Records Management and Privacy Office

Records Management and Privacy Office

site header

Protocol for Requesting Access to Personal Information in a Queen’s University Record for a Research Purpose

Authority

Queen’s University will comply with section 21(1)(e) of the Freedom of Information and Protection of Privacy Act (“FIPPA”) which authorizes the disclosure of personal information for a research purpose if:

(i) the disclosure is consistent with the conditions or reasonable expectations of disclosure under which the personal information was provided, collected or obtained,

(ii) the research purpose for which the disclosure is to be made cannot be reasonably accomplished unless the information is provided in individually identifiable form, and

(iii) the person who is to receive the record has agreed to comply with the conditions relating to security and confidentiality prescribed by the regulations. [See Regulation 460, section 10(1).]

Requests for access to personal information in University records will be handled as formal FIPPA requests through the Records Management and Privacy Office.  [Note: Requests for access to University records that have been placed in the Queen’s University Archives will be coordinated by the University Archivist.]

Procedures

  1. Researchers wishing to use operational University records containing personal information for a research purpose will first consult with the University office responsible for the records to determine whether the records can be anonymized. If so, the researcher can liaise with the responsible office and is not required to submit a formal FIPPA request. [Note: University offices may wish to consult with the Records Management and Privacy Office if there is any concern about the anonymization.]
  2. If anonymization is not possible, researchers will consult with the Records Management and Privacy Office in order to discuss the project and submit a formal FIPPA request for access to the records.
  3. As part of the request, the researcher will be asked to complete the Research Agreement template which will include a description of the research project, a rationale for using records in personally identifiable form, a detailed list of records to be consulted, and assurances that the records will be treated securely and confidentially. The Director, University Records Management and Chief Privacy Officer will deliberate on the merits of the application, consulting other offices within the University as appropriate. The final decision on access to records will be made by the designated decision-maker as outlined in the FIPPA Delegation of Authority.
  4. Researchers who are granted access to personal information for a research purpose will be able to access the requested records for a period of two years.