What is Personal Information?
Personal information may be released only to the person whom the information is about, or, with the written consent of that person, to a third party. Personal information means recorded information about an identifiable individual including:
- the individual's name, address or telephone number
- the individual's race, national or ethnic origin, colour, or religious or political beliefs or associations
- the individual's age, sex, sexual orientation, marital status or family status
- an identifying number, symbol or other particular assigned to the individual
- the individual's fingerprints, blood type or inheritable characteristics
- information about the individual's health care history including a physical or mental disability
- information about the individual's educational, financial, criminal or employment history
- anyone else's opinions about the individual
- the individual's personal views or opinions, except if they are about someone else
- Collect only that personal information required to administer and operate a University program or service. Don't collect more information than you need.
- Use an appropriate method of collection - in most cases get the information directly from the person it is about.
- Ensure that a proper collection notice is printed on the form or included in the letter used to collect the information.
- Create records with access in mind - assume someone will ask to see it.
- Create files with access in mind.
- One case - one file.
- Eliminate copies.
- Use consistent filing practicess.
- Make sure confidential records are kept separate from ones that are not confidential.
- Follow the Records Retention Schedule if one exists for the record. Only destroy records as authorized under the Records Retention Schedule, or by checking with the FOIPOP Administrator.
- Retain records used to make a decision about an individual for a minimum of one year.
- Retain complete, accurate and reliable records of evidence.
- Provide participants with a clear statement of confidentiality.
- Require that all materials and evidence be supplied in confidence.
- Write the report with access in mind:
- Make it anonymous whenever possible.
- Keep confidential and non-confidential material separate.
- Avoid writing down subjective comments unless you are prepared to have them read.
- Keep personal details about individuals' private lives private, unless absolutely necessary to support findings and recommendations.
- Avoid making audio or videotapes of interviews or hearings unless necessary
- Remember to plan and implement reasonable security measures to protect personal information.
- Establish authorized logon ID's for access to a local network.
- Password protect access to your desktop computer, local network, each database and automated system.
- Check the software you are using for built-in security features.
- Take steps to protect your system from attack.