How Privacy is Protected
Saint Mary’s University is committed to protecting the privacy of the people who work and study here, as well as the privacy of individuals who have previously worked and studied here. Saint Mary’s is governed by the Nova Scotia Freedom of Information and Protection of Privacy (FOIPOP) Act, which provides access to most records under the control of the provincial government while protecting the privacy of individuals who do not want their personal information made public. FOIPOP strives for a balance between an individual’s right to know and an individual’s right to privacy.
The Freedom of Information and Protection of Privacy Act (“ FOIPOP”) sets out mandatory requirements relating to personal information held by public bodies. FOIPOP also requires that public bodies protect the confidentiality of personal information and the privacy of the individual who is the subject of that information. This includes protecting the information from theft, loss and unauthorized access to, use of, disclosure, copying or disposal of the information.
A privacy impact assessment is a tool to identify risks and mitigation strategies associated with the use of personal information. It is an essential tool for ensuring compliance with the privacy requirements set out in FOIPOP and is a building block of a good privacy management program.1
1For more information about Privacy Management Programs visit the website of the Freedom of Information and Protection of Privacy Review Office website.
Taken from: Office of the Information & Privacy Comissioner for Nova Scotia. (2019). Privacy impact assessment freedom of information and protection of privacy act. Retrieved from https://oipc.novascotia.ca/sites/default/files/publications/FINAL%20-%20FOIPOP%20PIA%20OIPC%202019%2011%2029.pdf
A privacy breach occurs when personal information is collected, retained, used or disclosed in ways that are not in accordance with the provisions of the FOIPOP Act. As of Nov 1, 2018, Saint Mary’s University is required by law to report privacy breaches involving personal information, even if they do not pose a real risk of significant harm to an individual. These records must be maintained for a period of 24 months after determining that a breach has occurred.
A Privacy Breach Report must be filled out whenever a privacy breach has been identified. Completed forms must be sent to the Saint Mary’s FOIPOP Administrator.
For more information on privacy breaches, please contact Suzanne van den Hoogen, FOIPOP Administrator.