Work With PIPA

Personal Information Protection Act (PIPA ) is consent based and allows organizations to collect personal information for reasonable purposes. Under PIPA, organizations must take reasonable measures to protect the personal information they hold. As a Private Career College, it is  bound by follow Personal Information Protection Act (PIPA) in order to protect the privacy of the students. The college is legally bound not disclose a student’s personal information without a prior written consent of the student and /or any of its employees. The College respects the right to privacy of its students and employees . It is committed to safeguarding the personal information of each student, graduate and employees.

Privacy

Privacy under  PIPA Act has the greatest impact on day to day work of Glenbow College. Except for very limited circumstances, the college may not release any information about an identifiable individual without his or her permission. For example: A student’s grade on an exam or essay is considered personal information that we may not disclose. Practices like posting marks on the wall or leaving piles of exam papers available for students to pick up, are not appropriate within PIPA.

Access

The Personal Information Protection Act (PIPA) is Alberta’s private sector privacy law that requires Glenbow College to provide open access to information about:

  • The institution (college)
  • Glenbow College policies and procedures and other details as may be required
  • Glenbow College students have the right to physically review their own education records in the presence of a designated college representative. Where necessary and reasonable, an explanation and interpretation of the record will be provided by qualified college personnel. Student access may include electronic means.
  • Access and Review: The Student is required to submit all requests for access to his/her records in writing to the appropriate office and will be required to present appropriate identification.
  • The appropriate office shall comply with the request within a reasonable amount of time, not to exceed 15 days after receipt of the request.
  • Original records may not be removed from any office where they are maintained.
  • Copies: Where circumstances effectively prevent the Student from exercising his/her right to inspect and review the record, Glenbow College will provide a copy of the records requested. Students may be required to pay a fee for copies of their records, including, but not limited to transcripts, certification of enrollment, certification of graduation, and enrollment letters. A Student may be denied a copy of his/her Student record (e.g., transcript, diploma, or certificate) in cases where an administrative hold has been placed on that Student’s record. The Student may view such records, though will not be permitted to obtain a copy of said record until the hold has been properly removed.

Definitions:

  • Academic Record: consists of academic activity (program/course registration, achievement, transfer credits and academic standing) at the College.
  • Personal Record: consists of biographical data and may include previous educational achievements such as secondary school records. Please ensure that the address in the system is the correct one for mailing purposes. Contact the Registrar’s Office to change your address or update other personal data on your Student Record.
  • Financial Record: consists of financial transactions with the Glenbow College relating specifically to tuition and other fees.
  • Accuracy of the Student Record: The student is personally responsible for the completeness and accuracy of their student record, which is maintained by the Registrar’s Office. This includes mailing address, personal data and achievement.

Collecting personal information

PIPA requires that we collect information directly from an individual for reasons consistent with the purpose of the organization and necessary to operate the program. Taking the additional step of informing people of the personal information you will be collecting and how that information will be used is also necessary.

Disclosing personal information

The law also restricts disclosure of information about individuals without their permission.

PIPA Principles

There are five fundamental principles that will help you work and learn within the law:

  1. You have the right to access college information, subject only to limited and specific exceptions.
  2. We may collect your personal information only for specific reasons, must control the use of that information, and carefully control disclosure of that information.
  3. You have the right to access the records we have about you, subject to limited and specific exceptions.
  4. You have the right to request corrections to the records we hold about you.
  5. If necessary, you may contact the Privacy Commissioner with any concerns.

PIPA for Students

As a student of Glenbow College PIPA will have little impact on your career. The College forms and policies generally carry a statement about PIPA. That is because Glenbow College is required to tell you why we are collecting information from you, and what we intend to do with the information.

Privacy, Security and Student Records

Policy of how student records are kept at Glenbow college is defined by one standard and two main policies of Glenbow College:

Standard 1: Information Security Classification Standard 

Purpose of the Standard:  to establish a framework for:

                a) classifying Information and information Assets based on Confidentiality; and

                b) determining baseline security controls for the protection of Information Assets based on their Confidentiality.

This standard applies to Information Assets regardless of their location.

In this standard:

a) “Confidentiality” defines an attribute of information. Confidential information is sensitive or secret information, or information whose unauthorized disclosure could be harmful or prejudicial.

b) “Data Custodian” means an employee who implements controls to ensure the security of Information and Information Assets within the College. The Data Custodian is accountable to the Data Trustee.

c) “Data Trustee” means a member of the Board of Directors. Data Trustees are there  to define and approve data-related policies and standards.

d) “Information Assets” means Business Information Assets, computers, IT systems, Hard and soft copy of all forms, policies, procedures and  standards (filled/unfilled)

Data Custodians will classify Information Assets with respect to their Confidentiality using one of the following four categories:

ClassificationDefinitionExamples
Level 1: Public– Information deemed to be public by legislation and/or under College policy; – Information in the public domain.name of employees  business contact information, college programs, degree awarded, convocation date, annual reports, public announcements, telephone directory etc.  
Level 2: Internal Use – Information not approved for general circulation outside the college -Information the disclosure or loss of which would inconvenience the College  internal memos sent to all members of the college, minutes of college meetings that are circulated to all employees and students, anonymized or de-identified human subject data etc.  
Level 3: Confidential Information that is available only to authorized persons   Information; the disclosure or loss of which could seriously impede the College’s operations; Adversely affect the College’s operation; or cause reputational damage; and obligate the College’s to report to the government or other regulating body and/or provide notice to affected individuals– staff employment applications, personnel files, date of birth, health information and personal contact information – admission applications, student enrollment status, grades etc – information commonly used to establish identity such as a driver’s license or passport – intellectual property and authentication verifiers including passwords
Level 4: Restricted  – Information that is confidential; and subject to specific privacy and security safeguards under law, policy or contractual agreement. -Information the loss or disclosure of which could cause severe harm to individuals or Glenbow College; – Information the loss or disclosure of which may obligate Glenbow College to report to the government or other regulating body and/or provide notice to affected individuals  -payment card information including: PAN, cardholder name,CVV2/CVC2/CID; -health information when it can be linked to an identifiable – identifiable human subject research data; -information that is subject to special government requirements in the interests of national security.  

Policy 1: Information & Information Asset Access, Transmission and Storage Policy

Purpose of the Policy:  to establish a framework for access, transmission and storage of information both external and internal stakeholders including but not limited to students, employees and contractors.

In this Policy: Access, Transmission and Storage Policy is based on the Information Security Classification Standard mentioned above

Policy 2: Information and Records Management Policy

This policy sets forth the guidelines for record access, retention and destruction.

Purpose: To provide guidance for the systematic review, retention, and destruction of records received or created by Glenbow College in connection with the transaction of organization business. This policy covers all records and documents, regardless of physical form. This policy contains guidelines for how records can be accessed, how long certain documents should be kept, and how records should be destroyed. The policy is designed to ensure compliance with federal and provincial laws and regulations, to mitigate accidental or innocent destruction of records and to facilitate Glenbow College’s operations promoting efficiency and freeing up valuable storage space.