Privacy
On this page:
• Privacy considerations for remote work
• Request for correction of personal information
• Privacy complaint form
• Privacy breach reporting
• Instructions for dealing with a privacy breach caused by misdirected email
Privacy considerations for remote work
Your privacy obligations continue and requirements under the university’s privacy policy and procedures remain in place while working remotely. Please follow these recommendations.
- Use a Memorial-managed laptop (or desktop computer, where appropriate) with a VPN connection to the Memorial network when working remotely.
- Ensure your work-related discussions about confidential matters are not overheard by people not authorized to know the information.
- If it has been deemed necessary for you to maintain paper University records at home, and records cannot be digitized, ensure appropriate physical safeguards (e.g. a locked cabinet or desk in a secure area) are in place to avoid risk of loss or theft. These safeguards should be approved by your supervisor.
- Any confidential university information requiring disposal (e.g. paper, hard drive, etc.) must be done securely; retain these in a safe place until normal operations resume and you can dispose of them in accordance with university policy.
- Bear in mind that whatever device you use, university records are subject to ATIPP requests and privacy requirements under the ATIPPA, 2015.
In addition, for approved RWA scenarios, please refer to the RWA guidelines.
Online/Remote Teaching: Privacy Considerations
- Instructors are advised to use platforms and tools provided by the Centre for Teaching and Learning (CITL) and Information Technology Services (ITS). Due to concerns surrounding privacy, the university does not recommend using platforms not evaluated or supported by the university.
- Be mindful of students who may not want to be visible or recorded and give them alternate means of submitting questions and comments.
- Alternative technologies – if you choose to avail of other technologies, the tech company undoubtedly will store and use end user data for the company’s own purposes, putting users’ privacy at risk. If that user data is a “University Record,” then the university has no controls in place to protect and manage the data. University records include records of information about identifiable learners, their contact information, comments, questions, and assessments. The university is obliged to protect students’ personal information in accordance with the ATIPPA, 2015.
- Memorial has vetted and approved video conferencing services available to instructors. Consult with CITL for the tool that best meets your instructional needs.
Phishing
Beware of cyber attacks. In addition to phishing emails, actors may use phone calls, text messages, social media and fake news to trick victims into providing personal information. Emails purporting to be from trusted sources may be malware in disguise. Be careful what you click and download.
Request for Correction of Personal Information
Informal Approach
If you believe that information about you contained in a Memorial University record is inaccurate, contact the office having custody and control of the record and request to have it corrected. You may be asked to provide proof of your identity and evidence that the information in the record is inaccurate.
Formal Approach
If the informal approach is unsuccessful, you may file a formal request by completing a Correction of Personal Information Request application form and submitting it by email to iap@mun.ca.
Privacy Complaint Form
If you believe that your personal information has been breached in any way, please fill out a Privacy Complaint Form and send it to the IAP Office at . Our office will contact you regarding your complaint and work towards a resolution.
Privacy Breach Reporting
A privacy breach occurs when there is unauthorized access to or collection, use, disclosure or disposal of personal information. Such activity is "unauthorized" if it occurs in contravention of the ATIPPA, 2015 or other applicable privacy legislation. Examples of a privacy breach are personal information becoming lost or stolen and personal information mistakenly emailed to the wrong person. See below* for specific instructions on dealing with a privacy breach caused by a misdirected email.
The Privacy Policy has several procedures, including the procedure for Managing a Privacy Breach.
It is our duty as Memorial University employees to report privacy breaches. To report a breach, contact:
Information Access and Privacy Office
Memorial University of Newfoundland
Spencer Hall, Room SP-4018
St. John's, NL A1C 5S7
Email: iap@mun.ca
* Instructions for dealing with a privacy breach caused by misdirected email:
- Ask the individual(s) who received the information in error to confirm by email that they have not retained it or disseminated it and also that they have deleted it from their in box and from their deleted/trash folder.
- Notify our office of the incident by emailing iap@mun.ca. You may be asked to complete a privacy breach reporting form.
- Once you’ve had the confirmation in #1 and #2 above, we may ask that you advise the affected individual of the incident:
- Let them know the email was deleted and not retained or disseminated.
- Invite them to contact you if they have any questions.
- Notify them they can opt to contact the province's Information and Privacy Commissioner (www.oipc.nl.ca) about the incident.