Records Management and Privacy Office

Records Management and Privacy Office

site header

Frequently Asked Questions

These FAQs address the most common questions on access, privacy and records management answered by the Office. They are not intended to reflect all the detailed requirements of applicable privacy legislation. If your question is not answered here please contact us.


What are the purposes of the Freedom of Information and Protection of Privacy Act?
To make public bodies more accountable and to protect personal privacy.
How are the purposes of the act achieved?
  • By giving the public a right of access to University records
  • By giving individuals a right of access to personal information about them
  • By giving individuals a right to request the correction of personal information about them
  • By ensuring appropriate collection, use and disclosure of personal information
  • By providing an independent review of decisions made under the Act

Access to Information

What can people access under the Act?
  • Any "record" in the custody or under the control of the University
  • This does NOT include records excluded from the scope of the Act:
    • Proposed or conducted research
    • Teaching materials
    • Employment or labour relation matters
    • Private donations to the University Archives
What is a record?
  • Any piece of recorded information however it is recorded (printed, electronic, on film, etc.)
  • Your personal emails or voicemails are not University records; however, emails or voicemails (if saved) relating to university matters are University records and subject to the Act
Are there any restrictions on what people can access?
  • There are certain mandatory and discretionary exemptions that govern the University’s response to an access request. They include, but are not limited to:
    • Solicitor-client records
    • Records harmful to the University’s economic interests
    • Records containing third party information
    • Records containing a third party’s personal information
    • Records that pose a danger to health and safety
    • Records that relate to law enforcement
    • Records that are already publicly available or will be available in 90 days
What do I do if I receive a request for access to records?
  • Generally, you should continue to share information that you have normally shared
  • If you receive a request for information that you would not normally share or that you think might be covered under the exemptions,  then you should refer the requester to the FIPPA Contact for your faculty, school, or department, or contact the Privacy Officer by email at
How are these referred or formal requests handled?
These requests are handled by the Office of the Privacy Officer. The requester has to pay a $5.00 application fee and may be required to pay for search time to locate the record, for time taken to prepare the record for disclosure, and for other costs such as photocopying.
Can someone ask for my research material under the Act?
No, records relating to proposed or conducted research are not covered by the Act. However, the Act does require disclosure of the subject matter and amount of funding received with respect to the research.
Can someone ask for my professional records created as part of my consulting work?
No. These records are not University records and are not covered by the Act.


What personal privacy rights are in the Act?
  • The University must provide the purpose and legal authority for collecting personal information
  • The University must collect personal information directly from the person whom it concerns
  • The University must make an effort to ensure that the personal information it uses is accurate and complete
  • The University must ensure the security of collection, access, use, disclosure, and disposal of personal information
  • The University may only use personal information only for the purpose for which it was collected or for a consistent purpose
  • The University may disclose personal information for the purpose for which it was collected or a consistent purpose or in other specific circumstances, including:
    • upon receipt of written consent
    • to comply with other legislation that allows disclosure
    • to comply with a judicial order
    • to allow a University employee to perform his/her duties
    • to a law enforcement agency under certain conditions
    • if there are compelling circumstances affecting anyone's health and safety or in compassionate circumstances
What is personal information?
  • Personal information is recorded information about an identifiable individual including but not limited to:
    • Race, national or ethnic origin, colour
    • Religion, age, gender, or sexual orientation
    • Marital or family status
    • Information about educational, criminal, psychiatric, or employment history
    • Any identifying number or symbol
    • The individual’s address, telephone number, fingerprints or blood type
I usually ask students to provide me with some personal information; can I still collect this information?
  • Yes. You can collect personal information from students as long as you provide “notice” of the collection. The notice must contain:
    • The legal authority for the collection of personal information
    • The purpose for the collection
    • The title, address and phone number of a contact person
  • A typical notice statement might look like this: The personal information on this form is collected under the authority of the Queen’s University Royal Charter of 1841, as amended. This information will be used to contact you regarding class related assignments. If you have any questions please contact [your name] at [telephone number] or [email].
  • You may give notice orally in class if you so choose. Don't collect more personal information than you need for the purpose at hand.
Can I have access to a student’s academic transcript?
  • Only if it is necessary to fulfill a specific job duty. For example, faculty who serve on appeals panels or who are charged with academic advising may ask administrators to provide them with a copy of transcripts for that purpose.
  • Due to the limitations of the student data information system you cannot access transcripts from your own computer.
If marks are assigned for attendance or participation can I still take attendance
You can still take attendance. You can take attendance verbally, or if the class is too large you can pass around a blank sheet and ask students to print their name on the sheet. Avoid passing around a list of student names and student numbers provided by the faculty administration.
Can I leave student assignments or exams outside my office for student to pick up?
Student grades are personal information and the University needs to take reasonable precautions to prevent unauthorized access. Consider using Moodle, returning assignments in class or during office hours, or having administrative staff supervise the return of assignments. Whatever solution you choose, avoid writing the student's grade on the outside of the assignment or exam where it can be easily seen by others.
Can I post student grades?
Posting of student grades is strongly discouraged. If you must post grades, the student's name and the first four digits of the student number should be stripped from the list of marks. The marks should then be sorted and presented in numeric sequence using the last four digits of the student number. If despite this attempt to conceal identity, it is still possible to identify a student (e.g. where there are extreme outliers in the data or the class is very small) grades should not be posted.
Can I act as a referee for students?
Yes. You should ask the student to provide you with written consent and you should keep it on file. Please use the Academic Reference Request Form.
Can I share information about my students with other faculty?
You should refrain from sharing personal information about your students with other faculty without the student’s consent.
What should be my practice when I use email to correspond with other faculty or administrators?
Email is not a secure medium and is not appropriate for transmitting sensitive personal information. If you must use email to transmit personal information, attach a password-proteced document.  See the video on encrypting email attachments.

Records Management

Is there a retention schedule for my records?
Records retention schedules can be found on the Queen's University Archives website: Records Retention Schedules