The University of Saskatchewan is subject to The Local Authority Freedom of Information and Protection of Privacy Act, and in some limited circumstances, The Health Information Protection Act. The university is required to provide access to information while also protecting the personal information in its possession or under its control. Here are some commonly asked questions with respect to privacy and access to information:
Yes. Personal information includes any information about an identifiable individual, including information relating to the education of an individual. There are very limited exemptions to the definition of protected personal information.
You can do so in an anonymous way, such as posting by student number, provided that student number and other identifying information such as name has not previously been disclosed (so that the information could be combined to reveal the grades of an identifiable individual).
This is a risky practice and strongly recommended against. Grades and personally identifying information can easily be gleamed by other students, even if they are behind a cover page. Further, there is a risk that the work could be stolen, possibly resulting in copyright and academic appeals issues.
Yes. The privacy officer also works in the same unit as the Manager of Contracts and Legal Services, and can help ensure that the contract gets a full review as required.
Please report it to the privacy officer. If it is an actual breach, the privacy officer will assist in containing the breach, conduct a review in accordance with provincial guidelines and recommend corrective measures. To the extent possible, the identity of complainants will be protected. If it is not a breach, there is no harm done.
The privacy officer can review the request and advise whether it is an appropriate disclosure. The university is permitted to disclose personal information to service providers and for research purposes under certain conditions. For example, we should consider whether the use of personal information is necessary or whether de-identified information could be used; the information should be limited to the least amount necessary; and the contract with the service provider should contain explicit protections of the personal information. If the contract is insufficient in this regard, the information may be disclosed under a non-disclosure agreement.