34 Protection of Privacy

 Practical Guidelines

• Tell students what personal information is being collected and why. Rarely will information about SINs or marital status be needed.
• Seek written consent from students in order to share personal information with others. This includes personal email addresses intended to encourage and enable students and instructors to communicate. Students must not be required to share personal information with classmates, and should be told they have the right to decline permission.
• Students should be encouraged to use their university emails. If they prefer their own emails to communicate with instructors or students they must provide written prior consent.
• Ask permission before passing along names of students to potential employers or as volunteers.
• The university must obtain permission from each individual prior to sharing student and graduate mailing lists to private companies peddling services.
• Instructors and program assistants may collect home phone numbers as it may be necessary to contact students, concerning performance and assignments or absence from class but that information must be kept secure.
• Do not post identifying personal information in a public place such as a hallway or an office door. Grades should be given to students individually in person or electronically via university email.
• A student’s work should be returned only to the student. Do not leave assignments, etc., to be picked up in a public space.
• Do not read out grades when handing back assignments.
• Do not collect social insurance numbers unless it is necessary. This may include paying a student or a guest lecturer. Destroy the SIN number information once it is no longer needed. Ensure that destroyed records are disposed of in a secure manner, i.e. shredding.
• Do not disseminate irrelevant personal information such as marital status, unless it is relevant and then only on a need-to-know basis. Do not share such information with students’ classmates.
• Where practical, prior consent should be obtained from the student if it is necessary for the purpose of the program to share medical information – risk of infection, for example.
• Do not identify students by name in minutes of meetings or other records intended for broad circulation.
• Make sure passwords are complicated enough to thwart unauthorized others, but easy for you to remember. Short meaningful sentences with symbols or characters are the best.
• Store confidential and/or sensitive information in a protected and secure location. Never transport confidential or sensitive information by mobile device unless it’s been encrypted.
• Do not fax personal information unless absolutely necessary. If necessary. Make certain that it will be received only by the appropriate individual.
• Do not release personal information such as home phone numbers or addresses in public documents such as class yearbooks or on social media sites.
• A student’s educational information, including whether he/she is currently enrolled, cannot be released. Refer all such inquiries to the Senior Records Manager in the Registrar’s office, 604.599.2027.
• Departments should not keep confidential personal information for longer than one year after the student has left the program. Refer to university records and retention schedule for guidance as to when a record may be destroyed.

^[2]