Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy and Confidentiality at Mohawk College Good afternoon: Now I know that you have been waiting for this topic, but I would ask that you keep.

Published byTyrone Pingree Modified over 10 years ago

Similar presentations

Presentation on theme: "Privacy and Confidentiality at Mohawk College Good afternoon: Now I know that you have been waiting for this topic, but I would ask that you keep."— Presentation transcript:

1

2

3 Privacy and Confidentiality at Mohawk College
Good afternoon: Now I know that you have been waiting for this topic, but I would ask that you keep your excitement in check! As an employee you have given the college a lot of your personal information I’m sure that you want the college to protect your privacy and the confidentiality of that personal information The college is committed, legally and ethically to protecting not only your information but that of our students, clients and donors.

4 FOI FIPPA MFIPPA PHIPA PIPEDA IPC PIA TRA

5 Definition of Privacy “The right to be let alone”
Judge Thomas Cooley “The right to exercise control over your personal information.” Ann Cavoukian, IPC Comissioner Let’s start with simple definitions of Privacy The second is from Anne Cavoukian, the information and Privacy Commissioner of Canada

6 Definition of Confidentiality
Ensuring that information is accessible only to those authorized to have access I know other speakers joke about a quiz later I’m not going to do that I’m going to give you a quiz now

7 How well do you know our rights to privacy?
A quiz …

8 Question 1 My name, job title and work phone number is personal information. TRUE? FALSE? Show of hands?

9 Question 1 My name, job title and work phone number is personal information. TRUE FALSE

10 False Personal information (PI) is: Factual or subjective
Recorded or not …about an identifiable individual Simple guideline If it’s on your business card it’s not personal information

11 Personal information includes:
Home address Home phone number Home Photo ID SIN Income Marital status Employment history Employee number Performance appraisals Financial information Educational credentials Medical records Fund raising records Opinions or views on the person This is a partial list of categories of personal information

12 …and of course, the “A” word
“… they even know my age!” Pat Macdonald Associate Dean, Continuing Education

13 Question 2 A man phones you asking if his wife is attending your class. You are allowed to tell him. TRUE? FALSE? A frequent question to instructors and the receptionists at the Front Desk

14 Question 2 A man phones you asking if his wife is attending your class. You are allowed to tell him. TRUE FALSE

15 Question 3 A police officer conducting an investigation phones you asking if a graduate was registered in a C.E. course. You are allowed to tell her. TRUE? FALSE?

16 Question 3 A police officer conducting an investigation phones you asking if a graduate was registered in a C.E. course. You are allowed to tell her. TRUE FALSE

17 Question 4 A student about to write an exam does not have an ID card, so the instructor asks for his SIN card as ID. This is illegal. TRUE? FALSE?

18 Question 4 A student about to write an exam does not have an ID card, so the instructor asks for his SIN card as ID. This is illegal. TRUE FALSE

19 Question 5 A new student does not yet have her student ID number, or a driver’s licence, and so you note her health card number as proof of identity. You just broke the law. TRUE? FALSE?

20 Question 5 A new student does not yet have her student ID card, or a driver’s licence, and so you note her health card number as proof of identity. You just broke the law. TRUE FALSE It is illegal to record the health card number unless you are a health care provider. The college cannot even pass on this number to an agency.

21 Question 6 Someone hit your car in the parking lot and you ask Security if you can view the recording to see the incident. Security tells you that is illegal. TRUE? FALSE?

22 Question 6 Someone hit your car in the parking lot and you ask Security if you can view the recording to see the incident. Security tells you that is illegal. TRUE FALSE Comment on severing images Hiding the TV monitor in the Front Lobby

23 Question 7 A family member arrives at the Front Desk saying that there has been a death in the family. They want to know what classroom their father is in so that they can inform him. The receptionist cannot give them that information. TRUE? FALSE?

24 Question 7 A family member arrives at the Front Desk saying that there has been a death in the family. They want to know what classroom their father is in so that they can inform him. The receptionist cannot give them that information. TRUE FALSE

25 Question 8 Sears Security department phones the Associate Dean of your department and says that they suspect that one of your students has been stalking an employee. They ask if the college can provide a photo to confirm this. The Associate Dean could an ID photo to help in the investigation. TRUE? FALSE?

26 Question 8 Sears Security department phones the Associate Dean of your department and says that they suspect that one of your students has been stalking an employee. They ask if the college can provide a photo to confirm this. The Associate Dean could an ID photo to help in the investigation. TRUE FALSE

27 Question 9 An employer sponsoring one of your students asks if the student passed the course, so that they can reimburse him. It’s OK to confirm. TRUE? FALSE?

28 Question 9 An employer sponsoring one of your students asks if the student passed the course, so that they can reimburse him. It’s OK to confirm. TRUE FALSE

29 How did you do?

30 Our privacy is protected by Federal and Provincial legislation

31 The Acts … Legislation Sector Date Fed/Prov Fed Access to Privacy
Gov. Institutions 1980 Fed FIPPA Provincial 1987 Prov MFIPPA Municipal 1991 PIPEDA Commerce 1999 PHIPA Health 2004 The original is the Federal Access to Privacy Act, known as The Act It regulates the transfer of personal information between levels of government and government institutions PIPEDA The Personal Information Protection and Electronic Documents Act Businesses sharing/selling/bartering your info. Does not apply yet to colleges except in the areas of the Book Store, Fund raising, The Fitness Centre, parking, etc. but it is good practice to follow it PHIPA the Personal Health Information Protection Act protects your Health records So this would apply if you use our Health Services Clinic We also collect PHI about our students - absence due to illness, WSIB injuries, health tests for placements, etc. And it will apply to your students if they are Health Sciences or Human Services students on clinical placement. They will be asked to sign a Confidentiality Agreement regarding clients’/patients’ PHI (Personal Health Information). Or if you go for a check up in Health Services and they passed that information on to the Fitness Centre

32 Freedom of Information and Protection of Privacy Act (FIPPA)
Safety & Corrections WSIB Community & Social Services District Health Councils Consumer & Business Affairs Ontario Human Rights Colleges and universities We are primarily regulated by FIPPA

33 Municipal Freedom of Information and Protection of Privacy Act (MFIPPA)
Municipalities Boards of Education Boards of Health Police Services Public utilities (2,500 in total) For our students in C&Y, ECE, Educational Assistant, Public Safety & Security programs this will apply to your students on work placement They will usually be asked to sign a confidentiality agreement at their field placement

34 The College gathers personal information from…
Students Staff Donors and clients and is committed to protecting that information

35 Information is collected by …
Human Resources Payroll Financial Services OH&S Health Services Registrar Continuing Education These are just some of the departments gathering personal information about you

36 So, what is a record? Any record of information, however recorded, whether in printed form, on film, by electronic means or otherwise.

37 Records include … Application forms Registration forms OSAP forms
Section lists Class lists Exams Address books Memos Draft memos Agendas Comment on draft memos - a Blast o gram

38 Plus … files on your hard drive files on your iPhone
files on your Blackberry your your voice mail How long does the college retain your ? How many copies are there out there? Use the cc for ing to students! You can re-save your voice mail indefinitely

39 and even …

40 Privacy Laws & College policies dictate how information is:
Collected Used Disclosed Retained Destroyed At the departmental level, staff should be instructed the correct methods of gathering, storing and securing personal information We are all issued with User names and Passwords to protect information Our IT system is protected by firewalls and security systems The hard copy, personal Information of our staff and students should be locked away Our facilities are protected by security patrols and CCTV systems

41 Collection: We must have legal authority to collect
collect it directly from the person provide a notice of collection, stating the above and provide the title, business address and telephone number of a college official.

42 So what do we have to do? Safeguard our User Name and Passwords
Access records only relevant to our duties Do not disclose personal information to any unauthorized person Protect personal information of staff and students Each year as staff you are able to access more information on-line. You can check class and section lists, you will have your students’ phone numbers, addresses. The faculty are starting to submit their grades on-line

43 Specifically: Do Protect students’ (and employees’) information
Phone numbers Addresses SIN numbers Employee number Student number Grades and marks Ask students if they want their phone numbers used in a phone tree. If they do not you will have to phone them.

44 Specifically: email/voice mail
Don’t leave PI on voice mail - call back should be called epostcard! Assume additional copies exist Assume it will be forwarded

45 There was a privacy breach…
3/31/2017 There was a privacy breach… What do I do?

46 What is a privacy breach?
3/31/2017 What is a privacy breach? A privacy breach occurs when personal information (PI) is: Collected Retained Used Disclosed in ways that are not in accordance with FIPPA.

47 3/31/2017 Most common breaches: Unauthorized disclosure of personal information, contrary to Sect. 42, for example: a file is misplaced a USB flash drive is lost a form is mailed to the wrong person a document is left in the photocopier a fax is sent to the wrong number an is sent to the wrong address a document is not disposed of correctly a laptop is stolen Lost USB = 603 records Kim Hill case = 400 records We tend not to delete outdated files On a fax machine, reprint will print the last document?? Photocopiers store documents in memory?? Dept. of Veterans Affairs = 23,000,000 City of Toronto, Court Services sent out Notices of Conviction with names, address, charge, drivers license # readable through cellophane window Sept 12, 2001 international student organization requested and got plans for Toronto City Hall, Waste water treatment plants and other buildings, a manager drove out and retrieved them. Oct 2005, 3 boxes of patient records scattered on street for movie of 911 set in Toronto

48 Privacy breach protocol
3/31/2017 Privacy breach protocol Prevention Scope Containment Notification Investigation Remediation

49 Prevention 1 Know your department’s procedures on; Collection
3/31/2017 Prevention 1 Know your department’s procedures on; Collection Retention Use Disclosure Security Disposal Collection notices How long does your department retain records? How does it use them? Who are they disclosed to? How are they protected, locks, passwords, “clean desk” How are they disposed of? Shred it? Diagonal cut shredders.

50 Prevention 2 Know that you are accountable for the PI in your custody
3/31/2017 Prevention 2 Know that you are accountable for the PI in your custody Do not discuss PI in public places Do not leave documents where they can be seen by the public Do not disclose PI to those who do not need to know it Turn your monitor away from the public Public places: Customer Service Windows (Financial Aid, Accounting), cafeteria, hallways “Clean desk” Use strong passwords: 8 characters, upper/lower, numbers/, not in any dictionary

51 Prevention 3 Get written consents before disclosing PI
3/31/2017 Prevention 3 Get written consents before disclosing PI Know the consequences of a privacy breach Ensure that documents are shredded when no longer in use Password protect and/or encrypt data on your laptop, PDA, Flash drive Students do not sign consents at Mohawk Many departments have releases Some use hand written notes Privacy breaches are serious = bad publicity, legal action

52 Notification Immediately inform Your boss 3/31/2017
Emphasis on “Immediately” FOIC = Me I should inform IPC! And possibly our legal counsel

53 Consequences … Compliance orders from IPC Penal offences
Fines ($250K) Possible personal liability ($50K!) Civil liability Loss of Trust

54 In summary … As a new College employee, you are expected to protect the privacy of individuals and the confidentiality of Personal Information under your control!

55 Have you any questions, additional examples, comments?
Q & A Have you any questions, additional examples, comments? Any questions?

56 Director, Corporate Services
John Guilfoyle Director, Corporate Services Ext. 2174

Download ppt "Privacy and Confidentiality at Mohawk College Good afternoon: Now I know that you have been waiting for this topic, but I would ask that you keep."

Similar presentations

Family Educational Rights and Privacy Act What you should know about FERPA.

Family Educational Rights and Privacy Act What you should know about FERPA.
Protect Our Students Protect Ourselves

Protect Our Students Protect Ourselves
FERPA: Family Educational Rights and Privacy Act

FERPA: Family Educational Rights and Privacy Act
Protection of privacy for all Students!

Protection of privacy for all Students!
Gaucho Round-Up FAQ’s This presentation covers some of the FAQ’s about campus clean-up day. Presentation #4 2/3/2015 1.

Gaucho Round-Up FAQ’s This presentation covers some of the FAQ’s about campus clean-up day. Presentation #4 2/3/
Privacy and Information Security Training (2006-07) VUMC Privacy Website www.mc.vanderbilt.edu/privacy.

Privacy and Information Security Training ( ) VUMC Privacy Website
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
1 Opening the Door: Access to Government Information A primer for Media Students Mohawk College Sept. 18, 2002 Bob Spence Communications Co-ordinator Office.

1 Opening the Door: Access to Government Information A primer for Media Students Mohawk College Sept. 18, 2002 Bob Spence Communications Co-ordinator Office.
VIU Workshop: Creating a Culture of Privacy Awareness June 12, 2013 By Justin Hodkinson OIPC Policy Analyst/Investigator Office of the Information & Privacy.

VIU Workshop: Creating a Culture of Privacy Awareness June 12, 2013 By Justin Hodkinson OIPC Policy Analyst/Investigator Office of the Information & Privacy.
RVCC FACULTY FERPA WORKSHOP OCTOBER 2011 DAN PALUBNIAK REGISTRAR

RVCC FACULTY FERPA WORKSHOP OCTOBER 2011 DAN PALUBNIAK REGISTRAR
1 The University of Texas at Tyler Protecting the Confidentiality of Social Security Numbers UTS165 Information Resources Use and Security Policy.

1 The University of Texas at Tyler Protecting the Confidentiality of Social Security Numbers UTS165 Information Resources Use and Security Policy.
Critical Data Management Indiana University HR Summit April 24, 2014.

Critical Data Management Indiana University HR Summit April 24, 2014.
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.

SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.
Complying with Privacy to Enable Innovation & Research

Complying with Privacy to Enable Innovation & Research
The Privacy Office U.S. Department of Homeland Security Washington, DC 20528 t: 703-235-0780; f: 703-235-0442 Safeguarding.

The Privacy Office U.S. Department of Homeland Security Washington, DC t: ; f: Safeguarding.
FERPA: Family Educational Rights and Privacy Act.

FERPA: Family Educational Rights and Privacy Act.
1 GRAND VALLEY STATE UNIVERSITY FAMILY EDUCATIONAL RIGHTS & PRIVACY ACT (FERPA) TRAINING OFFICES OF THE REGISTRAR AND UNIVERSITY COUNSEL JANUARY 20, 2009.

1 GRAND VALLEY STATE UNIVERSITY FAMILY EDUCATIONAL RIGHTS & PRIVACY ACT (FERPA) TRAINING OFFICES OF THE REGISTRAR AND UNIVERSITY COUNSEL JANUARY 20, 2009.

Similar presentations

Ads by Google