Information Protection and Access - Restricted Information Policy (Privacy Policy)
- Related Documents: Information Protection and Providing Access to Restricted Information Procedure (Privacy Procedure), Employee Confidentiality Agreement (external link) , Minimum Cybersecurity Controls
- Owner: General Counsel and Secretary of the Board of Governors
- Approver: Board of Governors
- Approval Dates: October 2008, March 2011
- Currently under review
I. Policy
Toronto Metropolitan University (the ”University”) supports the closely aligned principles of transparency and accountability and as such routinely provides public access to information about the University’s operations and decisions.
At the same time, the University is committed to protecting specific types of information, which, if disclosed, could reasonably be expected to result in harm to the University, an identifiable individual, or a third party. This subset of information includes personal information, teaching and research records, as well as law enforcement, solicitor-client, labour relations and other kinds of information which for the purposes of this policy will be referred to as “restricted information”.
As of June 10, 2006 the University became subject to FIPPA’s legal requirements concerning the use, disclosure, and retention of personal information, as well the obligation to provide access to University records with limited protection for certain kinds of restricted information. To enable the University to meet its statutory obligations under FIPPA, the General Counsel has developed a procedures document (“Procedures”) which identifies restricted information categories, employee responsibilities, and legislative highlights. This policy and the related Procedures do not limit the rights and obligations outlined in any existing relevant legislation.
University employees are responsible for reviewing and understanding this policy and the related procedures. General Counsel and the Information and Privacy Coordinator are responsible for disseminating the policy and Procedures to employees, making the policy and Procedures widely available, and developing the necessary tools and forms to support the Procedures.
This policy and the related Procedures shall be maintained and updated on an ongoing basis by the General Counsel.
II. Application and Scope
This policy extends to University employees and applies to all records in the custody or control of the University. If a provision of this policy conflicts with a statutory obligation, the conflicting provision of this policy will be inoperative to the extent of the conflict. This policy replaces the Freedom of Information Guidelines and the Protection of Personal Information Guidelines. For guidance on the protection of the University’s general information assets, please see the University’s Information Protection Policy.
III. Jurisdiction
The interpretation of this policy falls under the jurisdiction of the General Counsel.