Ontario’s Freedom of Information and Protection of Privacy Act (FIPPA) provides that every person has a right of access to a university record, subject to certain limited and specific exemptions and exclusions. The Act applies to records under the University’s custody or control, including the records of Senate and Faculty Council Committees. Records related to the work of those bodies held by Senate or Faculty Council Committee members are considered to be under the University’s control even if retained in a home or faculty office, or on a personal computer. Examples include paper and electronic agenda packages, draft memoranda or reports, and communications related to any of the business conducted by a committee, sub-committee, or ad hoc group.
Governance Records Accessible Under FIPPA
Records—paper or electronic (including email)—that are created or maintained by committee members in the course of their duties may be subject to a FIPPA request. Therefore:
- create records with access in mind
- create only what is needed to accomplish a task or meet a requirement
- remember that any record acquired under a FIPPA request could be disclosed publicly
Governance Records Not Accessible Under FIPPA
In many cases, FIPPA excludes or exempts from disclosure records that contain personal information, including medical and mental health information and evaluative or opinion material supplied in confidence. It also excludes most labour relations and employment information. Case files that are evaluated by Senate and Faculty Council Committees that contain personal information, such as tenure and promotion, appeals, and awards files, would not be accessible to the general public under a FIPPA request, unless under specific circumstances. See Tip Sheet 4 on FIPPA Exclusions and Exemptions for further details.
Governance and Recordkeeping
The University Secretariat is the official recordkeeping office for records of the Senate and its committees and it retains and disposes of those records according to the University’s Common Records Schedule (CRS); likewise, Faculty Council offices have recordkeeping responsibility for faculty council and committees. It is not necessary or desirable for individual members of Senate and Faculty Councils and their committees to keep copies of council or committee records beyond their immediate use.
As a general practice it is recommended that members keep these records only until a specific meeting has taken place or a particular task accomplished. Committee members should not keep records beyond the end of the academic year. If necessary, documents can be retrieved from the Secretariat or Faculty Council office.
- With committees that evaluate case files containing personal and confidential information (e.g., tenure and promotion, awards, appeals, honorary degrees), if it is necessary to remove paper copies of case files from the Secretariat or Faculty Council offices, ensure that the files are kept securely. After consideration has concluded, return the files to the Committee secretary. Regularly dispose of duplicate copies.
- Electronic records that contain personal and confidential information must not be forwarded to anyone outside the committee. Correspondence, including email communications, should never disclose personal and confidential matters arising from the work of a committee. Ensure that records are kept securely (e.g., password protected, not stored on a shared drive). Remember to delete case files once a final decision is reached.
- If it is necessary to print case files or documents containing personal information to a communal printer, pick up the printed copies immediately.
- Dispose of copies of draft reports and decision letters once a final version has been approved. This includes hard copies, and documents attached to, or embedded in, email messages.
- Remember to return any documents that need to be retained to the Secretariat or Faculty Council office responsible for the file.
With some exceptions, records of Senate Committees are retained for seven years in the Secretariat according to the CRS and then transferred to the University Archives for permanent retention. Records of Faculty Council Committees are retained for seven years and transferred to the University Archives for permanent retention. Retention of records of sub-committees are evaluated on a case-by-case basis. For further information, see the Administration and Governance section of the CRS.
Keep university records, such as committee work, separate from personal teaching or research materials so that the latter do not risk being included in a FIPPA request. See FIPPA for Faculty 1 for more information on recordkeeping principles.
Protecting Information in Email and on Portable Devices
Email messages are easily transmitted and duplicated, and are not considered a secure method for sending or receiving confidential, personal, or sensitive information unless sent and received on campus using the University’s network and Lotus Notes email. However, because emails can be forwarded without the sender’s knowledge, or accidentally transmitted to unauthorized recipients, be very cautious about including personal information in electronic messages. See Tip Sheet 5 on Email Management for further details.
Portable devices such as cell phones, smart phones and similar handheld devices, laptops or memory keys, are easily lost or stolen and information on them accessed by others. See Tip Sheet 11 on the Security of University Records on Portable Devices for more information.
For all portable devices, ensure that they are password protected and do not leave them unattended.
The following practices can assist in securing electronic information:
- For confidential or sensitive information, keep email or text message communications to a minimum; use the telephone whenever possible.
- If using portable devices (e.g., BlackBerrys) to send and receive messages, consult technical support to ensure that appropriate security measures such as encryption are in place, especially if transmitting confidential or sensitive information. Ensure that you keep a copy of your encryption password in a separate and secure location.
- Keep laptop carriers out of sight (preferably locked in the trunk) if you must leave them in a parked car.
- Immediately report theft or loss of mobile devices so that they can be remotely deactivated and their information purged.
This document has been developed to assist in establishing good practices and procedures. Additional information on FIPPA and recordkeeping can be found on the Information and Privacy Office’s website. For questions about FIPPA, please contact the Information and Privacy Office at firstname.lastname@example.org or at (416) 736-2100 x20359. For general questions about Senate and Faculty Council Committee recordkeeping, please contact the University Secretariat at (416) 736-5310.