Administration of Rights

  • When you receive a verbal request for information:

    Do

    • Ask what information it is the person needs – narrow the scope of the request.
    • Assist the individual as much as possible by explaining what records exist, don’t exist and which ones are routinely available.
    • Refer the individual to the FOIPOP Administrator if the request is for records that contain confidential or personal information
    • Refer verbal requests from the media to the Director of Marketing and Communication.

    Don’t

    • Don’t treat a verbal request as a FOIPOP request – only requests in writing are handled under the Act.
    • Don’t refuse to provide access without an explanation or without advising the individual to put the request in writing and how to submit it.
  • When you receive a request for information in writing:

    Do

    • Forward the written request to the FOIPOP Administrator.
    • Work with the FOIPOP Administrator to determine if the request can be responded to routinely.
    • Work with the FOIPOP Administrator to assemble the records requests and provide assistance throughout the application and response process.

    Don’t

    • Don’t ignore the request or try to handle it through another University process that makes no provision for production of records.
    • Don’t refuse to provide access without an explanation or without referring the individual appropriately.
    • Don’t disclose records that contain confidential or personal information.
  • When you collect personal information:

    Do

    • Collect only that personal information required to administer and operate a University program or service.
    • Use an appropriate method of collection – in most cases get the information directly from the person it is about.
    • Ensure that a proper collection notice is printed on the form or included in the letter used to collect the information.

    Don’t

    • Don’t collect information that you don’t need.
  • When you create a University record:

    Do

    • Create records with access in mind – assume someone will ask to see it.
    • Create files with access in mind:
    • One case – one file.
    • Eliminate copies.
    • Use consistent filing practices
    • Follow the CBU Records Retention Schedule

    Don’t

    • Don’t create a record with the expectation of complete and absolute secrecy.
    • Don’t inter-file confidential records with ones that are not confidential.
  • When keeping records:

    Do

    • Follow the Records Retention Schedule if one exists for the record.
    • Retain records used to make a decision about an individual for a minimum of one year.
    • Retain complete, accurate and reliable records of evidence.

    Don’t

    • Don’t destroy records unless authorized under the Records Retention Schedule or without checking with the FOIPOP Administrator.
  • When you conduct a review, inquiry or investigation:

    Do

    • Provide participants with a clear statement of confidentiality.
    • Require that all materials and evidence be supplied in confidence.
    • Write the report with access in mind:
      • Make it anonymous whenever possible.
      • Keep confidential and non-confidential material separate.

    Don’t

    • Don’t write down subjective comments unless you are prepared to have them read.
    • Don’t reveal personal details about individuals’ private lives unless absolutely necessary to support findings and recommendations.
    • Don’t make audio or videotapes of interviews or hearings unless necessary.
  • When designing a new electronic record-keeping system:

    Do

    • Remember to plan and implement reasonable security measures to protect personal information. A privacy Impact Assessment is recommended.
    • Establish authorized logon ID’s for access to a local network.
    • Password protect access to your desktop computer, local network, each database and automated system.

    Don’t

    • Don’t assume that the software you are using has built in security features.
    • Don’t leave your system vulnerable to attack.