Your SlideShare is downloading. ×
Student privacy and your ontario college
Student privacy and your ontario college
Student privacy and your ontario college
Student privacy and your ontario college
Student privacy and your ontario college
Student privacy and your ontario college
Student privacy and your ontario college
Student privacy and your ontario college
Student privacy and your ontario college
Student privacy and your ontario college
Student privacy and your ontario college
Student privacy and your ontario college
Student privacy and your ontario college
Student privacy and your ontario college
Student privacy and your ontario college
Student privacy and your ontario college
Student privacy and your ontario college
Student privacy and your ontario college
Student privacy and your ontario college
Student privacy and your ontario college
Student privacy and your ontario college
Student privacy and your ontario college
Student privacy and your ontario college
Student privacy and your ontario college
Student privacy and your ontario college
Student privacy and your ontario college
Student privacy and your ontario college
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Student privacy and your ontario college

164

Published on

FIPPA, MFIPPA, privacy regulation, education law

FIPPA, MFIPPA, privacy regulation, education law

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
164
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Student Privacy and Your OntarioCollegeDan MichalukCSC Annual ConferenceMay 29, 2012
  • 2. Student Privacy and Your Ontario College• FIPPA Basics• FIPPA and Collection of PI• Use and Disclosure of PI under FIPPA• Safeguarding PI under FIPPA• Enforcement and Liability• Discussion of College Adult Upgrading Issues• Question & AnswerStudent Privacy and Your Ontario College
  • 3. FIPPA Basics• FIPPA is the “Freedom of Information and Protection of Privacy Act”• FIPPA does two things • Protects student privacy • Provides a right of access to college recordsStudent Privacy and Your Ontario College
  • 4. FIPPA Basics• Josie enrols in a concurrent education course. The registrar’s office opens a record for her in its student records system. It includes her name, address and date of birth. When Josie finishes the course successfully, her record is updated. What personal information has the College collected?Student Privacy and Your Ontario College
  • 5. FIPPA Basics• In, class Josie’s professor is de-briefing a self- reflection unit. Quite spontaneously, Josie shares a very sensitive personal story about her upbringing with the class. The professor takes no notes. Does the College have applicable duties under FIPPA?Student Privacy and Your Ontario College
  • 6. FIPPA Basics• The privacy part protects “personal information” • Information about an identifiable individual • Not business contact information • Generally not information about someone in a professional capacity – e.g. work product• This includes information that is not recordedStudent Privacy and Your Ontario College
  • 7. FIPPA and Collection of PI• FIPPA is not a consent-based statute• Ordinarily must meet two essential requirements • necessary to the proper administration of a lawfully authorized activity and • collected directly from the individual unless exception applies• Plus must give notice of collectionStudent Privacy and Your Ontario College
  • 8. FIPPA and Collection of PI• Who’s collecting it? • An institution that collects PI is accountable for it • So in collaborative efforts, you need to understand who is doing the collection • Two potential scenarios involving Ministry • You’re collecting PI for you and the Ministry • You’re collecting PI for the Ministry aloneStudent Privacy and Your Ontario College
  • 9. FIPPA and Collection of PI• For what purpose is it being collected? • The stated purpose is the key basis for collection, use and disclosure • Notice of collection must state the “principal purpose or purposes” • Must also state the legal authority for the collection – ordinarily section 2 of the OCAAT – and provide certain contact informationStudent Privacy and Your Ontario College
  • 10. FIPPA and Collection of PI• Is the collection necessary in light of the purpose? • Applies with or without consent • Applies to each data element collected • IPC applies a strict test (upheld by Court of Appeal) • More than merely helpful • Less intrusive means must be taken • Different than reasonable in all the circumstancesStudent Privacy and Your Ontario College
  • 11. FIPPA and Collection of PI• Can you collect indirectly? • Consent • Determining suitability for honour or award • Law enforcement (but internal disciplinary investigations have been ruled not to be law enforcement) This restriction is so strict it is a problem for colleges, especially because it could preclude legitimate threat assessment efforts.Student Privacy and Your Ontario College
  • 12. Use and Disclosure of PI under FIPPA• Use versus disclosure • Neither are defined • Under FIPPA an internal communication or a communication to an agent is treated as a disclosure • A communication to an external entity for its own purposes usually represents a disclosureStudent Privacy and Your Ontario College
  • 13. Use and Disclosure of PI under FIPPA• The statute is fairly permissive • Yes - for the purpose you collected it • Yes - for a “consistent” “secondary purpose” • Consistent if individual “might reasonably have expected such a use or disclosure”Student Privacy and Your Ontario College
  • 14. Use and Disclosure of PI under FIPPA• The statute is fairly permissive (cont.) • Yes – to an employee/agent “who needs the record in the performance of their duties and where disclosure is necessary and proper in the discharge of the institution’s functions”Student Privacy and Your Ontario College
  • 15. Use and Disclosure of PI under FIPPA• FAQ – Can a college report crime to the police? • Yes • There’s a public interest in the reporting of crime • There’s a very broad exception in FIPPA • Note – the police may not be able to receive student records without first seeking a warrant • Note – the same rule doesn’t apply to concerns that arise out of a health care relationshipStudent Privacy and Your Ontario College
  • 16. Use and Disclosure of PI under FIPPA• FAQ – Can a college share information about a former student with another college? • Institutions sometimes ask other institutions for a summary of their dealings with a student • In most circumstances sharing this information without consent is prohibitedStudent Privacy and Your Ontario College
  • 17. Use and Disclosure of PI under FIPPA• FAQ – Can a college share information with a student’s parents? • Generally not (age 16 is the cut off) • Beware of the “health and safety” exceptions in sections 42(1)(h) and 11 We know that some parents can be great allies in helping to manage students at risk. It may be reasonable in some circumstances to impose a parental contact requirement as part of a behavioral contract.Student Privacy and Your Ontario College
  • 18. Safeguarding PI under FIPPA• The chair of the each college board has a duty to • ensure “reasonable measures” are taken • ensure access is on a need to know basis • ensure “reasonable steps” taken in destruction process (secure destruction per IPC guideline)• Duty may be delegated via governance structure• No maximum retention duty, but keeping PI comes with a responsibility for securityStudent Privacy and Your Ontario College
  • 19. Safeguarding PI under FIPPA• Best practices for safeguarding PI • Periodic risk assessment procedures • Intrusion detection and security audit structures • Records management structures • Human resources policy • Physical transfer of personal information policy • Disposal procedures • Privacy breach proceduresStudent Privacy and Your Ontario College
  • 20. Safeguarding PI under FIPPA• Systematic is good, but what’s your low hanging fruit?Student Privacy and Your Ontario College
  • 21. Safeguarding PI under FIPPA• Systematic is good, but what’s your low hanging fruit? • Anecdotally… • …Lost USB keys • …Lost laptops • …Recycling versus shredding • …Departing employeesStudent Privacy and Your Ontario College
  • 22. Enforcement and Liability• FIPPA enforcement • Rests on voluntary compliance of public sector institutions • IPC will handle most complaints through an informal resolution process • Complaints that are not resolved will be investigated and the subject of a public report, often with recommendationsStudent Privacy and Your Ontario College
  • 23. Enforcement and Liability• Civil liability for privacy breaches • Data breach liability is real • Breach response costs are significant and will be borne for breaches of almost any consequence • Damage claims are possible • A question of negligence • Best defence will arise from due diligenceStudent Privacy and Your Ontario College
  • 24. Enforcement and Liability• The new intrusion upon seclusion cause of action • Not clear how this will affect day-to-day college administration • Only covers unauthorized collections of information • Rests on a “reasonable expectation of privacy” • Also must establish the an intrusion that is “highly offensive”Student Privacy and Your Ontario College
  • 25. College Adult Upgrading IssuesStudent Privacy and Your Ontario College
  • 26. Question & AnswerStudent Privacy and Your Ontario College
  • 27. Student Privacy and Your OntarioCollegeDan MichalukCSC Annual ConferenceMay 29, 2012

×