Protection of privacy

Athabasca University will gather personal information required to operate the university's programs and services.

Personal information will be managed in compliance with the Freedom of Information and Protection of Privacy Act's (FOIP Act) provisions.

The university will endeavor to see that any information collected is correct and complete. Information will be kept for at least one year after any decision has been made in which it has been used.

The university will consider applications to correct personal information.

Athabasca University will safeguard personal information to protect it from unauthorized access, collection, use, disclosure or destruction.

Privacy breaches

Athabasca University is committed to protecting the privacy of those who work and study here, and to operating in an open and accountable manner. In the event that you have reasonable grounds to believe that your personal information has been collected, disclosed, used, or disposed of in a manner inconsistent with the FOIP Act, please email foip@athabascau.ca

Please provide the director with the details of your complaint. The director will investigate your complaint:

• To ensure the immediate requirements of containment and notification have been addressed
• To review the circumstances surrounding the breach
• To review the adequacy of existing policies, procedures and training in protecting personal information

If the Director, Policy, Privacy and Records Management, is unable to resolve your complaint to your satisfaction, you should contact the Office of the Information and Privacy Commissioner of Alberta.

Privacy Impact Assessments (PIA)

Privacy Impact Assessments (PIAs) are not mandatory under the Freedom of Information and Protection of Privacy Act, but are recommended for major projects and changes to business process that involve the collection, use or disclosure of personal information.

The PIA process requires a thorough analysis of potential impacts on privacy and a consideration of measures to mitigate or eliminate any such impacts. The privacy impact assessment is a due diligence exercise, in which the organization identifies and addresses potential privacy risks that may occur in the course of its operations. While PIAs are focused on specific projects, the process should also include an examination of organization-wide practices that could have an impact on privacy. Organizational privacy policy and procedures, or the lack of them, can be significant factors in the ability of the organization to ensure that privacy protecting measures are available for specific projects.

A privacy impact assessment begins with the completion of a Privacy Impact Assessment Questionnaire and a number of related enclosures. The completion of a PIA is part of the project management process at Athabasca University and the Director, Policy, Privacy and Records Management, assists anyone working through this process. Once the necessary forms are completed with the Director, Policy, Privacy and Records Management, the PIA is submitted to the Office of the Information and Privacy Commissioner for their comments and suggestions.