Privacy Information

Policy

College is a "local authority" pursuant to The Local Authority Freedom of Information and Protection of Privacy Act (LAFOIP). Accordingly, Cumberland College has a responsibility in many instances to provide access to records that are in its possession and control. Cumberland College also has a duty to protect the personal information that it acquires in the course of delivering its programs and services. Cumberland College strives to ensure that both Cumberland College and any third parties working with Cumberland College comply with not only LAFOIP, but also with any other legislation that may apply to the collection, use and disclosure of personal information of any kind.

Procedures

Roles

The College shall appoint a Privacy Officer whose responsibilities include:

1. Responsibility for implementation and interpretation of this policy.
2. Ensuring, in conjunction with Human Resources, that appropriate orientation and education on Privacy policy and processes is provided to staff.
3. Receiving requests to access college records directly or upon referral from other staff.
4. Overseeing practices to ensure consistency with this policy and the Act.
5. Investigating any complaints about unauthorized disclosure of personal information.

The Privacy Officer will make a decision concerning an access request and communicate the College’s decision in writing to the person making the request.

All Staff responsibilities include:

1. Completion of all required privacy training.
2. Annual completion of the College “Oath of Confidentiality.

Access

The personal information of prospective, current and past students and employees will be protected and access limited, where within the control of the college, to Cumberland College staff requiring the information as part of provision of normal services, to a limited set of third parties who work with the college to provide services and programs, and to those who make proper access requests and are entitled to the information per the Act.

Subject to the Act, individuals are entitled to access their own personal information upon a written request and to request correction of the personal information where the individual believes there is an error or omission.

Upon written request, students may request that copies of their student record be forwarded to themselves or to an identified third party. Where the record kept by Cumberland College is not the student’s official record (eg: transcript information housed at brokering institutions), students will be advised to contact the brokering institution for an official record.

Cumberland College may release information where a case of authorized, justified or legally required release is established.

Internal Privacy

Staff and students shall be given the opportunity to give informed consent for their personal information to be shared with any parties or agencies which are not part of Cumberland College. This might include but is not limited to contractors and agencies assisting in funding or support of the student or staff member.

Adult Basic Education students must give written consent for their transcripts to be accessed via the Student Data System (SDS) system. Students must complete a Ministry of Education Form 3. This consent is implied to last throughout (but not beyond) the student’s active enrollment in a college Basic Education program. Access to the SDS system is subject to provincial audit. A list of staff with access to SDS will be reviewed annually by the Vice President, Academics.

Cumberland College participates in student registrations through the OCSM/SIS system. While it is recognized that this is a multi-user system, Cumberland College staff are responsible for maintaining the accuracy and confidentiality of information entered and accessed through this system to the best of their ability, following the approved protocols for the system. The list of staff with access to OCSM/SIS will be reviewed and adjusted annually by the Information Officer in consultation with the Manager, Safety and Institutional Strategy.

Staff should generally not confirm the presence of a student in a college program or his/her whereabouts to outside parties except in the case of a police investigation or dire emergency.

Students must give written consent in order for the college to confirm attendance in/completion of programs and/or to release any marks the college is authorized to release or any information in the student’s file unless it is being released directly to the student. Where certification is provided by another institution, students should be directed to that institution for a formal transcript. This form can be used to give consent, email completed form to [email protected].

When preparing student or employee information for valid release, the copied documents should be marked “Copy”.

In general, if any staff member is contacted by the media, the request should be referred to the President/CEO or designate for handling or referral.

Many staff members are responsible for sensitive and personal information which is handled in the course of daily business. Some considerations include:

• ensuring that personal information is not left unsecured when the employee is away from their work area. This would include making sure the work area is locked and/or any files
• or reports are properly secured if the work area cannot be secured. For unsecured areas, this would also involve logging out of any computer applications (including e-mail) or password-protecting access until the employee’s return.
• for employees who have contact with students , clients or other outside stakeholders in their work area, ensure that personal information is not left where visitors or clients may see it in the course of contact with the employee (eg: leaving a class list open on your desktop while counseling someone)
• all employees need to consider the nature of printed information to evaluate whether it is contains personal or sensitive information and needs to be shredded or whether it can be recycled. When in doubt, shred.
• shredding should be done in a timely fashion so sensitive information is not lying around unsecured for long periods of time.
• employees issued or using college credit cards need to control their use and the distribution of the credit card numbers and be aware of the possibility of credit card fraud.
• employees should take care when faxing or e-mailing to ensure that correct numbers and e-mail addresses are used. In the case of sending sensitive information by fax, it is recommended that employees call the recipient ahead of the transmission and ask for confirmation of receipt.
• employees working from remote locations should take care to ensure that their laptops or other mobile devices are not left logged in and unattended. Due care and attention should also be taken to ensure these devices are not lost or stolen.​