FIPPA - Fundamental Principles
Ontario’s Freedom of Information and Protection of Privacy Act (FIPPA) has two main principles:
- Access: to provide the public with a right of access to information in the custody or under the control of institutions; and
- Privacy: to protect the privacy of individuals’ personal information held by institutions and provide a right of access by individuals to their own personal information.
These are records within the University’s custody or control and can include records in all formats and media relating to the University’s operation and administration and records containing information relating to individual faculty, staff and students.
University records include items created by faculty members in their capacity as a University administrator, committee member, department chair and so on.University records may be the subject of an access to information request under FIPPA, and may be required to be disclosed to requesters pursuant to specific exemptions and exclusions in FIPPA.
Keep University records and file in the department or Faculty recordkeeping system.
- Remember that requests may be made for access to University records that you have created and kept
- Ensure that these records may be easily located
- Don’t keep these records for longer than required. For guidance on how long to keep University records, ask departmental or decanal administrative staff, or refer questions to the Information and Privacy Office at firstname.lastname@example.org.
Note that certain records are excluded from FIPPA, including but not limited to:
- Records about or associated with research
- Records of teaching materials
- Labour relations and employment related records, with limited exceptions
- Private (non-University) donations to the University Archives
These are records which have no ongoing operational, informational, evidential or historical value and include notes, working papers and preliminary drafts as well as convenience or duplicate copies of material – paper or electronic. In most instances, transitory records need not be retained after the task or event to which they relate has concluded.
Delete or destroy transitory records when they are of no further use.
These can be truly personal or can relate to your work as a researcher and teacher, such as:
- Research and study notes
- Teaching materials
- Manuscripts and publications
- Autobiographical materials such as your curriculum vitae, degrees, honours or awards received
- Personal communications, such as communications with editors, publishers or professional societies, or with colleagues about your academic work
Keep your personal records separate from University records. You decide how long to retain your own personal records.
Note that the University Archives may be interested in acquiring the records of individuals associated with the University whose papers possess enduring value.
University Records Containing Personal Information
University records can contain personal information, which includes an individual’s name + home address, home telephone number, identifying numbers (e.g. student number or SIN), education or health history, opinions of another person about the individual, etc.
- Keep University records containing personal information for at least one year after last use and only for as long as there is operational need for them.
- Keep personal information records in your custody in a secure location. Ensure that access is limited appropriately to those University employees who need the information in the performance of their duties. Dispose of records containing personal information securely.
Email and Voice Mail
Email messages are also considered University records if they contain information that relates to the operation and administration of the University. Examples include email about work on University committees or email created in the course of administrative duties. Some email may be excluded – see the Note under item 2.1 above. If voice mail messages are saved as electronic records, the same rules apply as to email.
- Keep your email communications factual and objective – email may be the subject of an access to information request under FIPPA.
- Always be cautious about including others’ personal information in email messages. Be aware that email messages sent to non-York email accounts are not secure for transmitting personal, sensitive or confidential information.
- File your personal email separately from University-related email.
If You Are Asked for Information
If you are in any doubt about whether information requested of you as a faculty member is governed by FIPPA, or whether or not it should be released in response to an informal request, refer questions to York’s Information and Privacy Coordinator at email@example.com or call 416-736-2100 ext. 20359.
This document has been developed to assist in establishing good practices and procedures. Additional questions or requests for advice on records and information management or information and privacy issues should be referred to the Information and Privacy Coordinator: firstname.lastname@example.org.