Public bodies, like public post-secondary institutions, are required to adhere to the provisions set out in the Freedom of Information and Protection of Privacy Act. This means that following best practices around the collection, disclosure, retention and storage of personal information is key.
What is Personal Information?
Personal information is defined as “Recorded information about an identifiable individual other than contact information.” (FIPPA)
Generally, personal information is defined as follows:
- name, address, email address, or telephone number;
- age, sex, religious beliefs, sexual orientation, marital or family status, blood type;
- an identifying number, symbol or other particular assigned to an individual;
- information about an individual’s health care history, including a physical or mental disability;
- information about an individual’s educational, financial, criminal or employment history; and
- personal views or opinions
Any combination of information that can potentially identify an individual can be considered personal information
Section 30.1: Storing Personal Information In Canada
Generally, public bodies in BC are expected to protect personal information despite location and section 30.1 of the Act states that post-secondary institutions should only store and access personal information in Canada.
Storage and access of personal information can occur outside of Canada but having consent from the individual is required. Consent must be;
- in writing,
- specify which personal information is being considered in this consent,
- a date when the consent expires (can’t be forever),
- why the personal information is being stored,
- where the personal information is being stored,
- who can access it.