Seneca Privacy Office

Personal information includes details about an identifiable individual such as:

• Race, national or ethnic origin, religion, age, sex, sexual orientation and marital or family status
• Employment and educational history
• Medical, psychiatric and psychological history, prognosis, condition, treatment and evaluation
• Any identifying number (Social Insurance Number, student number), symbol or other assigned particular
• Home address and telephone number
• Personal opinions of or about the individual
• Name where it appears with or reveals one’s personal information
• Correspondence sent to Seneca by an individual that is implicitly or explicitly of a private or confidential nature and any reply to that correspondence that would reveal its contents.

Note: Information about individuals acting in their business or professional capacity is not personal information. This includes their name, title, work address (including office location), work telephone number and Seneca email address.

• Collect only the personal information you need to perform your duties
• Inform people about the collection and what you intend to do with their personal information
• Use personal information only for the purpose(s) for which it was collected, or for a consistent purpose
• Disclose personal information only to the individual to whom it relates (except in limited circumstances as specified in privacy laws and regulations).

Note: Seneca must provide notice of collection to the individual and in some cases obtain consent. If you have any concerns regarding the collection, use and/or disclosure of personal information, please contact the Seneca Privacy Office.

A record is considered any information in Seneca’s custody or control relating to students and employees or to Seneca’s business operations and the administration of academic programs and services. Records can be in printed form, on film, by electronic means or otherwise and include:

• Correspondence, memoranda, books, plans, maps, drawings, diagrams, pictorial or graphic works, photographs, film, microfilm, sound recordings, videotapes, machine-readable records and other documentary material regardless of physical form or characteristics and any copy thereof
• Any information that is capable of being produced from a machine-readable record under Seneca’s control by means of computer hardware and software or any other information storage equipment and technical expertise normally used by Seneca, or to which Seneca can reasonably gain access
• Emails, including additional/forwarded copies.

A privacy breach involves the improper or unauthorized collection, use, disclosure, retention or disposal of personal information, in contravention of applicable privacy laws and regulations. The breach may affect an individual or a group.

A suspected or confirmed breach of personal information must be reported immediately to your supervisor, who should then contact the Seneca Privacy Office. If you believe your Seneca computer and/or email/MySeneca account have been compromised, immediately call the Service Desk and change your password.

Preliminary questions to consider when addressing a privacy breach, include:

• What was the date of the incident?
• Where did the incident occur?
• What information/records need to be analyzed?
• When was the incident discovered?
• What was the sequence of events?
• Has the incident been contained (or is it continuing to occur)?

The Freedom of Information and Protection of Privacy Act (FIPPA) is provincial legislation that governs how Seneca and other public institutions and agencies handle personal information.

FIPPA has two purposes:

1. Access: To provide the public with a right of access to information in the custody or under the control of institutions and agencies. FIPPA covers all ministries of the Ontario Government and any agency, board, commission, corporation or other body designated as an institution in the regulations.
2. Privacy: To protect the privacy of individuals’ personal information held by institutions and to provide a right of access for individuals to their own personal information.

FIPPA authorizes Seneca to use personal information as required for the purpose of its core business activities and work placements. All employees are obligated to adhere to FIPPA and Seneca’s Freedom of Information and Protection of Privacy Policy.

The Personal Health Information Protection Act (PHIPA) is provincial legislation that applies to personal health information held by Seneca, which may include health history, Ontario health card number and records of care. All employees are obligated to adhere to PHIPA and Seneca’s Personal Health Information Protection Act Statement.

Seneca collects personal health information when providing counselling, consultation and health services and in compliance with external regulators. Health Care professionals at Seneca are regulated by the College of Physicians and Surgeons Ontario, College of Psychologists of Ontario, College of Social Workers and Social Service Workers, College of Occupational Therapists Association, College of Nurses of Ontario and other licensing bodies, which may inspect records and interview professional staff as part of their regulatory activities in the public interest.

Seneca is committed to protecting student and employee privacy and ensuring the confidentiality of personal health information. Individuals have the right to request access to their health records or to request a correction to the record.

On May 25, 2018, the General Data Protection Regulation (GDPR) came into effect. It is European Union (EU) regulation on data protection and privacy for all individuals within the EU. It affects all EU-based organizations and those that provide goods and services to, or monitor the behaviour of, individuals in the EU.

Seneca must comply with GDPR when it processes the personal data of individuals who reside in the EU, including Seneca students and employees.