FOIP : Office of the University Secretariat

Guidelines � Handling Personal Information Provided in Confidence

Guidelines – Handling Personal Information Provided in Confidence

The Freedom of Information and Protection of Privacy (FOIP) Act, R.S.A. 2000, c. F-25 allows for the collection of personal information if:

The collection is authorized by an enactment of Alberta or Canada
The collection is for law enforcement purposes
The information relates directly to and is necessary for an operating program or activity of Athabasca University (AU).

AU offers services to students that require the collection of certain personal information that would not normally be collected and maintained. To provide a particular service, an employee may collect certain personal information directly from an individual or from another source (usually authorized by the student) to enable the employee to provide or arrange the required or necessary service(s) for the student. Most times, the information is provided in a manner that would be considered "supplied in confidence" to a particular employee even though no written statement stating it was provided in confidence was involved.

Some employees have the authorization to collect and maintain certain types of personal information that would be disclosed to other employees of AU. These same employees may also have the authority to request or authorize special services for a particular individual. In these incidents, it is important to inform the rest of the AU community of the roles and responsibilities these particular employees have, and the ablility to authorize or make requests for service beyond what normally would be provide by another AU office.

In these circumstances, the individual that the personal information is being collected directly from will be informed of the purpose for the collection, the authority under which it is being collected, and whom they can contact if they have any questions regarding the collection and use of this information. If the personal information is to be collected from a third party, then the individual's written consent is usually required before the employee may contact and collect the personal information from a third party. Contact the Privacy and Policy Coordinator for guidance whether consent must be obtained.

The FOIP Act requires AU to protect personal information by making reasonable security arrangements against such risks as unauthorized access, use, or disclosure.

AU shall make reasonable security arrangements to protect access, use and disclosure of this personal information. This may include not placing the information on the student information database, coding the information before placement on the student information database, or establishing a separate student file that would contain only this type of personal information.

Access, use or disclosure to other AU offices and employees would be only on a "need to know" basis to fulfill their responsibilities. In some incidents, the office or employee may only be informed of the service(s) that are required or necessary for the individual, but not the reason why the service is being requested.

Office of the University Secretariat, July 2006