regular reproduction and service fees.
• Fees cannot be charged when the request is for access to the individual's own personal information.
• The University shall continue to charge its regular fee for an official transcript or other records where
an established procedure exists to provide routine access.
Approved by the Board of Governors on November 24, 1994
L
ID
I
A
?
SIMON FRASER UNIVERSITY
Policies and Procedures
POLICY I 10.04 Access to Information and Protection of Privacy
PURPOSE
To provide policies which are consistent with the University Act and the Freedom of Information and
Protection of Privacy Act regarding access to general information and the protection of personal information
held by the University about students, employees or persons whose contractual arrangements are administered
by the University and where the University has custody or control of the information.
RESPONSIBILITY
The following University officers are responsible for ensuring the implementation of this policy:
• President
• Deans
• Vice-Presidents
• Registrar
• Executive Directors
• University Librarian
Employees are responsible for maintaining the confidentiality of general and personal information according to
the policies below and they are required to ensure that personal information is maintained in a secure
environment. Violations of this policy may result in disciplinary penalties being imposed.
Employees should consult, as needed, the University's Information and Privacy Coordinator about the
disclosure of confidential and personal information, including information to be released under Sections 22(4)
or 33 of the Freedom of Information and Protection of Privacy Act.
The University's Freedom of Information and Protection of Privacy Committee is responsible for ensuring that
the policies outlined in Section 13.2 of this policy are consistent with the Freedom of Information and
Protection of Privacy Act.
SCOPE
This policy applies to all employees of the University who have access to general and personal information.
DEFINITIONS
The terms below are those used in the Freedom of Information and Protection of Privacy Act. The definitions
use examples from the university community to help illustrate their meaning. The following definitions
describe the types of information which must not be disclosed to persons other than those who are authorized
to have access:
.
1/
means recorded information about an identifiable individual which includes, but is
not limited to names, home addresses and telephone numbers, age, sex, marital or
Personal
family status, identifying number, race, national or ethnic origin, colour, religious
Information
or political beliefs or associations, educational history, medical history, disabilities,
blood type, employment history, financial history, criminal history, anyone else's
opinions about an individual, an individual's personal views or opinions, and
name, address and phone number of parent, guardian, spouse or next of kin.
Educational
includes course grades, grade point average, academic status, graduation status,
History
other institutions attended, admission status, course schedule and course
registration status.
Financial
History
includes information about beneficiaries, insurance, benefits and debts.
Employment
includes personal recommendations or evaluations, character references or
History
personnel evaluations, letters of discipline and reprimand and reasons for
termination
Medical History
includes health care history relating to medical, psychiatric or psychological
diagnosis, condition, treatment or evaluation.
I
Law
'includes disciplinary investigations or proceedings that lead or could lead to a
Enforcement
f
penalty or sanction being imposed and policing
RELATED DEFINITIONS
means the applicant (i.e. individual or organization) requesting access to
First Party ?
information.
Second Party
?
means the University.
means the person or organization whom the information concerns other
Third Party ?
than the applicant.
.
a
POLICY
A. Access to Information
1.
The University supports the public's right of access to information and the individual's right of access to,
and the right to request correction of, personal information about themselves.
2.
The University will provide routine access to information informally upon request, or actively disseminate
information, using existing procedures.
3.
A person has a right of access to any record in the custody or under the control of the University, including
a record containing personal information about the applicant.
4.
The right of access does not extend to information excepted from disclosure under Sections 12 to 22 of the
Freedom of Information and Protection of Privacy Act, but if that information can reasonably be severed from
a record an applicant has the right of access to the remainder of the record.
policy or practice for informal access requests and for a formal access request under Section
75
of the Freedom
of Information and Protection of Privacy Act.
IB. Protection of Personal Privacy
Collection
6. The University will collect personal information about students, employees, graduates or others as provided
for under Sections 26 and 27 of the Freedom of Information and Protection of Privacy Act, ensuring at all
times that it uses an appropriate notice and method of collection.
Accuracy of Factual Information
7. The University will make every reasonable effort to ensure that the personal information it uses is accurate
and complete. Upon request by an individual to whom information relates, the University will correct or
annotate the information with a correction when documentary evidence, satisfactory to the University, is
provided to substantiate the correction.
Protection
8. The University will protect personal information by making reasonable security arrangements to prevent the
risk of unauthorized collection, access, use, disclosure or disposal of personal information.
Retention and Disposition
9. The University will retain for at least one year an individual's personal information when it is used to make
a decision that directly affects the individual and thereafter the University will dispose of personal information
•
only with a Records Retention Schedule and Disposal Authority approved and signed by the University
Archivist/Information and Privacy Coordinator.
Use
10. The University will use personal information only:
i)
for the purpose for which that information was obtained or compiled;
ii)
for a use consistent with that purpose;
iii)
with the written consent of the individual; or
iv)
for the purpose for which that information was disclosed to the University.
Disclosure
11. The University will not disclose personal information about students or employees to any third party,
unless it is otherwise provided for under Sections 22(4) or 33 of the Freedom of Information and Protection of
Privacy Act (see Appendices A and B for those circumstances when personal information can be disclosed).
PROCEDURES
Access to General Information
I
12.1 The University will continue to provide public access to University records that are now released
?
routinely in response to informal requests and do not contain confidential or personal information.
/3
12.2 For informal requests, access will be provided according to those procedures used in the department or
office
12.3 For
that
formal
has custody
requests,
of
access
the information.will
be provided
?
according to those procedures coordinated by the
is
University's Information and Privacy Coordinator.
Access to Third Party Personal Information by Employees
13.1 Employee access to confidential personal information about students, employees or others paid through
the University's payroll system where the university has custody or control of the information will be allowed
if the information is necessary for the performance of the duties of the employee.
13.2 Access will be administered according to those specific policies and procedures which may be established
from time to time by the University to apply to the personal information of specific groups of individuals, such
as students, faculty, staff, graduates or others.
Access to Third Party Personal Information About Employees
14.1 Access to the following information about employees will be provided routinely pursuant to Section
22(4)(e) of the Act. Requests will be handled by the Office of the Vice-President, Academic regarding
employees in the SFUFA bargaining unit, and by the Office of the Vice-President, Finance and Administration
regarding all others:
i) Position
id) Functions
iii) Remuneration
University
14.2 Access
will
to information
be provided
about
routinely
expenses
pursuant
incurred
to Section
by employees
22(4)(h)
while
of the
travelling
Act. Requests
at the expense
will
w be handled
of the
by
Financial Services.
Access for Research, Statistical, Archival or Historical Purposes
j
15.
Access to personal information for research, statistical, archival or historical purposes will be allowed
under conditions specified in Sections 35 and 36 of the Freedom of Information and Protection of Privacy Act.
These include the written agreement of the researcher to comply with all relevant sections of the Freedom of
Information and Protection of Privacy Act and with the University's policies and procedures relating to the
protection of personal information.
Appendix
A
FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY ACT
S.B.C.
1992, CHAPTER 61, as amended by S.B.C. 1993, CHAPTER 46
22(4) A disclosure of personal information is not an unreasonable invasion of a third party's personal privacy
if
(a) the third party has, in writing, consented to or requested the disclosure,
(b)
there are compelling circumstances affecting anyone's health or safety and notice of
Ic'
disclosure is mailed to the last known address of the third party,
(c)
an enactment of British Columbia or Canada authorizes the disclosure,
(d)
the disclosure is for a research or statistical purpose and is in accordance with section
35,
(e)
the information is about the third party's position, functions or remuneration as an officer,
employee or member of the University,
(f)
the disclosure reveals financial and other details of a contract to supply goods or services
to the University,
(g)
public access to the information is provided under the Financial Information Act,
(h)
the information is about expenses incurred by the third party while travelling at the
expense of the University,
(i)
the disclosure reveals details of a licence, permit or other similar discretionary benefit
granted to the third party by the University, not including personal information supplied in
support of the application for the benefit, or
(j)
the disclosure reveals details of a discretionary benefit of a financial nature granted to the
third party by the University, not including personal information that is supplied in support of
the application for the benefit or is referred to in subsection 22(3)(c).
0
Appendix B
FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY ACT
S.B.C. 1992, CHAPTER 61, as amended by S.B.C. 1993, CHAPTER 46
33. The University may disclose personal information only
(a) in accordance with Part 2 of this Act (see section 22),
(b)
if the individual the information is about has identified the information and consented, in
the prescribed manner, to its disclosure,
(c)
for the purpose for which it was obtained or compiled or for a use consistent with that
purpose (see section 34),
(d)
for the purpose of complying with an enactment of, or with a treaty, arrangement or
agreement made under an enactment of, British Columbia or Canada,
(e)
for the purpose of complying with a subpoena, warrant or order issued or made by a
court, person or body with jurisdiction to compel the production of information,
(f)
to an officer or employee of the University, if the information is necessary for the
performance of the duties of, or for the protection of the health or safety of, the officer or
employee,
I
(g) to the Attorney General for use in civil proceedings involving the government,
Ic
(h)
to the Attorney General or a person referred to in section 37 of the Coroners Act, for the
purposes of that Act,
(i)
for the purpose of
(i)
collecting a debt or fine owing by an individual to the government of
British Columbia or to the University, or
?
-
(ii)
making a payment owing by the government of British Columbia or by
the University to an individual,
) to the auditor general or any other prescribed person or body for audit purposes,
(k) to a member of the Legislative Assembly who has been requested by the individual the
information is about to assist in resolving a problem,
(1) to a representative of the bargaining agent who has been authorized in writing by the
employee, whom the information is about, to make an inquiry,
(m) to the archives of the University, for archival purposes,
(n) to a public body or a law enforcement agency in Canada to assist in an investigation
(i)
undertaken with a view to a law enforcement proceeding, or
(ii)
from which a law enforcement proceeding is likely to result,
(o) if the public body is a law enforcement agency and the information is disclosed
?
I*
(i)
to another law enforcement agency in Canada, or
(ii)
to a law enforcement agency in a foreign country under an arrangement,
written agreement, treaty or legislative authority,
(p) if the head of the University determines that compelling circumstances exist that affect
anyone's health or safety and if notice of disclosure is mailed to the last known address of the
individual the information is about,
(q) so that the next of kin or a friend of an injured, ill or deceased individual may be
contacted, or
(r) in accordance with sections
35
and 36.
Approved by the Board of Governors on March 20, 1997
.
I',
SIMON FRASER UNIVERSITY
Policies and Procedures
POLICY I 10.05 Collection of Personal Information
PURPOSE
• To ensure compliance with the privacy rules in B.C.'s Freedom of Information and Protection of
Privacy Act.
• To ensure that the University collects personal information using an appropriate method and notice of
collection.
• To ensure that the information privacy rights of those individuals who give their personal information
to the University are protected.
RESPONSIBILITY
The University officials named by the Board of Governors in its FOl/POP Schedule of Authorized Officers are
responsible for ensuring the implementation of this policy.
SCOPE
This policy applies to all departments.
INTRODUCTION
The Freedom of Information and Protection of Privacy Act contains six privacy rules:
1. Collection
2. Accuracy
3. Protection
4. Use
5.
Disclosure
RETENTION
Together these rules make up the Act's Code Of Fair Information Practices. Collection of personal information
is the key privacy rule upon which all others are based.
Described below is:
1. definitions of key terms;
2. the University's policy regarding collection of personal information;
3.
procedures that explain the general purposes for which the University may collect personal
information;
4.
procedures about how personal data must be collected and what we must do when collecting it;
. ?
5.
sample templates for a protection of privacy collection notice; and
6. a checklist of optional guidelines for reviewing forms.
DEFINITIONS:
Information means:
• recorded information
Recorded Information means:
• information that is recorded or stored by graphic, electronic, mechanical or other means.
Record means:
• any document created in the course of practical University activity and constituting written evidence of
that activity; such as a letter, memorandum, electronic mail, voice message, map, drawing,
photograph, voucher, report and any other thing on which information is recorded or stored.
Collection means:
• the collection of personal information:
• by or for the University, whether the information is collected directly from the person the
information is about or indirectly from another source (e.g. a person or organization internal
or external to the University); and
• when such information is assembled or brought together and written down or recorded by any
means (e.g. interview, questionnaire, survey, poll, audio tape, computer disk or tape, form,
telephone call or letter)
• Personal information must be collected directly from the individual it is about except in limited and
snecific circumstances.
Authorization for Collection means:
?
1]
• personal information may be collected by the University only if the collection of that information is
expressly authorized by law, the information is collected for the purposes of law enforcement, or the
information relates directly to and is needed for an operating program or activity of the University.
Notification of Collection means:
• the University must tell an individual from whom it collects personal information the purpose for
collecting it, the legal authority for collecting it, and where the individual might receive answers to
questions about the collection.
Personal Information means:
• recorded information about an identifiable individual which includes, but is not limited to names,
home addresses and telephone numbers, age, sex, marital or family status, identifying number, race,
national or ethnic origin, colour, religious or political beliefs or associations, educational history,
medical history, disabilities, blood type, employment history, financial history, criminal history,
anyone else's opinions about an individual, an individual's personal views or opinions, and name,
address and phone number of parent, guardian, spouse or next of kin.
It does not mean the position, function and remuneration of a University employee.
Privacy means:
• the claim of individuals to determine for themselves when, how and to what extent information about
themselves is communicated to others. Privacy includes such concepts as confidentiality of our
personal beliefs and control over information about ourselves and others' knowledge of our affairs.
POLICY
1.
Normally the University shall collect recorded personal information directly from individuals, ensuring at all
times that it uses an appropriate notice and method of collection as described below under Direct Collection of
Personal Information.
2.
The University shall collect only recorded personal information about an individual Indirectly from another
source when:
• authorized in advance by the individual;
• in accordance with the Act's provisions as described below under Indirect Collection of Personal
Information; or
• the information is available through a public source.
3.
The University shall only collect personal information that relates directly to and is necessary for its
operating programs and activities as mandated by the University Act.
PROCEDURE
A.
Purpose for Which Personal Information may be Collected
1.1 The FOl/POP Act recognizes the University's legitimate need to collect personal information in order to
carry out its mandate and to provide services, but restricts that collection to a defined set of circumstances.
The circumstances are:
• ?
• the collection of information is expressly authorized by or under an Act;
• the information is collected for purposes of law enforcement
(Under the powers conferred on the
University President by the University Act, the University does collect, from time to time, law
• enforcement information in the form of investigations or proceedings that lead or could lead to a
penalty or sanction being imposed against an employee or a student);
or
• the information relates directly to and is necessary for the University's operating programs or
activities.
1.2 In the case of a University, the University Act gives only general authority for the University's educational
program and we must then determine what exact elements of personal information we need to administer that
program. The University Act does not specify what personal data elements can be collected.
1.3 The University's operating program is any series of functions designed to carry out all or part of its
mandate and an activity is an individual action designed to assist in carrying out an operating program.
2.1 The University may do its own collection or may authorize an outside agent to carry out the collection on
its behalf, either under contract or through an agreement or arrangement in writing with the other agency.
2.2 Any written agreement or contract with an outside agent should stipulate that the collection, protection,
retention and disclosure of personal information will be governed by the Act.
B.
How Personal Information is to be Collected
The FOIIPOP Act promotes an individuals' control over his or her personal information by requiring, with few
exceptions, that personal information be collected directly from the person it is about unless another method of
•
collection is authorized by the person.
Direct Collection of
Personal Information
'9
3.1 Collecting personal information directly from the person concerned helps ensure that the University bases
its decisions about people on up-to-date, accurate and complete information.
3.2 The Act imposes an obligation on the University to notify individuals of the purpose for which it is
collecting the information, specify all the ways in which their information will be used, its legal authority for
the collection and a contact person who can answer questions about the collection.
3.3 Notice should be given at the beginning of a process either on the form used to collect the information or
by giving the same notice to people at the beginning of an interview, mediation, conciliation, arbitration or
inquiry process.
3.4 The notification should be in writing wherever possible. If notification is done verbally, the University
should follow up with a written notification to the person(s) concerned.
3.5
This type of collection notice is called informed notice because it gives only notification.
3.6 The requirement to notify recognizes the individual's right to know and understand the purpose of the
collection and how the information will be used. It also allows the person to make an informed decision as to
whether or not to give the information in cases where a response is not mandatory.
Indirect Collection of
Personal Information
4.1 Indirect collection of personal information is illegal under the FOl/POP Act except in limited and specific
circumstances.
4.2 When collecting personal information about an individual from another source, the University must first
obtain written authorization from the person the information is about; but, if permission is given verbally the
University should document the conversation and send a letter to the person concerned verifying the consent.
[For exceptions to this procedure see section 4.6]
?
0
4.3 When asking a person to give consent for indirect collection of personal information, s/he should be
informed of:
• the nature of the personal information to be collected;
• the purpose of the indirect collection;
• the reasons for making the collection indirectly; and
• the consequences of refusing to authorize the indirect collection.
4.4 Where another source is asked for personal information about an individual, the source must also be
informed of the purpose and authority for the collection of personal information about the second individual.
4.5
This type of collection notice is called informed consent because it gives notification as well as seeking the
individual's consent to collect information indirectly from another source (collection is not permitted without
consent).
4.6 The University may collect personal information indirectly without prior written authorization only under
the following conditions:
• the information may be disclosed to the University under Section 33 of the Act (attached as Appendix
A);
• determining suitability for an honour or award, including an honorary degree, scholarship, prize or
bursary;
• a proceeding before a court or a judicial or quasi-judicial tribunal;
•
•
collecting
law enforcement
a debt or
(see
fine
footnote
or making
#1);
a
or
payment;
?
Is
• another method of collection is authorized by the commissioner or another statute.
020
- ?
4.7
Notification and consent is not required when information about an individual is collected exclusively from
.
public sources (such as newspaper clippings, published directories or biographical dictionaries) because the
personal information is within the public domain.
Sample Templates: Protection of Privacy Collection Notice
5.1
In cases of direct collection of personal information the sample template is:
The information on this form is collected under the general authority of the University Act
(R.S.B.C. 1979, c.419), [cite also any applicable administrative policies approved by the
University's Board of Governors; other provincial or federal legislation or regulation; binding
legal contracts such as collective agreements; etc.]. It is related directly to and needed by the
University [describe why (i.e.. the purpose) the information is needed]. The information will
be used [must describe all uses and be specific]. If you have any questions about the
collection and use of this information please contact [Position Title, Business Address,
Business Phone Number].
5.2
In cases of indirect collection of personal information the sample template is:
The information received from [specify source] is collected under the general authority of the
University Act (R.S.B.C. 1979, c.419), [cite also any applicable administrative policies
approved by the University's Board of Governors; etc.]. It is related directly to and needed by
the University [describe why (i.e. the purpose) the information is needed]. The information
will be used [must describe all uses and be specific]. If you have any questions about the
collection and use of this information please contact [Faculty or Department Position Title,
Business Address, Business Phone No.].
Pursuant to Section 27(1) of the Freedom of Information and Protection of Privacy Act, I
authorize Simon Fraser University to contact the persons
or organizations listed below for the purposes of obtaining [specify the information to be
collected]. These persons or organizations are authorized to disclose such information. I
understand that failure to give my authorization will result in [describe consequences of
refusing to authorize the indirect collection].
Date ?
Signature
Checklist for Review of Forms (attached as Appendix B)
University offices may use this checklist when reviewing forms to determine compliance with the Freedom of
Information and Protection of Privacy Act.
Appendix A
FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY ACT
S.B.C. 1992, CHAPTER 61, as amended by S.B.C. 1993, CHAPTER 46
The University may collect personal information disclosed to it by another public body only:
(a)
in accordance with Part 2 of this Act,
(b)
if the individual the information is about has identified the information and consented, in the prescribed
di
manner, to its disclosure,
(c) for the purpose for which it was obtained or compiled by another public body or for a use consistent with
that purpose (see section 34), ?
0
(d)
for the purpose of complying with an enactment of, or with a treaty, arrangement or agreement made under
an enactment of, British Columbia or Canada,
(i) for the purpose of
(i)
collecting a debt or fine owing by an individual to the government of British Columbia or
to the University, or
(ii)
making a payment owing by the government of British Columbia or by the University to
an individual,
(n) to a public body or a law enforcement agency in Canada to assist in an investigation
(i)
undertaken with a view to a law enforcement proceeding, or
(ii)
from which a law enforcement proceeding is likely to result,
(p)
if the head of the public body determines that compelling circumstances exist that affect anyone's health or
safety and if notice of disclosure is mailed to the last known address of the individual the information is about,
or
(q)
so that the next of kin or a friend of an injured, ill or deceased individual may be contacted.
Definition of consistent purposes
34. (1) A use of personal information is consistent under section 32 or 33 with the purposes for which the
information was obtained or compiled if the use
(a)
has a reasonable and direct connection to that purpose, and
(b)
is necessary for performing the statutory duties of, or for operating a legally authorized program of, the
public body that uses or discloses the information.
Appendix B
CHECKLIST FOR REVIEW OF FORMS FOR COMPLIANCE WITH PRIVACY
PROTECTION PROVISIONS
compliance
This checklist
with
focuses
the privacy
on forms
protection
used for
provisions
the collection
of the
of
Act,
personal
University
information.
offices will:By
bringing forms into
?
S
• Support the public's right to know what personal information University offices collect and how this
•
?
information is used;
• Support the right of individuals to access their own personal information; and
• Help assure individuals that their personal information is protected from unauthorized collection, use
or disclosure.
The process of bringing forms used to collect personal information into compliance with the requirements of
the Act will be spread over
three to five years.
Beginning with proclamation in November 1994,
University offices should plan to bring existing forms into compliance and implement interim procedures for
handling high volume non-compliant forms.
DEFINITIONS
"Personal information"
is defined in Schedule 1 of the Act as "recorded information about an identifiable
individual, including
(a) the individual's name, address or telephone number,
(b)
the individual's race, national or ethnic origin, colour, or religious or political beliefs or associations,
(c)
the individual's age, sex, sexual orientation, marital status or family status,
(d)
an identifying number, symbol or other particular assigned to the individual,
(e)
the individual's fingerprints, blood type or inheritable characteristics,
(f)
information about the individual's health care history, including a physical or mental disability,
(g)
information about the individual's educational, financial, criminal or employment history,
(h)
anyone else's opinions about the individual, and
(i)
the individual's personal views or opinions, except if they are about someone else."
A "Personal information bank"
is defined in Schedule 1 of the Act as
"a collection of personal information, that is organized or retrievable by the name of an
individual or by an identifying number, symbol or other particular assigned to an individual."
"Collection, use and disclosure of personal information"
"Collection" of personal information means the collection of personal information by or for
the University, whether the information is collected directly from the person the information is
about or indirectly from another source.
"Use" of personal information means access to and use of personal information within the
University.
"Disclosure" of personal information means the release of personal information to any person
or organization outside the University.
CHECKLIST OF MANDATORY REQUIREMENTS
Parts 1 to 3 of this checklist cover mandatory requirements for compliance with the Act. The relevant section
number of the Act is noted after the heading for each part of the checklist.
1.
Authorization for Collection (section 26)
What is the authorization for collection of the personal information on the form? (At least one must be YES)
• Collection of the information is specifically authorized by or under an Act.
• The information is collected for the purposes of law enforcement.
• The information relates directly to and is necessary for an operating program or
-
activity of the public
body.
If none of the above questions has been answered with a "yes", a revision to procedures may be required.
Consult SFU's Information and Privacy Coordinator.
2.
Source of Information (subsection 27(1))
YES/NO
2.1 Is the form designed to be filled out by the individual the information is about or by an official or employee
of the public body on behalf of the individual (direct collection)?
If yes, go to question 3.
2.2 If the form is designed to be filled out by a source
other than the individual the information is
about
(indirect collection), is there evidence on the form or elsewhere on file of one of the following:
(At least one must be YES)
• The indirect collection is authorized by the individual the information is about, by statute, or by the
Information and Privacy Commissioner.
• The personal information on the form is provided by another public body, in accordance with sections
33 to 36 of the Act.
• The personal information is collected to determine the suitability for an honour or award.
• The personal information is collected for the purpose of collecting a debt or fine or making a payment.
• The personal information is collected for a proceeding before a court or a judicial or quasi-judicial
tribunal.
• The personal information is collected for law enforcement purposes.
If none of the above questions has been answered with a "yes", a revision to procedures may be required.
Consult SFU's Information and Privacy Coordinator.
3.
Notification of Collection (subsection 27(2))
3.1 Is notification of the following points provided to the person from whom the information is collected?
All must be YES
• The specific purposes for which the information will be used.
• The specific legal authority for the collection of the information.
• The title, address and telephone number of an official in the University who can answer questions
about the collection of the personal information.
This notification may be printed on the collection form, on a separate form or given verbally. An example of a
notification
3.2 If notification
designed
as described
to be included
in 3.1
on
is
a
not
form
given
is given
to the
above
person
on
from
page
whom
6.
?
the information is collected, does
0
one of the following conditions exist?
If there is a "NO" under 3. 1, at least one of the following must be YES
. ?
• The information is about law enforcement or is information the disclosure of which could be harmful
to law enforcement.
• The minister responsible for the Act has excused the public body from complying with notification
requirements.
If neither of the above questions has been answered with a "yes", a revision to procedures may be required.
Consult SFU's Information and Privacy Coordinator.
CHECKLIST OF OPTIONAL GUIDELINES
Parts 4 to
5
of this checklist cover points which are not mandatory requirements for compliance with the Act.
These guidelines should be considered in reviewing forms used to collect sensitive personal information.
4.
Optional Guidelines for Notification
YES/NO
4.1 Does the form include a notification of collection and use (as described in part 3 of this checklist)?
4.2 Does the design of the form ensure that the individual from whom the information is collected is given a
copy of the notification?
4.3 Does the design of the form ensure that a copy of the notification is also kept on file by the public body?
• 4.4
Does the notification of collection and use include the following information:
• The right of the person the information is about to request a correction.
• The right of the person the information is about to appeal a refusal to correct information.
• A description of the role of the Information and Privacy Commissioner.
4.5
If the form is designed to be filled out from a source other than the individual the information is about
(indirect collection) is there evidence on the form or elsewhere on file of one of the following:
• Is a notification of collection provided to the person the information is about?
• Is a copy of the notification kept on file by the public body?
5.
Optional Guidelines for Computer Generated Forms
If the information is either collected on an electronic form or keyed directly into a database during an interview:
YES/NO
5.1 Is there provision for obtaining the individual's signature authorizing collection and use of the information?
5.2
Is a hardcopy of the completed form provided to the person from whom the information is collected?
5.3
Is a hardcopy notification of collection (as outlined in part 3 of this checklist) provided to the person the
information is about?
5.4
Does the office retain a copy of the authorization and/or notification?
5.5
If the answer to any one of questions
5.1 - 5.4
is "no", is some other form of audit trail maintained of the
authorization for collection, the source of information and the notification of collection and use?
OK
GUIDELINES ON INTERIM PROCEDURES
The following are suggested guidelines to bring existing forms into compliance with the Act.
• Include the requirements of the Act in your normal forms review process.
• Keep stocks of all forms used to collect personal information at minimum levels pending review.
• Make revisions to forms at normal re-order points to avoid special printing runs.
• Set up interim procedures for staff to follow pending forms revision:
• Train staff who receive forms containing personal information over the counter on how to give a
verbal notification that meets the requirements of the Act. Such verbal notification should cover: the
purpose for which the information is collected, the authorization for collection and the name of a
person who can provide more information about the collection and use of the information.
• Prepare a supply of photocopied notifications covering the above points and attach to forms when they
are given out to individuals for completion.
• In cases where some of the information on a form should no longer be collected, instruct clients or
employees not to fill out certain fields. Such instructions may be given verbally or on a printed
notification of collection attached to the form. If the form is photocopied rather than preprinted, the
fields which should not be completed may be blacked out prior to photocopying.
Approved by the Board of Governors on March 20, 1997
.•
0
01 (57.
SIMON FRASER UNIVERSITY
Policies and Procedures
I 10.06 FOl Requests That Create Conflict of Interest
PURPOSE
• To define the circumstances when Archives Department staff may be in a real or perceived conflict of
interest when coordinating the University's response to a FOl request received under B.C.'s Freedom
of Information and Protection of Privacy Act.
• To designate an independent third party who, in these circumstances, shall review, recommend an
access decision, and sever the record(s) responsive to an FOl request.
RESPONSIBILITY
• Archives Department staff are responsible for bringing any potential conflict of interest to the attention
of the Information and Privacy Coordinator.
• The Information and Privacy Coordinator is responsible for bringing any potential conflict of interest
to the attention of his/her supervisor.
• The supervisor is responsible for deciding if a real or perceived conflict of interest exsits, and referring
• ?
to the designated third party for review the record(s) responsive to the FOl request that create the
conflict.
• The designated third party is responsible for completing an independent FOl review of the record(s)
referred to her/him.
SCOPE
This policy applies to the University Archives Department.
POLICY
Archives Department staff shall be deemed to be in a real or perceived conflict of interest in the following
circumstances:
• when the record(s) responsive to a FOl request was/were written by a member of the Archives
Department staff;
• when the record(s) responsive to a FOl request refers to a member of the Archives Department staff;
or
• when the record(s) responsive to a FOl request contains information from which a member of the
Archives Department staff could derive benefit or gain due to her/his status as a member of the faculty
association.
Any other circumstances that give rise to a potential conflict of interest when coordinating the University's
response to FOl requests shall be decided on a case by case basis.
•
The designated independent third party to whom the record(s) responsive to a FOl request shall be referred
pursuant to this policy is the Director, Secretariat Services.
Should both Archives and the Director, Secretariat Services be named in a document under review, the matter
will be referred to the next highest supervisory level at which there is no conflict of interest.
When a FOl applicant requests that the Information and Privacy Commissioner's Office review the university's
access decision, and it involves records covered by this policy, the Director, Secretariat Services shall be the
university's mediation contact for those records that create the conflict. For all other records, the university's
Information and Privacy Coordinator shall be the mediation contact.
PROCEDURE
Upon deciding that a real or perceived conflict of interest exists, only the record(s) responsive to a FOl request
that create the conflict shall be referred to the Director, Secretariat Services.
All
other records shall be reviewed
by the Archives Department according to its usual procedures.
The Director, Secretariat Services shall, according to those standard procedures used by the Archives
Department:
• review the record(s) for possible FOl exceptions to the right of public access,
• document the review,
• prepare an access review recommendation for approval and signature by the appropriate SF0
administrator with designated FOl decision-making authority, and
• indicate the information that is to be severed, if any, from the record(s).
The Archives Department shall provide all necessary administrative support to enable the Director, Secretariat
Services to complete the review of records.
The Archives Department shall remain responsible for coordinating the University's final response to a FOl
request, including the record(s) reviewed by the Director, Secretariat Services, according to the Department's
standard procedures. ?
9
Approved by the President on November 14, 1997
0
6r
SIMON FRASER UNIVERSITY
Policies and Procedures
POLICY I 10.07 Security of Facsimile Transmissions
PURPOSE
• To ensure compliance with the privacy rules in B.C.'s Freedom of Information and Protection of
Privacy Act.
• To ensure that confidential or personal information transmitted or received by fax is protected.
RESPONSIBILITY
The University officials designated by the Board of Governors in its FOI/POP Schedule of Authorized Officers
are responsible for ensuring the implementation of this policy.
SCOPE
This policy applies to
all
departments that use facsimile transmission for confidential or personal information
both within and outside the University.
POLICY ?
-.
• The University shall take every reasonable security measure when transmitting or receiving
confidential or personal information by fax machine.
• The precautions taken shall be appropriate to the sensitivity of the information transmitted or received.
PROCEDURE
University fax machines shall not be used to transmit and receive sensitive confidential or personal information
unless the following precautions are taken:
Sending
1.
Material to be faxed shall include a fax transmittal cover page with a confidentiality statement (see Appendix
A) and the document will be marked "Confidential". The sender's name, telephone and fax numbers, and the
number of pages being sent shall also be noted on the fax cover.
2.
The sender shall confirm that the fax may not be casually observed in the recipient's office by telephoning
before transmission to ensure:
• that the intended recipient is either available to receive the fax immediately;
• that the fax machine is located in a secure location with controlled access; or
• that the material will be secured upon arrival.
.
3. The sender shall visually check the number displayed on the screen for accuracy before proceeding with a
manual transmission.
4. When using pre-programmed fax numbers, the sender shall double-check the fax number to which the
document is being transmitted before sending the fax. If necessary, phone to confirm the destination fax
number and recipient.
5.
When transmitting or receiving very sensitive material, the sender would confirm receipt of the faxed
information by calling the recipient after transmission or have the recipient telephone the sender when the fax is
received.
6.
Check the fax transmission report to ensure correct transmission and to enable fast action if information was
not transmitted correctly. Program the fax machine to print a fax activity history report every 30 to 50
transmissions.
7.
Ensure that fax number master lists are current and accurate.
8.
Check the accuracy of pre-programmed fax numbers on a regular basis.
Receiving
9. University fax machines shall be located in a secure area with controlled access.
10.
Notify the sender of an erroneous transmission and return or destroy the information.
11.
Check the number of pages actually received against the fax cover sheet.
12. Consider using the fax machine's confidential mailboxes to secure sensitive information.
13.
If a computer is used for receiving, automatically route incoming faxes to a directory that can only be
accessed by authorized persons.
Storing
14.
If photocopying a fax for retention, destroy extra copies.
15. Retain fax transmission reports and fax activity history reports for a sufficient time to check for
unauthorized transmissions.
16. If a computer is used for storing faxes, set-up computer directories so that they are only accessible by
authorized people.
Approved by the Vice-President, Academic on February 7, 1997
Appendix
A
SIMON FRASER UNIVERSITY
8888 University Drive, Burnaby, B.C. V5A 1S6
Facsimile Transmission
To:
Fax
?
#:
.
Phone #:
•
From:
Fax #:
Phone #:
Date:
No. of Pages (including this cover page):
This fax communication is intended only for the use of the addressee and may contain information which is
privileged and confidential. If you are not the intended recipient, you are hereby notified any dissemination,
distribution or copying of this communication is strictly prohibited. If you have received this communication in
error, please notify us immediately by telephone, and return the original to us by mail. Thank you.
Material Confidential? Yes No
Message:
IF YOU DO NOT RECEIVE ALL PAGES PLEASE CALL SENDER
STATUS OF ORIGINAL:
- to follow in mail
- to follow by courier
- to remain in this office
- other
r
0
SIMON FRASER UNIVERSITY
Policies and Procedures
I 10.08 Collection and disclosure of Instructor and Course evaluations
PURPOSE
• To ensure compliance with the privacy rules in B.C.'s Freedom of Information and Protection of
Privacy Act.
• To ensure that personal information on instructor evaluation forms is collected using an appropriate
notice and method of collection.
• To ensure that the privacy of students and instructors is protected through the appropriate disclosure of
personal information on evaluation forms.
RESPONSIBILITY
The University officials designated by the Board of Governors in the FOIJPOP Schedule of Authorized
Officers are responsible for ensuring the implementation of this policy.
SCOPE
9
This policy applies to
all
departments that administer instructor and course evaluations.
POLICY
Instructor and course evaluations are records of the University. Information collected on them can generally be
divided into two types: evaluation of the instructor and evaluation of the course.
1. COLLECTION
1.1 INSTRUCTOR EVALUATION
A collection notice is required whenever the University collects personal information. The collection notice on
the evaluation form is to inform both the instructor and the student of the University's legal authority to collect
the personal information, the purpose and use(s) of the collection and who to contact with questions.
All evaluation forms on which information about the teaching performance and effectiveness of an instructor is
collected shall include one of the following notices:
1) For all staff whose bargaining agent is the Teaching Support Staff Union (TSSU), [which covers Teaching
Assistants, Language Instructors, Sessional Instructors and Distance Education Tutor/Markers].
Freedom of Information and Protection of Privacy Collection Notice
The information on this form is collected under general authority of the University Act
(R.S.B.C. 1979, c.419), the SFUTFSSU Collective Agreement (Article 17) and/or SFtJ
. ?
Academic Policy A 12.09. It is related directly to and needed by the University to operate its
personnel management and academic programs. The information will be used to evaluate the
qualifications and performance of non-faculty teaching support staff according to their
assigned duties and responsibilities, to decide on reappointment and to evaluate an academic
program. This evaluation form is completed anonymously, however, please be advised that
any handwritten comments you provide on this form will be available to the person being
evaluated and university administrators. If you have any questions about the collection and
use of this information please contact [Faculty or Department Position Title, Business
Address, Business Phone No.].
2) For all faculty staff whose bargaining agent is the SFU Faculty Association (SFUFA).
Freedom of Information and Protection of Privacy Collection Notice
The information on this form is collected under general authority of the University Act
(R.S.B.C. 1979, c.419) and SFU Academic Policies Al 1.02, Al2.01, Al2.02 or
Al2.05.
It
is related directly to and needed by the University to operate its personnel management and
academic programs. The information will be used to evaluate the qualifications and
performance of faculty according to their assigned duties and responsibilities; to decide on
salary increases, promotion, contract renewal or tenure; and to evaluate an academic program.
This evaluation form is completed anonymously, however, please be advised that any
handwritten comments you provide on this form will be available to the person being
evaluated and university administrators. If you have any questions about the collection and
use of this information please contact [Faculty or Department Position Title, Business
Address, Business Phone No.].
1.2 COURSE EVALUATION
A collection notice is needed to inform the student why and how their personal evaluation of the course will be
used. All evaluation forms on which information about a course is collected shall include the following notice:
Freedom of Information and Protection of Privacy Collection Notice
The information on this form is collected under general authority of the University Act
(R.S.B.C. 1979, c.419). It is related directly to and needed by the University to operate its
education program. The information will be used to evaluate the effectiveness of the
department's academic program. This evaluation form is completed anonymously. However,
please be advised that any handwritten comments you provide on this form will be available to
the course instructor and university administrators. If you have any questions about the
collection and use of this information please contact [Faculty or Department Position Title,
Business Address, Business Phone No.].
2. DISCLOSURE
2.1 EVALUATION OF THE INSTRUCTOR
The evaluation of the instructor by a student is part of the instructor's personal information and is available
only to the instructor and those officials of the University who must need to see it in order to perform their
duties. For example, the Department Chair, the members of the Departmental Tenure Committee, the Faculty
Dean, etc.
The evaluation of the instructor is also part of the student's personal information because it is the student's
personal evaluation of the instructor. Usually, evaluations are completed by students anonymously, therefore,
the information can be routinely released to the instructor and authorized university officials. However, if the
evaluation identifies the student and it is supplied in confidence, the student's privacy must be protected by
removing all personal identifiers before it is disclosed.
The best ways to protect the student's privacy are to provide anonymous, statistical responses and to prepare
an accurate and complete summary of all written comments. Normally, summaries of comments will not be
prepared. Therefore, the collection notice on the evaluation form must also inform the student that anonymized
3
handwritten comments will be released to the instructor and university administrators.
0
2.2
EVALUATION OF THE COURSE
Any written comments provided by the student in an evaluation of the course are part of the student's personal
information. This personal information can only be made public if all personal identifiers are removed.
Course evaluations completed anonymously by selecting multiple choice answers (often resulting in a
computer generated statistical report) do not infringe the student's privacy. In these circumstances, course
evaluations can be routinely released.
Approved by the Vice-President, Academic on January 12, 1998
3v:,
SIMON FRASER UNIVERSITY
Policies and Procedures
I 10.09 Retention and disposal of student exams or assignments
PURPOSE
• To ensure compliance with the privacy rules in B.C.'s Freedom of Information and Protection of
Privacy Act.
• To ensure that student exams or assignments used to make decisions directly affecting the rights of the
student, when retained by the University, are kept for at least one year after use.
• To ensure that the privacy of students is protected through secure disposal of their exams and
assignments.
RESPONSIBILITY
The University officials designated by the Board of Governors in the FOI/POP Schedule of Authorized
Officers are responsible for ensuring the implementation of this policy.
SCOPE
S
• This policy applies to all departments that administer student exams or assignments.
• This policy applies only to graded examination papers or course assignments that are retained by
University faculty.
POLICY
1. RETENTION
1.1 - Student exams and assignments are records of the University when retained by faculty and fall under the
definition of personal information in the Freedom of Information and Protection of Privacy Act. They
document decisions made by University faculty that directly affect the student.
1.2 - Graded examination papers or course assignments are returned to students or retained by the course
instructor at his/her discretion. The exception is final examinations which are retained by the University.
1.3 - When exams or assignments are not returned to the student, the University must retain that information
for at least one year after using it so that the student has a reasonable opportunity to obtain access to it. This
means faculty would retain these records for one year from the semester in which they were written and graded
before disposing of the information.
1.4 - Students should be informed to retain exams and assignments that are returned in case they wish to
appeal a grade.
1.5 -
If an exam or assignment is used as evidence in a grade appeal or some other dispute resolution
5
procedure, it must be kept for one year from the date on which a grade appeal is decided.
1.6 - A Records Retention Schedule and Disposal Authority (RRSDA) has been prepared by the Archives
3-c
Department and approved by the University Registrar and Vice-President Academic for common use by all
University faculties and departments. The RRSDA provides administrative and legal authority for the retention
and disposal of student exams or assignments after one year from date of last use.
?
0
2.
DISPOSAL
2.1 - University records must be disposed of in a manner appropriate to the sensitivity of the information.
2.2 - Student exams or assignments contain sensitive personal information and are to be disposed of by
physical destruction in such a way that they cannot be retrieved or reconstructed. Departments disposing of
these records would contact Facilities Management, Recycling Services to arrange for confidential shredding.
Approved by the Vice-President, Academic on January 12, 1998
.
3(0
SIMON FRASER UNIVERSITY
Policies and Procedures
I 10.10 Posting student grades and returning exams or assignments
PURPOSE
• To ensure compliance with the privacy rules in B.C.'s Freedom of Information and Protection of
Privacy Act.
• To ensure that personal information in the form of grade lists and graded exams or assignments is
disclosed in a manner that protects the privacy of the student.
RESPONSIBILITY
The University officials designated by the Board of Governors in the FOIJPOP Schedule of Authorized
Officers are responsible for ensuring the implementation of this policy.
SCOPE
This policy applies to all
departments that post grades or administer student exams or assignments.:
POLICY
1.
POSTING STUDENT GRADES
The practice of posting student grades in identifiable form, by name or by student identification number sorted
in alphabetical order, is an unreasonable invasion of privacy and contravenes the Freedom of Information and
Protection of Privacy Act. Student names, identification numbers and grades fall under the definition of
personal information in the Act.
Grade lists cannot be posted unless the University can guarantee a reasonable assurance of anonymity.
A number of mechanisms can be used to anonymize grades so that only the student themselves can identify
their own grades. For example, when posting or circulating grades, the student's name would be stripped from
the list and the marks given in non-identifiable form sorted in numeric sequence by student number. In some
cases, student privacy can only be assured by also deleting the first two digits (the entry year) and sorting the
student id using the remaining identification numbers. An explanation of what has been done would
accompany the posting.
If a class is so small that students could easily be identified in spite of a process to conceal the identities, then
grades would not be posted.
An exception to this practice is possible only if each student gives her/his prior written consent to disclose their
grades in identifiable form. A method of collecting and administering this consent would also be needed.
2.
RETURNING STUDENT EXAMS OR ASSIGNMENTS
Student examinations and assignments fall under the definition of personal information in the Freedom of
3?
Information and Protection of Privacy Act. They may include the student's name, identification number, their
personal views and opinions, comments and opinions evaluating their work and their grade.
Therefore, examinations and assignments would only be returned to the student who wrote the exam or
assignment and not to other individuals, unless the student has given her/his prior written permission. Students
should not be allowed to handle exams or assignments other than their own. Exams and assignments would
not be left in a public place for pick-up but would be kept in a secure place. Suggested-ways to distribute
exams and assignments include handing them back in the class
I
tutorial or placing them in sealed envelopes
with only the student name for pick-up from the department's main office.
Again, an exception to this practice is possible only if each student gives her/his prior written consent to openly
distribute their graded examinations and other assignments. A method of collecting and administering this
consent would also be needed.
These are the minimum measures required to comply with the Act's privacy standards. The specific
confidentiality measures used are at the discretion of each instructor to permit flexible, pragmatic procedures
that suit the circumstances of each case. The procedure used by an instructor must provide a reasonable
assurance of privacy protection.
Approved by the Vice-President, Academic on January 12, 1998
0
