Privacy management program

BC’s Freedom of Information and Protection of Privacy Act (FIPPA) requires UVic to develop a privacy management program in accordance with the directions of the minister responsible for FIPPA. Below are the main components of UVic’s privacy management program:

  1. Privacy contact

UVic’s Chief Privacy Officer and Legal Counsel has delegated authority to carry out various functions of the head under FIPPA.

Accordingly, the Chief Privacy Officer and Legal Counsel is responsible for:

  • Privacy-related matters such as privacy questions or concerns;
  • The development, implementation, and maintenance of privacy policies and procedures; and
  • Supporting UVic’s compliance with FIPPA.

The Chief Privacy Officer and Legal Counsel also manages UVic’s Privacy and Access to Information Office and provides legal advice to the university on privacy and access matters.

To contact the Chief Privacy Officer and Legal Counsel, email privacyinfo@uvic.ca.

  1. Privacy Impact Assessments (PIAs) and information-sharing agreements

PIAs

Pursuant to FIPPA and UVic’s Protection of Privacy Policy (GV0235), Administrative Authorities (i.e., individuals who have administrative responsibility for UVic units) are responsible for conducting a PIA for review by the Privacy and Access to information Office for any new or significantly changed initiative involving personal information. The PIA template is available here.

If you are unsure whether a PIA is required for your initiative, email privacyinfo@uvic.ca for more information.

Information-sharing agreements

The General Counsel and Chief Privacy Officer and Legal Counsel are primarily responsible for advising on information-sharing agreements, such as agreements with UVic’s service providers/vendors.

For general legal advice on information-sharing agreements, contact the General Counsel at gcadmin@uvic.ca. For legal advice on privacy or access to information considerations in an information-sharing agreement, contact privacyinfo@uvic.ca. For support with information-sharing agreements for research information, please contact Research Partnerships at rpkmadmin@uvic.ca.

  1. Privacy breach and complaint process

UVic’s process for responding to privacy breaches and complaints is set out in the Protection of  Privacy Policy (GV0235). Reports of a privacy breach and/or complaint may be submitted to privacyinfo@uvic.ca.

For questions about information security or to report an information security incident, contact University Systems at helpdesk@uvic.ca.

  1. Privacy training

UVic has developed mandatory New Employee Privacy Training and yearly Privacy, Information Security and Records Management Training. The Chief Privacy Officer and Legal Counsel and other members of the Privacy and Access to Information Office also provide tailored privacy training to specific units or groups. For training questions or requests, please contact privacyinfo@uvic.ca.

  1. Privacy policy and processes

UVic’s Protection of  Privacy Policy (GV0235) and associated procedures are publicly available. For related questions, contact privacyinfo@uvic.ca.