Seneca is committed to conducting all of its operations in a transparent manner and collecting, stewarding and distributing stakeholders’ information in accordance with Canadian and international laws.
The Seneca Privacy Office is responsible for overseeing the protection of sensitive information at Seneca and ensuring compliance under the Freedom of Information and Protection of Privacy Act (FIPPA), the Personal Health Information Protection Act (PHIPA), the General Data Protection Regulation (GDPR) and all other applicable privacy legislation.
The Seneca Privacy Office also advises on how sensitive information is collected and controlled by Seneca, based on privacy legislation, regulations and precedent decisions of the Information and Privacy Commissioner of Ontario.
Duties of the Seneca Privacy Office include:
- Developing guidelines, policies and procedures related to FIPPA, PHIPA and GDPR
- Providing advice and assistance to Seneca students and employees with questions about privacy protection through individual consultations and group learning sessions
- Approving and retaining all Authorization for Disposal of Personal Information forms
- Responding to Freedom of Information (FOI) access requests and concerns about privacy breaches from students, employees and external stakeholders
- Reporting of annual statistics related to The Seneca Privacy Office to the Information and Privacy Commissioner of Ontario.
Frequently Asked Questions on Privacy Protection:
Personal information includes details about an identifiable individual such as:
- Race, national or ethnic origin, religion, age, sex, sexual orientation and marital or family status
- Employment and educational history
- Medical, psychiatric and psychological history, prognosis, condition, treatment and evaluation
- Any identifying number (Social Insurance Number, student number), symbol or other assigned particular
- Home address and telephone number
- Personal opinions of or about the individual
- Name where it appears with or reveals one’s personal information
- Correspondence sent to Seneca by an individual that is implicitly or explicitly of a private or confidential nature and any reply to that correspondence that would reveal its contents.
Note: Information about individuals acting in their business or professional capacity is not personal information. This includes their name, title, work address (including office location), work telephone number and Seneca email address.
- Collect only the personal information you need to perform your duties
- Inform people about the collection and what you intend to do with their personal information
- Use personal information only for the purpose(s) for which it was collected, or for a consistent purpose
- Disclose personal information only to the individual to whom it relates (except in limited circumstances as specified in privacy laws and regulations).
Note: Seneca must provide notice of collection to the individual and in some cases obtain consent. If you have any concerns regarding the collection, use and/or disclosure of personal information, please contact the Seneca Privacy Office.
A record is considered any information in Seneca’s custody or control relating to students and employees or to Seneca’s business operations and the administration of academic programs and services. Records can be in printed form, on film, by electronic means or otherwise and include:
- Correspondence, memoranda, books, plans, maps, drawings, diagrams, pictorial or graphic works, photographs, film, microfilm, sound recordings, videotapes, machine-readable records and other documentary material regardless of physical form or characteristics and any copy thereof
- Any information that is capable of being produced from a machine-readable record under Seneca’s control by means of computer hardware and software or any other information storage equipment and technical expertise normally used by Seneca, or to which Seneca can reasonably gain access
- Emails, including additional/forwarded copies.
A privacy breach involves the improper or unauthorized collection, use, disclosure, retention or disposal of personal information, in contravention of applicable privacy laws and regulations. The breach may affect an individual or a group.
A suspected or confirmed breach of personal information must be reported immediately to your supervisor, who should then contact the Seneca Privacy Office. If you believe your Seneca computer and/or email/MySeneca account have been compromised, immediately call the Service Desk and change your password.
Preliminary questions to consider when addressing a privacy breach, include:
- What was the date of the incident?
- Where did the incident occur?
- What information/records need to be analyzed?
- When was the incident discovered?
- What was the sequence of events?
- Has the incident been contained (or is it continuing to occur)?
The Freedom of Information and Protection of Privacy Act (FIPPA) is provincial legislation that governs how Seneca and other public institutions and agencies handle personal information.
FIPPA has two purposes:
- Access: To provide the public with a right of access to information in the custody or under the control of institutions and agencies. FIPPA covers all ministries of the Ontario Government and any agency, board, commission, corporation or other body designated as an institution in the regulations.
- Privacy: To protect the privacy of individuals’ personal information held by institutions and to provide a right of access for individuals to their own personal information.
The Personal Health Information Protection Act (PHIPA) is provincial legislation that applies to personal health information held by Seneca, which may include health history, Ontario health card number and records of care. All employees are obligated to adhere to PHIPA and Seneca’s Personal Health Information Protection Act Statement.
Seneca collects personal health information when providing counselling, consultation and health services and in compliance with external regulators. Health Care professionals at Seneca are regulated by the College of Physicians and Surgeons Ontario, College of Psychologists of Ontario, College of Social Workers and Social Service Workers, College of Occupational Therapists Association, College of Nurses of Ontario and other licensing bodies, which may inspect records and interview professional staff as part of their regulatory activities in the public interest.
Seneca is committed to protecting student and employee privacy and ensuring the confidentiality of personal health information. Individuals have the right to request access to their health records or to request a correction to the record.
On May 25, 2018, the General Data Protection Regulation (GDPR) came into effect. It is European Union (EU) regulation on data protection and privacy for all individuals within the EU. It affects all EU-based organizations and those that provide goods and services to, or monitor the behaviour of, individuals in the EU.
Seneca must comply with GDPR when it processes the personal data of individuals within the EU as well as Seneca students and employees with EU citizenship.
If you have any questions or concerns related to privacy, please contact the Seneca Privacy Office:
The Seneca Privacy Office
8 The Seneca Way
Markham, ON L3R 5Y1
416.491.5050 ext. 77846