Adoption |
---|
Date : 2018-04-10 Instance of approval : University Secretary-General |
Originating/Responsible Department : Office of the Secretary-General |
PURPOSE
- The purpose of this Procedure is to describe the basics steps in handling a Privacy Complaint as defined in clause 4 of this Procedure.
INTERPRETATION
- This Procedure shall be read in a manner that is consistent with the University’s obligations under FIPPA and other Applicable Access and Privacy Legislation as well as Policy 90 – Access to Information and Protection of Privacy.
- Capitalized words or expressions used in this Procedure are defined in Policy 90 or in this Procedure.
BASIC STEPS IN PROCESSING PRIVACY COMPLAINTS
- If a person believes that the University wrongfully collected, used or disclosed his or her Personal Information the person may file a written complaint with the Director (“Privacy Complaint”). The Privacy Complaint must include a description of the nature and extent of the circumstances affecting the person’s privacy; the academic or administrative unit or office associated with the purported wrongful collection, use or disclosure; the name(s) of any person(s) involved; the date or time period on or within which the purported wrongful collection, use or disclosure occurred; and the person’s expectations regarding the outcome of the Privacy Complaint.
- The Privacy Complaint shall be filed within 30 consecutive days from the date the person knew or ought to have known of the purported wrongful collection, use or disclosure.
- The steps and time required to process a Privacy Complaint may vary depending on the nature, circumstances and complexity of the complaint. Generally, the steps in processing a Privacy Complaint are as follows:
- Acknowledgment of receipt of the Privacy Complaint, sent to the person who filed it.
- Communication with the person who filed the Privacy Complaint in order to obtain clarification or additional information as required.
- Communication with the academic or administrative unit or office and person(s) involved with the subject-matter of the Privacy Complaint or who may have knowledge of the circumstances surrounding the Privacy Complaint.
- Consultation with other appropriate authorities within the University, including without limitation Legal Services, Protection Services, the Office of Risk Management, and/or Information Technology (IT).
- Communication with the person who filed the Privacy Complaint to review the matter, inform them of any steps taken to address the Privacy Complaint, and resolve any outstanding concerns.
- Follow-up with the academic or administrative unit or office and person(s) involved with the Privacy Complaint to ensure implementation of corrective or remedial measures, as required.
AMENDMENTS
- The Secretary-General of the University may approve exceptions or make amendments to this Procedure.