Privacy Policy

Personal Information Protection Policy (May 2005)

Part I

  1. Statement of Purpose

    As bargaining agent for academic staff members at The University of British Columbia (“the University”), the Faculty Association of the University of British Columbia (“the Association”) represents its members collectively and individually in a wide range of employment matters, some of which require the collection and use of personal information.

    As an employer, the Association also collects and uses personal information about its employees necessary for carrying out its business.

    The Association respects and upholds each member’s and employee’s right to privacy and protection of personal information, and commits itself to compliance with British Columbia’s Personal Information Protection Act (PIPA) and all applicable privacy legislation.

  2. Personal Information
    Personal information includes information about an identifiable individual, including but not limited to employment files, financial information, salary, home telephone number and address, social insurance number, birth date and photographs. It does not include standard employment information such as name, job title, business address, or business phone number.
  3. Accountability
    The Association is accountable for the personal information under its control about its members and employees. The Association has a formal procedure for handling requests and complaints, and a Privacy Officer to whom questions and/or concerns regarding privacy may be addressed to: The Privacy Officer; 112 – 1924 West Mall; Vancouver, BC V6T 1Z2; Phone: 604.822.3883.
  4. Purposes for Collection, Use and Disclosure

    The following lists generally define the purposes for which the Association collects, uses and discloses personal information:

    Members
    The Association collects and uses personal information about members of the bargaining unit in order to provide them with a wide-range of services, including, but not limited to:

    • Collective Agreement bargaining
    • Collective Agreement administration
    • Providing advice and referral
    • Dispute resolution
    • Processing complaints and grievances
    • Distribution of newsletters, ballots, and other official Association documents
    • Conducting Association elections
    • Conducting surveys
    • Collection and processing of member dues
    • Verification of membership
    • Verification of eligibility for benefits

    Employees
    The Association collects and uses personal information about its employees for purposes including, but not limited to:

    • Hiring (including reference checks)
    • Payroll administration
    • Benefits administration (e.g. extended health, dental and pension)
    • Terms and conditions of employment
    • Performance evaluation
    • Discipline
    • Termination
    • Provision of references for former employees
    • Disclosure as required by government agencies (e.g. Canada Customs and Revenue Agency, and Workers Compensation Board)
  5. Collection of Personal Information

    The Association collects personal information about its members through standard employment information provided to it by the University. More detailed personal information may be collected through phone calls, correspondence, faxes, and email from members, through personal interviews with members, and through documents provided to the Association by the University as part of the regular bargaining relationship (e.g. letters regarding promotion and tenure decisions, termination of employment or discipline).

    Information about Association employees is collected through resumes at the time of application and/or hire, and through required documents governing the employment relationship (e.g. tax forms, salary changes, benefits registration, etc.). Additional information collected as part of performance evaluations, disciplinary proceedings, and other employment–related events may be added to an employee’s personnel file provided the employee is notified in advance.

  6. Consent

    Members
    As bargaining agent for academic staff members at the University, the Association has legal obligations that require the collection, use and disclosure of certain personal information about its members (e.g. standard employment information). In order to fulfill these legal obligations, members are deemed to have given their consent to the collection, use and disclosure of their personal information by the Association at the time they became a member of the Association.

    Subject to certain exceptions (e.g., the personal information is necessary to provide a service, or the withdrawal of consent would frustrate the performance of a legal obligation), members can withhold or withdraw their consent for the Association to use their personal information in certain ways. If a member decides to withhold or withdraw her/his consent to certain uses of personal information, the Association will explain the likely consequences of withholding or withdrawing consent.

    Whether an Association member has given explicit consent to the collection, use and disclosure of her/his personal information, or is deemed to have given consent, s/he will be equally covered by all provisions of this Policy.

    Employees
    The Association will obtain the explicit consent of all employees for the collection, use and disclosure of personal information as provided for in this Policy.

    Subject to certain exceptions (e.g., the personal information is necessary to provide a service, or the withdrawal of consent would frustrate the performance of a legal obligation), employees can withhold or withdraw their consent for the Association to use their personal information in certain ways. If an employee decides to withhold or withdraw her/his consent to certain uses of personal information, the Association will explain the likely consequences of withholding or withdrawing consent.

  7. Using and Disclosing Personal Information

    The Association takes its responsibility for reasonable use of personal information seriously. Accordingly, the Association will only use or disclose personal information where necessary to fulfill the purposes identified in this Policy.

    As bargaining agent for Faculty, Librarians and Program Directors at the University, the Association has legal obligations to protect Collective Agreement rights, to represent members in need fairly, and to further the interests of academic staff as a whole. This work necessitates a certain amount of information-sharing with third parties. In particular, information is shared with the University as part of the regular bargaining relationship, and may be disclosed to legal counsel in the event of formal proceedings. The Association requires all external parties, such as legal counsel, to sign contracts binding those parties to privacy protection that equals or exceeds that of this Policy.

    The Association will not disclose any personal information to additional parties, nor disclose any more than standard employment information to these parties, without the consent of the individual member. Under no circumstance does the Association sell the personal information of members.

  8. Accuracy of Personal Information

    The Association will make reasonable efforts to ensure that member and employee personal information is accurate and complete where it may be used to make a decision about the member or employee, or may be disclosed to a third party.

    Members and employees may request correction to their personal information in order to ensure its accuracy and completeness. A request to correct personal information must be made in writing and provide sufficient detail to identify the personal information and the correction being sought. A request to correct personal information should be forwarded to the Privacy Officer.

    If the personal information is demonstrated to be inaccurate or incomplete, the Association will correct the information as required and send the corrected information to any third party to which it disclosed the personal information in the previous year. If the correction cannot be made, the Association will note the members’ or employees’ correction request in the file.

  9. Privacy Safeguards and Disposal of Records

    The Association is committed to ensuring the security of member and employee personal information in order to protect it from unauthorized access, collection, use, disclosure, copying, modification or disposal or similar risks.

    In order to protect the personal information of members and employees, the Association is housed in alarmed offices, keeps all physical records of identifiable individuals in locked storage cabinets, and disposes of personal information in a secure manner once it is no longer required for business purposes. Electronic records of identifiable individuals are kept on password-protected computers, or are copied on to removable media and secured in the same fashion as physical records.

    Records containing personal information of members or employees shall not be removed from the Association office except when essential for the work of the Association. Where records must be removed temporarily, the person removing them shall keep custody of the records at all times, and shall ensure that all personal information is secured when not in use and returned to the Association office as soon as possible. All records containing personal information shall be disposed of once no longer required for business purposes. Print records shall be professionally shredded and disposed of, and electronic records permanently deleted.

  10. Access

    Members and employees have a right to access their personal information, subject to limited exceptions (e.g., solicitor-client privilege, disclosure would reveal personal information about another individual, health and safety concerns).

    Members and employees may at any time request full disclosure of their personal information held by the Association, may verify, update, or correct it as necessary, and may request as well that the Association dispose of any personal information not required for fulfillment of its ongoing legal responsibilities.

    A request to access personal information must be made in writing and provide sufficient detail to identify the personal information being sought. A request to access personal information should be forwarded to the Privacy Officer.

    The Association will make the requested information available within 30 business days, or provide written notice of an extension where additional time is required to fulfill the request. If a request is refused in full or in part, the Association will notify the member or employee in writing, providing the reasons for refusal and the recourse available to the member or employee.

  11. Questions and Complaints

    The Privacy Officer is responsible for ensuring the Association’s compliance with this Policy and the Personal Information Protection Act. Members and employees should direct any complaints, concerns or questions regarding Association’s compliance in writing to the Privacy Officer. The Privacy Officer will process any complaints and respond in writing to the complainant within thirty (30) business days, or provide written notice of an extension where additional time is required to fulfill the request. If the Privacy Officer is unable to resolve the concern, the member or employee may also write to the Information and Privacy Commissioner of British Columbia at: Office of the Information and Privacy Commissioner for BC; PO Box 9038, Stn. Prov. Govt.; Victoria BC V8W 9A4. Please direct any questions or concerns to: The Privacy Officer; #112 – 1924 West Mall; Vancouver, BC V6T 1Z2; Phone: 604.822.3883

Part II: Security of Records

  1. Schedule on Security of Records

    In order to protect the personal information of members and employees, the Faculty Association of the University of British Columbia keeps all physical records of identifiable individuals in locked storage cabinets, and disposes of personal information in a secure manner once it is no longer required for business purposes. Electronic records of identifiable individuals are kept on password-protected computers, or are copied on to removable media and secured in the same fashion as physical records.

    Records containing personal information may not be removed from the Association office except when essential for the work of the Association. If any records containing personal information are removed from the office the following information will be recorded in the Record Check-Out Log:

    • The date the records are removed from the office
    • A description of the records removed from the office
    • The signature of the person removing the records from the office
    • The date the records are returned to the office
    • The signature of the person returning the records to the office.

The person removing the records from the office shall keep custody of the records at all times while the records are outside of the office and shall ensure that the records are secured when not in use. Records shall be returned to the office as soon as possible.

  1. Accessibility of Records

Privacy Policy

Part III: PIPA Privacy Protection Schedule for Contractor

  1. Purpose
    The purpose of this Schedule is to enable the Association to comply with its statutory obligations under the Personal Information Protection Act (“the Act”) with respect to “personal information”, as defined in section 2 of this Schedule.
  2. Definition of personal information
    In this Schedule, “personal information” means information about an identifiable individual collected or created by the Contractor as a result of its work for the Association.
  3. Collection of personal information
    Unless the Association otherwise directs in writing, the Contractor may only collect or create personal information that is necessary for the performance of the Contractor’s obligations, or the exercise of the Contractor’s rights, under the Agreement.
  4. Contractor’s rights
    On request by an individual, the Contractor must provide the individual with the contact information for the person designated by the Association to answer questions about the Contractor’s collection of personal information.
  5. Consent for the collection, use or disclosure of personal information
    Unless the Association otherwise directs in writing, the Contractor must not collect, use or disclose personal information about an individual without the consent of the individual to whom the information relates.
  6. Withdrawal of consent
    1. If an individual provides reasonable notice to the Contractor that the individual withdraws consent to the collection, use or disclosure of the individual’s personal information, the Contractor must inform the individual of the likely consequences to the individual, if any, of withdrawing consent.
    2. The Contractor must not prohibit an individual from withdrawing consent to the collection, use or disclosure of the individual’s personal information, unless the withdrawal of consent would frustrate the performance of a legal obligation*.
    3. If an individual withdraws consent to the collection, use or disclosure of the individual’s personal information, the Contractor must stop the collection, use or disclosure of the individual’s personal information (unless it is permitted under the Act without consent).
  7. Accuracy of personal information
    The Contractor must make every reasonable effort to ensure the accuracy and completeness of any personal information it collects that is likely to be used by the Contractor or the Association to make a decision that directly affects the individual the information is about, or to be disclosed to another party.
  8. Access to personal information
    If the Contractor receives a request for access to personal information from a person other than the Association, the Contractor must promptly advise the person to make the request to the Association, unless prior written agreement expressly requires the Contractor to provide such access, and must provide the contact information of the official of the Association to whom such requests are to be made.
  9. Correction of personal information
    1. Within five (5) business days of receiving a written direction from the Association to correct or annotate any personal information, the Contractor must annotate or correct the information in accordance with the direction.
    2. When issuing a written direction under section 11, the Association must advise the Contractor of the date the correction or annotation request was received by the Association in order that the Contractor may comply with section 13.
    3. Within five (5) business days of correcting or annotating any personal information under section 11, the Contractor must provide the corrected information to any party to whom, within one year prior to the date the correction or annotation request was made to the Association, the Contractor disclosed the information being corrected or annotated.
    4. If the Contractor receives a request for correction or annotation of personal information from a person other than the Association, the Contractor must promptly advise the person to make the request to the Association unless prior written agreement expressly requires the Contractor to make the correction or annotation and provide the contact information of the official of the Association to whom such requests are to be made.
  10. Protection of personal information
    The Contractor must protect personal information by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure, copying, modification or disposal.
  11. Retention of personal information
    Unless otherwise specified, the Contractor must retain personal information until directed by the Association in writing to dispose of it or deliver it as specified in the direction.
  12. Use of personal information
    Unless the Association otherwise directs in writing, the Contractor may only use personal information for the performance of the Contractor’s obligations, or the exercise of the Contractor’s right.
  13. Disclosure of personal information
    Unless the Association otherwise directs in writing, the Contractor may only disclose personal information to any person other than the Association if the disclosure is for the performance of the Contractor’s obligations, or the exercise of the Contractor’s rights.
  14. Inspection of personal information
    In addition to any other rights of inspection the Association may have, the Association may, at any reasonable time and on reasonable notice to the Contractor, enter the Contractor’s premises to inspect any personal information in the possession of the Contractor or any of the Contractor’s information management policies or practices relevant to its management of personal information or its compliance with this Schedule and the Contractor must permit, and provide reasonable assistance to, any such inspection.
  15. Compliance with directions
    The Contractor must comply with any direction given by the Association under this Schedule.
  16. Notice of non-compliance
    If for any reason the Contractor does not comply, or anticipates that it will be unable to comply, with a provision in this Schedule in any respect, the Contractor must promptly notify the Association of the particulars of the non-compliance or anticipated non-compliance and what steps it proposes to take to address, or prevent recurrence of, the non-compliance or anticipated non-compliance.
  17. Termination of Agreement
    In addition to any other rights of termination which the Association may have, the Association may, subject to any agreement establishing mandatory cure periods for defaults by the Contractor, terminate the contract by giving written notice of such termination to the Contractor, upon any failure of the Contractor to comply with this Schedule in a material respect.
  18. Interpretation
      1. In this Schedule, references to sections by number are to sections of this Schedule unless otherwise specified.
      2. Any reference to the “Contractor” in this Schedule includes any subcontractor or agent retained by the Contractor to perform obligations for the Association and the Contractor must ensure that any such subcontractors and agents comply with this Schedule.
      3. The obligations of the Contractor in this Schedule will survive the termination of the contracted work.
Part IV: PIPA Statement for Faculty Association Website(s)

Like many websites, the website of the Faculty Association of the University of British Columbia automatically collects some information that does not identify the user. This may include the Internet Protocol (IP) address of the user’s computer, the IP address of the user’s internet service provider, the date and time the site was accessed, the sections of the site visited by the user, and any pages downloaded by the user. This non-personal information is used for system administration purposes only.

The Association website does not collect any personal information, unless the user explicitly and voluntarily provides personal information through automated website forms or through direct communication with the Faculty Association by email. Any personal information provided to the Association through this website or by email will be governed by the Association’s general policies on protection of personal information.

Access to Records (December 1996)
It was MOVED by N. Wieland, SECONDED by R. Labrie that, while financial Records of the Association are open, all Member Services and Grievance files (including Minutes) are confidential.