About Saint Mary's

Administration of Rights

1. When you receive a verbal request for information.

Do

  • Ask what information it is the person needs - narrow the scope of the request.
  • Assist the individual as much as possible by explaining what records exist, don't exist and which ones are routinely available.
  • Refer the individual to the FOIPOP Administrator if the request is for records that contain confidential or personal information
  • Refer verbal requests from the media to the Director of External Affairs.

Don't

  • Don't treat a verbal request as a FOI request - only requests in writing are handled under the Act.
  • Don't refuse to provide access without an explanation or without advising the individual to put the request in writing and how to submit it.

2. When you receive a request for information in writing:

Do

  • Determine if the request can be responded to routinely.
  • Contact the FOIPOP Administrator without delay if you believe the records contain confidential or personal information.
  • Send a copy of the written request to the FOIPOP Administrator.

Don't

  • Don't ignore the request or try to handle it through another University process that makes no provision for production of records.
  • Don't refuse to provide access without an explanation or without referring the individual appropriately.
  • Don't disclose records that contain confidential or personal information.

3. When you collect personal information:

Do

  • Collect only that personal information required to administer and operate a University program or service.
  • Use an appropriate method of collection - in most cases get the information directly from the person it is about.
  • Ensure that a proper collection notice is printed on the form or included in the letter used to collect the information.

Don't

  • Don't collect information that you don't need.

4. When you create a University record:

Do

  • Create records with access in mind - assume someone will ask to see it.
  • Create files with access in mind:

- One case - one file.

- Eliminate copies.

- Use consistent filing practices

Don't

  • Don't create a record with the expectation of complete and absolute secrecy.
  • Don't inter-file confidential records with ones that are not confidential.

5. When keeping records:

Do

  • Follow the Records Retention Schedule if one exists for the record.
  • Retain records used to make a decision about an individual for a minimum of one year.
  • Retain complete, accurate and reliable records of evidence.

Don't

  • Don't destroy records unless authorized under the Records Retention Schedule or without checking with the FOIPOP Administrator.

6. When you conduct a review, inquiry or investigation:

Do

  • Provide participants with a clear statement of confidentiality.
  • Require that all materials and evidence be supplied in confidence.
  • Write the report with access in mind:

- Make it anonymous whenever possible.

- Keep confidential and non-confidential material separate.

Don't

  • Don't write down subjective comments unless you are prepared to have them read.
  • Don't reveal personal details about individuals' private lives unless absolutely necessary to support findings and recommendations.
  • Don't make audio or videotapes of interviews or hearings unless necessary.

7. When designing a new electronic record-keeping system:

Do

  • Remember to plan and implement reasonable security measures to protect personal information.
  • Establish authorized logon ID's for access to a local network.
  • Password protect access to your desktop computer, local network, each database and automated system.

Don't

  • Don't assume that the software you are using has built in security features.
  • Don't leave your system vulnerable to attack.