All academic staff have a right to privacy.
Universities and colleges, as employers, collect several kinds of personal data and information about their employees. It is essential that all personal data and information gathered by the post-secondary institution as an employer be securely stored and safeguarded to protect the employee’s privacy.
Technology that facilitates the collection, storage, retrieval and linkage of personal data and information poses a threat to the protection of privacy. Data stored in the university or college's information system must be protected against loss or unauthorized access, destruction, use, modification or disclosure.
The post-secondary institution has the responsibility to train staff in the appropriate storage and handling of private information.
Social insurance numbers and other government issued numbers should be used only for their intended purposes and should not be used to identify or to link data files.
All personal data and information collected by universities and colleges should be safeguarded by appropriate language in collective agreements, including the detailed institutional protocol for the storage and protection of personal information. Universities and colleges should release personal data and information only as required by applicable legislation or collective agreement article, or with the prior written consent of the academic staff member. When personal data are required to be released by law, the university or college should so inform academic staff and provide them with a reasonable opportunity to verify the accuracy of the information that will be released or to challenge the release of the information.
All personal data and information should be kept in only one official file whose location is known to the staff member. The post-secondary institution shall, on request from academic staff members, disclose to them the contents and use of their personal data files.
All academic staff have access to their own files. Academic staff have the right to verify the accuracy of all personal data and information held in their university or college file and to have inaccurate or inappropriate information amended or removed from their file.
Access to employee files should occur only when absolutely necessary and then be limited only to those parts of the file that are relevant to the issue at hand.
Only authorized personnel should have access to an academic staff member’s personal data and information. The list of authorized personnel who have access to a staff member’s file shall be made known to the affected member.
The university or college must take particular care to safeguard any staff member’s medical data or information that is necessary for the administration of sick leave or long term disability benefits.
Personal data and information when it is no longer needed should be destroyed in a manner that protects the employee’s privacy.
Approved by the CAUT Council, November 2011.