What is Protection of Privacy?
Protection of Privacy is ensuring that Mount Royal:
- collects only the personal information needed for directly related activites
- use and store personal information in a manner that respects the privacy of the individual
- collect personal information directly from the individual the information is about
- control disclosure of personal information
- dispose of personal information in a secure and appropriate fashion
- allow individuals the right to access and request corrections to information about themselves held by Mount Royal.
Personal Information Details
- What is Personal Information?
- Collection of Personal Information
- Use of Personal Information
- Disclosure of Personal Information
- Security of Personal Information
Any recorded information about an identifiable individual including:
- name
- home or business address or telephone numbers
- race
- national or ethnic origin
- colour
- religion
- political beliefs or associations
- age
- sex
- marital status
- family status
- identifying numbers
- fingerprints or blood type
- health and health care history
- educational, financial, employment, criminal records
- opinions about the individual
- individual's personal views or opinions (except when they are about someone else)
Collection of Personal Information
Personal information cannot be collected by Mount Royal unless it is expressly authorized by an Act or regulation; it relates to law enforcement; or it is necessary for an operating program or activity of the public body (Section 33). The individual, except in certain defined cases, must be told of the purpose for collection, the specific legal authority for collection and who can answer specific questions about the collection.
Personal information must be collected directly from the individual the information is about except in certain specifically defined circumstances such as where the individual has consented to indirect collection, another method of collection is authorized under an Act or it is collected for the purpose of law enforcement, etc. (Section 34).
Mount Royal also has a duty to ensure that reasonable security arrangements are maintained for personal information in its possession (Section 38).
Mount Royal may use personal information for the purpose it was originally collected or for a use consistent with that purpose. A consistent purpose is a purpose which has a reasonable and direct connection to the purpose for which the information was collected and is necessary for an operating program or statutory duty. The only other way Mount Royal can use personal information is if the person, who the information is about, has consented to its use.
Every reasonable effort must be made by Mount Royal to ensure the personal information it uses is accurate and complete. It is a fundamental principle that an individual has a right of access to his or her own personal information (subject to very narrow exceptions), and to request correction of information that the individual believes may contain an error or omission. Mount Royal must either make the correction or at least make note of the request on the data subject file.
Disclosure of Personal Information
Specific rules are set out in the Act to ensure that an individual's personal information is not disclosed beyond what is required for the proper operations of Mount Royal or for the legitimate interests of researchers.
Section 40 of the Act provides for specific and limited situations where a public body may disclose personal information without an access request. Only in very restricted situations may personal information be disclosed such as where it is used for a consistent purpose; where the individual consents to disclosure; where another Act or regulation of Alberta or Canada authorizes or requires disclosure; for complying with a court order, for complying with a law of Alberta or Canada or to a relative of a deceased individual; and so on.
There may also be disclosure for research purposes but this disclosure is controlled in Section 42.
Security of Personal Information
Mount Royal is obliged to have security arrangements against unauthorized access to personal information. This may include:
- Passwords on computers
- Clearing desktops at the end of the day
- Securing personal information in locked drawers
- Reviewing who has access to your work area
- Locking drawers and offices at the end of the day
Remember: Sharing your personal identifiers (staff numbers, student ID numbers) with others gives others access to your personal information. Security of your personal information is your responsibility.