Policies and Procedures

Policies and procedures in relation to access, privacy and security. (Links to UAPPOL)

General Privacy and IT Security (Relevant to Most University Employees)

Access to Information and Protection of Privacy Policy and Procedure - basic overview of university and employees' obligations arising from the Freedom of Information and Protection of Privacy Act.

Responding to and Reporting of Information Security Breaches Procedure - this procedure tells individuals what to do if they believe that a privacy or security breach may have occurred.

Encryption Procedure - states that any laptop, phone or other mobile device that is used to store university sensitive information, including personal information, must be encrypted and protected in accordance with this procedure.

Email Forwarding Restriction Procedure - states that university information and records shall not be automatically email forwarded.

Information Technology Security Policy - sets out the obligations of employees, faculties, departments and units related to the security of the university's information technology resources.

Information Technology Use and Management Policy
- sets out the general obligations of users of the university's information technology resources; sets out instances where university reserves the right to access IT resources (e.g. e-mail).


Contract Review Procedure - states that any university contract in which the other party to the contract will have access to personal information that is collected or used in the course of a university operating program or activity must be reviewed by the Information and Privacy Office before it is signed.

Surveys, Studies or Research Projects Involving Personal Information Held by University

Access to Personal Information for Research/Studies Procedure - sets out requirements for individuals who want to access personal information held by the university for a survey, study or a research project.

Research Records

Research Policy - states that the university will ensure that principles of stewardship are applied to research records.

Research Records Stewardship Guidance Procedure - sets out roles, responsibilities, and obligations relating to stewardship of research records and the protection of personal/health information. Also states that responsibilities throughout the research lifecycle should be made at the beginning of a research project in a Data Management Plan.

Research Records Stewardship Guidance Procedure Appendix A: Research Records Management and Preservation Guidelines - provides guidance on how to create a research records management plan and a records policy for a research project.

Research Records Stewardship Guidance Procedure Appendix B: Research Records Classification and Preservation Guidelines - provides a classification system for various kinds of sensitivity levels associated with research records.

Creation of a University Website

Website Privacy Policy - university's standard policy to explain its practices to website users; this should appear at the bottom of university websites.

Student Concerns and Complaints

Student Concerns and Complaints Policy - Records and Privacy - to protect privacy of individuals in the resolution of student concerns and complaints.

Student Concerns and Complaints - Procedure for Management of Documents - outlines university's expectations for management of documents in resolution of student concerns and complaints.

Relevant to Employees Who Work within IST or a Unit's Local IT Group

Administrative Information Systems Security Policy

Administrative Information System Access and Maintenance Procedure

University Campus Network Policy

University Campus Network Procedure

November 2014