Privacy

The University of Saskatchewan is subject to The Local Authority Freedom of Information and Protection of Privacy Act, and in some limited circumstances, The Health Information Protection Act, and is required to protect personal information in its possession or under its control.

The university collects personal information about students, faculty and staff in order to operate effectively and efficiently as a post-secondary institution. The university is required to protect personal information and ensure it is only used and disclosed for appropriate purposes.

Personal information includes any information about an identifiable individual, but excludes the salary and employment responsibilities of an employee of the university, travel expenses of any individual travelling at the expense of the university, academic ranks or departmental designations of faculty, and degrees or certificates granted by the university.

We can only use protected personal information with express consent, with implied consent (for the purpose for which it was collected or a use consistent with that purpose) or without consent in very limited circumstances.

If you have questions or concerns about how your personal information is being handled, please feel free to discuss with your college or the unit dealing with your personal information. They should be your first line of inquiry. If you continue to have concerns, please contact the Access and Privacy Officer at privacy@usask.ca.

A student’s USask registration is considered protected personal information. Personal information includes any information about an identifiable individual, including information relating to the education of an individual. There are very limited exemptions to the definition of protected personal information.

If you receive a request to disclose a student’s registration status, please contact the Privacy Officer at privacy@usask.ca for assistance.

Grades may be posted anonymously, such as by student number, provided that the student number and other identifying information such as the student’s name has not previously been disclosed (so that the information could be combined to reveal the grades of an identifiable individual).

Leaving exams/assignments outside of faculty offices is a risky practice and strongly recommended against. Grades and personally identifying information can easily be gleaned by other students, even if they are behind a cover page. Further, there is a risk that the work could be stolen, possibly resulting in copyright and academic appeals issues.

The preferred method for facilitating requests for alumni contact information is to provide the requestor’s contact information to the intended recipient, allowing them to initiate contact if desired.

External sources could include: eg. mailing house, research company.

The privacy officer can review the request and advise whether it is an appropriate disclosure. The university is permitted to disclose personal information to service providers and for research purposes under certain conditions. For example, we should consider whether the use of personal information is necessary or whether de-identified information could be used; the information should be limited to the least amount necessary; and the contract with the service provider should contain explicit protections of the personal information. If the contract is insufficient in this regard, the information may be disclosed under a non-disclosure agreement.

Cloud services are not prohibited, but if the university will be disclosing personal information of students, faculty or staff to the service provider, or requiring students, faculty or staff to disclose their personal information to the service provider, our due diligence should include a review of the service provider’s security and privacy policies and procedures as well as the terms of use or contract. In addition to privacy concerns, there may be enterprise architecture, operational procurement, and other concerns. The Technology Assessment team assists in reviewing the acquisition of technology, including web and cloud services.

Report a Breach

If you know or suspect that a breach of privacy has occurred, or are unsure but concerned, please contact the Access and Privacy Officer at privacy@usask.ca

Breaches can take many forms. Some examples include:

  • an office or car being broken into and a laptop with student, patient, or human research data being stolen; 
  • a staff or faculty member retiring and leaving files containing personal information in a box in the hallway for unsecure destruction;
  • faxes or emails containing personal information being sent to the wrong recipient;
  • a staff or faculty member inadvertendly sharing the wrong electronic file with students or colleagues which contains personal information not intended for the recipient;
  • staff or faculty discussing an employee or student matter in public. 

Contract Review

Inquiries regarding privacy and confidentiality clauses in contracts can be directed to the Privacy Officer at privacy@usask.ca

Access to Information

Under The Local Authority Freedom of Information and Protection of Privacy Act, any person has a right to request access to university records.

Any person has a right to request access to any record in the university’s possession or control, regardless of their location, identity or motive. University records in your control may be subject to an access to information request. The Access and Privacy Officer requires your assistance and cooperation in ensuring university compliance with access to information legislation.

Further, you are entitled to request access to any university record, including records of your own personal information. If you would like to request access to your personnel file or other records of your own personal information, please contact the college or unit who holds the records. Generally these requests can be handled informally.

Any person has a right to request access to university records, including records of your own personal information. If you would like access to your student records, please contact the college or unit who holds the record. With the exception of certain evaluative material, or the personal information of others, a student generally has the right to access their file, which is their own personal information. Generally these requests can be handled informally. If you are unsatisfied with the response of the college or unit, please submit an access to information request to the Access and Privacy Officer at privacy@usask.ca. At times, the college or unit may be unsure of how to respond to your request and they may consult with the Access and Privacy Officer and/or ask you to submit your request to the Access and Privacy Officer to ensure it is handled correctly..

Giving permission to another person (Proxy Access)

Proxy Access Management is a tool that allows students to share certain information (view-only access) with a person or organization (called a proxy). 

When considering whether to use or disclose personal information of students, employees, or others, please start by considering whether it is protected personal information. If it is, and we don’t have express consent, ask yourself - what were the purposes for its original collection, what was the individual informed of in regards to our use and disclosure of the information, and is this new or intended use or disclosure is consistent with the original purpose.

Please see the Data Governance Framework data stewards and data custodians for your area may be able to assist. If it is personal information, the privacy officer can review the request and advise whether it is an appropriate use of the information, having regard to the purposes for initially collecting the information and the consent(s) (if any) given by the individual to whom the information relates, along with other factors that may be relevant.

Under the freedom of information legislation, any person has a right to access any record in the custody or under the control of the university, subject to limited exemptions. Generally, requests by external parties should be made formally through the access and privacy office. Certain procedures must be followed, including legislated time lines, and the access and privacy officer will coordinate the response to ensure compliance. If you are unsure how to respond to the request, please contact the Access and Privacy Officer, or have the requestor submit a formal application.

Like the university, the federal and other provincial governments are subject to access to information legislation. If they receive a request, and the responsive records includes your information, the federal government may be required to provide formal ‘third party notice’ – they are giving you the opportunity to respond with why the information should not be disclosed. In some cases, these requests capture proprietary or technical information or other financial information which you may not want disclosed. If you receive third party notice, the access and privacy officer can help you review the documents and exemptions and make a response to the government.

Request Access to Information

The university is required to provide access to information while also protecting the personal information in its possession or under its control.

If you would like to request access to information, please submit an application online. Alternatively, you can print the application form and submit the completed form and application fee to:

Access and Privacy Officer
Legal Office
PMB 136 - 107 Administration Place
Saskatoon, SK S7N 5A2
Email: privacy@usask.ca

Application and Processing Fees

For general requests, there is a $20 application fee. This fee may be waived for personal information requests. All cheques can be made payable to the University of Saskatchewan. 

The university charges processing fees in accordance with The Local Authority Freedom of Information and Protection of Privacy Regulations. These may include fees for searching for and preparing records for disclosure ($30/hour), fees for printing or photocopying, and the actual cost of searching and retrieving electronic data. If your request will result in processing fees, you will be provided with an estimate and required to pay a deposit before the university will proceed with processing your request.

Resources

Canada's Anti-Spam Legislation (CASL) places limits on commercial electronic messages. Please find more information about scope and compliance in the Marketing and Communications channel.

The university has a preferred provider for confidential shredding services.

 Make information security a priority.

Faculty, staff and students can find information and training resources to protect personal information and the information of all members of our community including using the internet safely, setting strong passwords, avoiding phishing attempts, using anti-virus software, protecting mobile devices, working remotely and dealing with ransomware. 

Thinking of acquiring new software, hardware, or outsourcing to a cloud service provider? Our Technology Assessment team of experts in privacy, information security, enterprise architecture, risk, legal and procurement and can help you in defining needs and conducting due diligence and will help ensure the university is protected by ensuring compliance and mitigating risk.

USask offers self-drected USask Data Governance access and privacy training.

The Access and Privacy Officer is happy to meet with you or your unit to discuss access and privacy and any issues or questions specific to your unit. Please contact privacy@usask.ca to arrange a meeting.

The Access and Privacy Branch of the Ministry of Justice provides training and resources to government bodies and local authorities. Please see their Access and Privacy Course for Saskatchewan Local Authorities.

The Office of the Information and Privacy Commissioner of Saskatchewan also offers webinars and other resources.

Wherever you work, USask faculty and staff are required to safeguard university data and personal information.

Questions?

Direct inquiries to the Privacy Officer:

Loading...