Records Management and Privacy Office

Records Management and Privacy Office
Records Management and Privacy Office

Legislation

Queen’s University is subject to provincial access and privacy legislation with regard to the information it holds about the University and the individuals who participate in the Queen’s community.  Specifically, the Freedom of Information and Protection of Privacy Act (FIPPA) and the Personal Health Information Protection Act (PHIPA) apply to various aspects of the University’s operations.  To the extent that the University has operations in the European Union, it is subject to the EU General Data Protection Regulation (GDPR).

Freedom of Information and Protection of Privacy Act (FIPPA)

The following is intended as a brief overview of the Freedom of Information and Protection of Privacy Act (FIPPA) (R.S.O. 1990, c.F.31). It does not purport to be a substitute for cogent legal advice or a description of all the requirements of relevant privacy legislation. Members of the University community are encouraged to contact their FIPPA Contact or the Chief Privacy Officer.

The Act contains two principles: The first is transparency. Transparency is achieved by the Act by providing individuals a right of access to institution records, a right to access their own personal information, and the right to request correction to personal information in the custody of the institution that they believe is incorrect. The second is information privacy. Information privacy is achieved by the Act by imposing rules on the manner in which institutions collect, use, disclose, retain and dispose of personal information.

The Act does not apply to private donations in the University's archives, to labour relations and employment-related records, to research and teaching materials, or to records outside of the University's custody or control. The right of access provided by the Act may not apply to records regarding a closed meeting, solicitor-client privileged records, records harmful to the University's economic interests, records that contain advice or recommendations, records that may pose a danger to health and safety, records that are publicly available, records that may endanger national security, records relating to a law enforcement matter, and records relating to relationships with other governments.

As the Act may be amended from time to time, you should check the Government of Ontario's E-Laws website for the most up-to-date version This overview is current as of July 2018.

Personal Health Information Protection Act (PHIPA)

The following statement is intended to be a brief overview of the Personal Health Information Protection Act (PHIPA) (S.O. 2004, c.3). It should not be held as a substitute for legal advice or a description of all the requirements for compliance with PHIPA. Members of the University community with specific questions about the Act are encouraged to contact the responsible Health Information Custodian or the Chief Privacy Officer.

Queen's has six Health Information Custodians:

  • Student Wellness Services (Counselling Services, Health Services
  • Department of Family Medicine
  • The Physical Therapy Clinic at Queen's
  • Athletic Therapy Services
  • Psychology Clinic at Queen's
  • Regional Assessment and Resource Centre

Under PHIPA, personal health information includes information relating to: the physical or mental health of the individual; the provision of health care to the individual; payments or eligibility for health care; the donation of body parts or substances by the individual; the individual's health number; or plans of service.

PHIPA is intended to provide rules regarding the collection, use and disclosure of personal health information to help protect the confidentiality of the information and privacy of the individual while also allowing for the effective provision of health care. In addition, it provides individuals with mechanisms to access and correct their own health information.

As the Act may be amended from time to time, you should check the Government of Ontario's E-Laws website for the most up-to-date version. This overview is current as of July 2018.

General Data Protection Regulation (GDPR)

The following statement is intended to be a brief overview of the General Data Protection Regulation EU 2016/679 (GDPR). It should not be held as a substitute for legal advice or a description of all the requirements for compliance with the GDPR. Members of the University community with specific questions about the Regulation are encouraged to contact their FIPPA Contact or the Chief Privacy Officer.

The focus of the GDPR is the collection and use of personal information of persons residing within the European Union (EU) and it represents an overall expansion of these individual's privacy rights. The GDPR applies only to the processing of personal information when: (1) the establishment performing the processing is within the EU; (2) an establishment not within the EU is offering goods or services to data subjects in the EU; or (3) an establishment not within the EU is monitoring the behaviour of persons within the EU.

For questions about the collection and processing of personal information under the GDPR, contact your FIPPA Contact or the Chief Privacy Officer. This overview is current as of July 2018.