Policies & Guidelines

Privacy breaches and complaints

A privacy breach occurs when there is an unauthorized collection, use, disclosure, or destruction of personal information.

These activities are considered "unauthorized" if they occur outside of the legal authorities provided under Part 1 of the Alberta Protection of Privacy Act  (the "POPA") [Sections 4-24].

Mount Royal University may only collect, use, or disclose of personal information if there is a legal authority provided under the POPA that allows the University to do so.

Notably, one of the most common privacy breaches is an unauthorized disclosure of personal information.

Section 13 provides the legal authorities that outline when Mount Royal University may disclose personal information. This section also requires that the disclosure of personal information must only be to the extent necessary to carry out the University's purpose in a reasonable manner.

Examples of when Mount Royal University may disclose necessary personal information under the POPA include:

(1) 13(1)(b) If the disclosure is for a purpose for which the information was collected or compiled or for a use consistent with that purpose.

(2) 13(1)(c) If the individual the information is about has identified the information and consented, in the prescribed manner, to the disclosure.

(3) 13(1)(g) To an officer or employee of the University if the information is necessary for the performance of the duties of the officer or employee.

(4) 13(1)(k) For the purpose of determining or verifying an individual's suitability or eligibility for a program or benefit.

(5) 13(1)(w) For the purpose of managing or administering personnel of the University.

Consent

In Order F2012-23 [para 28], the Office of the Information and Privacy Commissioner of Alberta adjudicator ruled that public bodies are authorized to disclose personal information, in the absence of the individual's consent, on the basis of any of the other purposes or circumstances set out in section 13(1).

Reporting a privacy breach - complaints

Responding to a privacy breach - Department Response

Back to top