Privacy protection requires authentication of identity. Authentication of
identity is the process of ensuring that someone is who he or she purports to
Authentication typically relies on one or more of the following:
The Freedom of Information and Protection of Privacy (FOIP) Act, R.S.A 2000,
c. F-25 requires that Athabasca University (AU) protect personal information
against unauthorized use or disclosure by making reasonable security arrangements.
The degree of authentication must be appropriate to the nature of the use or
disclosure and the sensitivity of the personal information involved. In circumstances
requiring a higher level of authentication, AU should use multi-factor authentication
(i.e., two or more forms of authentication to confirm identity).
When AU interacts with a person exercising the rights of another person under Section 84 FOIP Act, AU must authenticate the identity of the person exercising the right. Authentication requires that AU obtain a copy of the document granting the person the right to act for another (e.g., guardianship order, personal directive, power of attorney).
Before disclosing a student's personal information (e.g., grades) to a caller who purports to be the student, AU must verify that the person is who they say they are. Various methods may be used; for example a "shared secret" where the person provides some information know only to him or her and AU, such as information about a previous transaction, a case number or password created for the purpose of authentication. So long as there is no reason to distrust the caller, a student identification number can be accepted as proof of authentication. If for whatever reason, you doubt the truthfulness of the caller, use a second form of authentication. For example, ask the caller what was the last course he or she completed.
AU wishes to acknowledge its reliance on publications issued by the Access & Privacy Branch, Alberta Government Services, which were used in the preparation of this guideline.
Office of the University Secretariat, July 2006
Updated May 30 2014 by Office of the University Secretariat