140  Data Security Policies UNIVERSITY OF WATERLOO Guidelines for Managing Student Information for Faculties, Academic Departments and Schools https://uwaterloo.ca/secretariat/guidelines/guidelines-managing-student-information-faculties- academic Guidelines for Managing Student Information for Faculties, Academic Departments and Schools February 1, 2012 Endorsed by Graduate Operations Committee, Undergraduate Operations Committee and Deans’ Council Scope and Purpose Student information maintained in faculties, academic departments, and schools may include information on which the admission decision was based information regarding performance in classes and the completion of program milestones information related to academic advising and information related to accommodation for special circumstances, petitions, discipline, grievances, and appeals. The information which the university collects, creates, and maintains about students is personal information under Ontario’s Freedom of Information and Protection of Privacy Act (FIPPA). These guidelines are a resource for faculty and staff members who manage student information. They are intended to promote awareness of the university’s obligations under FIPPA, to highlight university policies and procedures relevant to student information, and to provide recommendations and best practices for managing student information. Statutory and Policy Requirements Faculty and staff who create or maintain student information should be familiar with the following legislation, university policies, and breach response procedure: FIPPA Policy 46: Information Management Information Security Breach Response Procedure Responsibilities The Registrar’s Office and the Graduate Studies Office are responsible for managing the university’s general, contractual relationship with undergraduate and graduate students respectively. These offices are responsible for the official student academic record maintained in the student information system (Quest). Faculties, academic departments and schools, and associated academic support units such as Cooperative Education and the Centre for Extended Learning are responsible for managing the university’s relationship with the student as a learner. They create the supporting information that documents the student’s academic career including achievement in individual courses, fulfilment of program milestones and other requirements, and program completion. This information is often forwarded to the Registrar’s Office or the Graduate Studies Office to authorise updates to the core student record in Quest. Faculty associate deans, directors of schools, and chairs of academic departments are responsible for ensuring that student information created and/or maintained in their departments is kept securely and retained and disposed of according to the university’s approved policies and procedures. This responsibility extends to information such as class grades, assignments, and examination papers that are often managed on a day to day basis by individual faculty members and other course instructors. All faculty and staff are responsible for ensuring that they are managing student personal information in accordance with FIPPA and the university policies listed above. New faculty and staff members, including part-time instructors and teaching assistants, should be made aware of their responsibilities regarding privacy and retention of student information. Privacy The only information about a student that is considered publicly available by the university (see Policy 46) is name, degrees received and date of graduation, faculty or college of enrolment, programs of study, merit-based awards and scholarships, and directory information used to facilitate communication among students. Individual students may SECRETARIAT
Previous Page Next Page