Protection of Privacy
Protection of Privacy
Part 2 of the FOIP Act, establishes conditions and obligations that public bodies must meet in protecting the privacy of individuals whose personal information is in the public body's custody or under its control.
Protection of Privacy, is ensuring that NAIT:
- Collects: only the personal information needed for directly related activities and it must be collected directly from the individual the information is about unless one of a number of exceptions are applicable.
- Uses: and Stores personal information in a manner that respects the Act, with regards to the privacy of individuals.
- Disposes: of personal information in a secure and appropriate fashion (i.e. Records Retention Schedule).
- Corrections: Allow individuals the right to request corrections to information about themselves held by NAIT.
What is Personal Information?
Personal information is a sub-set of records in the custody or under the control of a public body (NAIT).
Section 1(1)(n) of the Act, defines "personal information" as recorded information about an identifiable individual, including but not limited to an individual's:
- Home or business address or telephone numbers
- National or ethnic origin
- Political beliefs or associations
- Marital status
- Family status
- Identifying numbers
- Fingerprints or blood type or inheritable characteristics
- Health and health care history
- Educational, financial, employment, criminal records
- Opinions of a third party about the individual
- The individuals personal views or opinions, except if they are about someone else
How is Personal Information Collected?
Personal Information cannot be collected by NAIT unless it is expressly authorized by an Act or regulation; it is related to law enforcement; or it is necessary for an operating program or activity of NAIT (Section 33). The individual, except in certain defined circumstances, must be told of the purpose for collection, the specific legal authority for collection and who can answer specific questions about the collection.
Personal information must be collected directly from the individual the information is about except in certain specifically defined circumstances such as where the individual has consented to indirect collection, another method of collection is authorized under an Act or it is collected for the purpose of law enforcement, etc. (Section 34)
NAIT also has a duty to ensure that reasonable security arrangements are maintained for personal information in its possession. (Section 38).
Use of Personal Information
NAIT may use personal information for the purpose for which it was originally collected or for a use consistent with that purpose. A consistent purpose is a purpose which has a reasonable and direct connection to the purpose for which the information was collected and is necessary for an operating program or statutory duty. The only other way NAIT can use personal information is if the person, who the information is about, has consented to its use.
Every reasonable effort must be made by NAIT to ensure that the personal information it uses is accurate and complete. It is a fundamental principle that an individual has a right of access to his or her own personal information (subject to very narrow exceptions), and to request correction of information that the individual believes may contain an error or omission. NAIT must either make the correction or at least make note of the request on the record file in question.
Disclosure of Personal Information
Specific rules are set out in the Act to ensure that an individual's personal information is not disclosed beyond the extent required for the proper operations of NAIT or for the legitimate interests of researchers.
Section 39 of the Act provides for specific and limited situations where a public body may disclose personal information without an access request. Only in very restricted situations may personal information be disclosed, such as where it is used for a purpose consistent with the purpose for which it was collected; where the individual consents to disclosure; where another Act or regulation of Alberta or Canada authorizes or requires disclosure; to comply with a court order, to comply with a law of Alberta or Canada or to a relative of a deceased individual.
There may also be disclosure for research purposes but this disclosure is controlled in Section 42.
Security of Personal Information
NAIT is obligated to have security arrangements against unauthorized access to personal information. This may include:
- Passwords on computers
- Clearing desktops at the end of the day
- Securing personal information in locked drawers
- Reviewing who has access to a work area
- Locking drawers and offices at the end of the day
REMEMBER: Sharing your personal identifiers (staff numbers, student ID numbers) with others, gives others access to your personal information. Security of your personal information is a responsibility that you share with the Institute.