RIM & FOIP Employee tool kit

Basic FOIP principles

The Alberta Freedom of Information and Protection of Privacy (FOIP) Act provides provisions on how a public body must collect, use, and disclose personal information. The main principles are to protect the privacy of individuals and to allow the right for any individual to seek access to records held in the custody and/or control of the public body.

Protecting personal information

  • When collecting personal information Mount Royal University must inform the individual of the purpose and the specific legal authority for the collection. In addition, the contact information of the official within Mount Royal University must be given to the individual whose information is being collected. These obligations are typically met by a collection form.
  • Mount Royal University must obtain written consent from the individual the information is about in order to disclose personal information to a Third Party.
  • Mount Royal University must make every reasonable effort to ensure the personal information it uses is accurate and complete.
  • Mount Royal University must allow individuals the right-of-access to his or her personal information and must respond to a request to correct that personal information.
  • Mount Royal University must ensure that security arrangements are maintained for personal information in its possession. Security of personal information is divided into 3 categories:

    • Physical Security - Examples include locked cabinets, rooms, and ensuring that records containing personal information are physically secure
    • Technical Security - Examples include locking your computer when left unattended (Press - Control, Alt, Delete to lock), encrypting your data, or using password protection
    • Administrative Security - Examples include ensuring your team is trained in regards to FOIP Awareness on a regular basis and limiting access to records with personal information amongst your team.
    • Laptop and Portable Device Security - Examples include:
      • limiting the amount of personal information is being stored on a portable device
      • not leaving portable digital devices unattended in vehicles
      • enabling passwords or encryption to limit access to the portable device
      • severing or removing personal information from the portable device
      • consider not transporting the personal information on a portable digital device and eliminate the risk entirely

Freedom of Information

  • Subject to certain exceptions and payment of fees, Mount Royal University is obliged to provide right-of-access to any record in its custody or control including a record containing personal information about the applicant.
  • Mount Royal University must make every reasonable effort to assist individuals applying for access to information and to respond to each applicant openly, accurately, and completely.
  • Mount Royal University must make every reasonable effort to respond to a request for access to information no later than 30 days after receiving the request.

Back to top