Privacy DT Privacy DT

Privacy Information

Principles

The Director, Human Resources is the designated Privacy Officer at Suncrest College.

The primary purpose of the Privacy Officer is to serve as a resource within the College on issues related to access to information and privacy, including compliance with The Local Authority Freedom of Information and Protection of Privacy Act.

If you have any questions, please contact our Privacy Officer.

Purpose

This policy will provide parameters for collection and protection of personal information.

Policy

College is a "local authority" pursuant to The Local Authority Freedom of Information and Protection of Privacy Act (LAFOIP). Accordingly, Cumberland College has a responsibility in many instances to provide access to records that are in its possession and control. Cumberland College also has a duty to protect the personal information that it acquires in the course of delivering its programs and services. Cumberland College strives to ensure that both Cumberland College and any third parties working with Cumberland College comply with not only LAFOIP, but also with any other legislation that may apply to the collection, use and disclosure of personal information of any kind.

Procedures

Roles

The College shall appoint a Privacy Officer whose responsibilities include:

  1. Responsibility for implementation and interpretation of this policy.
  2. Ensuring, in conjunction with Human Resources, that appropriate orientation and education on Privacy policy and processes is provided to staff.
  3. Receiving requests to access college records directly or upon referral from other staff.
  4. Overseeing practices to ensure consistency with this policy and the Act.
  5. Investigating any complaints about unauthorized disclosure of personal information.

The Privacy Officer will make a decision concerning an access request and communicate the College’s decision in writing to the person making the request.

All Staff responsibilities include:

  1. Completion of all required privacy training.
  2. Annual completion of the College “Oath of Confidentiality.

Personal information shall not be used or disclosed except for the specific purpose for which it is collected. Subject to the Act, individuals are entitled to access their own personal information where the individual believes there is an error or omission.


Cumberland College will identify the purposes for which personal information is being collected at or before the time the information is collected.


Cumberland College will collect your personal information with your consent; in some cases this consent will be reasonably implied. Where an individual uses a Cumberland College website to provide personal information, consent will be inferred and browser, IP address and website usage information may be collected.


Cumberland College will retain personal information as long as needed to fulfill the purpose for which it was collected and for as long as required to comply with the most current Administrative Records Management System issued by the Sask Archives Board. Refer to the Cumberland College Document Retention and Disposal Policy 207 for more information.


Access

The personal information of prospective, current and past students and employees will be protected and access limited, where within the control of the college, to Cumberland College staff requiring the information as part of provision of normal services, to a limited set of third parties who work with the college to provide services and programs, and to those who make proper access requests and are entitled to the information per the Act.

Subject to the Act, individuals are entitled to access their own personal information upon a written request and to request correction of the personal information where the individual believes there is an error or omission.

Upon written request, students may request that copies of their student record be forwarded to themselves or to an identified third party. Where the record kept by Cumberland College is not the student’s official record (eg: transcript information housed at brokering institutions), students will be advised to contact the brokering institution for an official record.

Cumberland College may release information where a case of authorized, justified or legally required release is established.

This Information May Include:

  • Release of personal information in response to a Court Order or formal legal or public investigation
  • Release information to appropriate emergency contacts in the event of an emergency or a safety or security threat to any individual
  • Release of select information to government departments for the purposes of statistical analysis and research, ensuring that the information’s confidentiality is protected to the fullest extent possible
  • Release in other situations that are specifically permitted by LAFOIP.
  • Release to a limited number of third party partners who provide services related to the delivery of Cumberland College programs and services
  • Release in order to collect a debt owing to Cumberland College.

Internal Privacy

Staff and students shall be given the opportunity to give informed consent for their personal information to be shared with any parties or agencies which are not part of Cumberland College. This might include but is not limited to contractors and agencies assisting in funding or support of the student or staff member.

Adult Basic Education students must give written consent for their transcripts to be accessed via the Student Data System (SDS) system. Students must complete a Ministry of Education Form 3. This consent is implied to last throughout (but not beyond) the student’s active enrollment in a college Basic Education program. Access to the SDS system is subject to provincial audit. A list of staff with access to SDS will be reviewed annually by the Vice President, Academics.

Cumberland College participates in student registrations through the OCSM/SIS system. While it is recognized that this is a multi-user system, Cumberland College staff are responsible for maintaining the accuracy and confidentiality of information entered and accessed through this system to the best of their ability, following the approved protocols for the system. The list of staff with access to OCSM/SIS will be reviewed and adjusted annually by the Information Officer in consultation with the Manager, Safety and Institutional Strategy.

Staff should generally not confirm the presence of a student in a college program or his/her whereabouts to outside parties except in the case of a police investigation or dire emergency.

Students must give written consent in order for the college to confirm attendance in/completion of programs and/or to release any marks the college is authorized to release or any information in the student’s file unless it is being released directly to the student. Where certification is provided by another institution, students should be directed to that institution for a formal transcript. This form can be used to give consent, email completed form to [email protected].

When preparing student or employee information for valid release, the copied documents should be marked “Copy”.

In general, if any staff member is contacted by the media, the request should be referred to the President/CEO or designate for handling or referral.

Many staff members are responsible for sensitive and personal information which is handled in the course of daily business. Some considerations include:

  • ensuring that personal information is not left unsecured when the employee is away from their work area. This would include making sure the work area is locked and/or any files
  • or reports are properly secured if the work area cannot be secured. For unsecured areas, this would also involve logging out of any computer applications (including e-mail) or password-protecting access until the employee’s return.
  • for employees who have contact with students , clients or other outside stakeholders in their work area, ensure that personal information is not left where visitors or clients may see it in the course of contact with the employee (eg: leaving a class list open on your desktop while counseling someone)
  • all employees need to consider the nature of printed information to evaluate whether it is contains personal or sensitive information and needs to be shredded or whether it can be recycled. When in doubt, shred.
  • shredding should be done in a timely fashion so sensitive information is not lying around unsecured for long periods of time.
  • employees issued or using college credit cards need to control their use and the distribution of the credit card numbers and be aware of the possibility of credit card fraud.
  • employees should take care when faxing or e-mailing to ensure that correct numbers and e-mail addresses are used. In the case of sending sensitive information by fax, it is recommended that employees call the recipient ahead of the transmission and ask for confirmation of receipt.
  • employees working from remote locations should take care to ensure that their laptops or other mobile devices are not left logged in and unattended. Due care and attention should also be taken to ensure these devices are not lost or stolen.​

Guidelines surrounding Information Technology Use and Data Security

IT Acceptable Use and Electronic Messaging Policy 203

Staff Technology Use Agreement

Student/Public Computer Use Agreement

Guidelines Around Document Handling

Records Retention and Disposal Guide Policy 207

Freedom of Information Access to Information Request Form – 3rd Party Cumberland College Consent to Disclose

Personal Information Form

External Communication

Information that does not require a formal access request includes:

  • Published material or material available for purchase by the public
  • Material that is a matter of public record

The public can access the following information of a personal or confidential nature for past and present employees of CUMBERLAND according to the LAFOIP Act.

  • The salary, discretionary benefits and responsibilities of an employee
  • The classification of an employee
  • The salary history of an employee
  • Expenses incurred by an individual travelling on behalf of CUMBERLAND
  • Financial or other details of a contract for personal services

A request outside of these categories may require you to complete and submit a formal Access to Information Request Form and submit it to the Cumberland College Privacy Head noted below.


The right to access information does not override an individual’s right to the protection of privacy. Restricted records include information of an identifiable personal or confidential nature in regard to Cumberland College students or employees or those accessing Cumberland College services, except as specifically provided for in LAFOIP.


The Cumberland College Privacy Officer has 30 calendar days to respond from the date the formal Access to Information Request form and a $20 application fee are received. The request will be assessed to determine whether the information requested may be released and if so whether it is readily available. If it is not readily available and hourly charge may be assessed to retrieve and compile the information and a cost estimate for this work will be provided. Email completed form to [email protected].


An application fee of $20 is payable at the time an access request is made. If more than one hour is spent searching for a record or preparing it for disclosure, a fee of $15 for each half hour or portion thereof will be assessed. If preparation fees are expected to be over $50 an estimate will be provided. No fees are payable where access to a record is refused. The college reserves the right to apply additional fees for photocopying, etc. once access to a record has been granted.


Contact Information

Follow Us

Suncrest College's Privacy Officer

Office of the Saskatchewan Information and Privacy Commissioner