On this page:
• Privacy considerations for remote work
• Request for correction of personal information
• Privacy complaint form
• Privacy breach reporting
• Instructions for dealing with a privacy breach caused by misdirected email
Privacy considerations for remote work
- Use recommended tools and technologies for working remotely.
- Use your Memorial University email account, not personal accounts, for conducting university business.
- Use encrypted storage devices that require a password.
- Avoid using CDs and DVDs to store university information as they can be lost or copied.\
- Laptops should be full-disk encrypted so data cannot be accessed if the laptop is lost or stolen.
- Remove university information from personal computers (if using), laptops, hard drives and other storage devices when no longer in use.
- Ensure your work-related discussions about confidential matters are not overheard by people not authorized to know the information.
- Keep university records in paper/hard copy format out of view of people not authorized to view them; have a file or box to keep them secure.
- Any confidential university information requiring disposal (e.g. paper, hard drive, etc.) must be done securely; retain these in a safe place until normal operations resume and you can dispose of them in accordance with university policy.
- Bear in mind that whatever device you use, university records are subject to ATIPP requests and privacy requirements under the ATIPPA, 2015.
Online/Remote Teaching: Privacy Considerations
- Instructors are advised to use platforms and tools provided by the Centre for Teaching and Learning (CITL) and Information Technology Services (ITS). Due to concerns surrounding privacy, the university does not recommend using platforms not evaluated or supported by the university.
- Be mindful of students who may not want to be visible or recorded and give them alternate means of submitting questions and comments.
- Alternative technologies – if you choose to avail of other technologies, the tech company undoubtedly will store and use end user data for the company’s own purposes, putting users’ privacy at risk. If that user data is a “University Record,” then the university has no controls in place to protect and manage the data. University records include records of information about identifiable learners, their contact information, comments, questions, and assessments. The university is obliged to protect students’ personal information in accordance with the ATIPPA, 2015.
- Memorial has vetted and approved video conferencing services available to instructors. Consult with CITL for the tool that best meets your instructional needs.
Beware of cyber attacks. Attackers are particularly active in using social engineering attacks to take advantage of the COVID-19 crisis, and its climate of dynamic change and sense of urgency. In addition to phishing emails, actors may use phone calls, text messages, social media and fake news to trick victims into providing personal information. Emails purporting to be from trusted sources may be malware in disguise. Be careful what you click and download.
If you believe that information about you contained in a Memorial University record is inaccurate, contact the office having custody and control of the record and request to have it corrected. You may be asked to provide proof of your identity and evidence that the information in the record is inaccurate.
If the informal approach is unsuccessful, you may file a formal request by completing a Correction of Personal Information Request application form and submitting it to firstname.lastname@example.org or telephone 709-864-8753.
If you believe that your personal information has been breached in any way, please fill out a Privacy Complaint Form and send it to the IAP Office at email@example.com. Our office will contact you regarding your complaint and work towards a resolution.
A privacy breach occurs when there is unauthorized access to or collection, use, disclosure or disposal of personal information. Such activity is "unauthorized" if it occurs in contravention of the ATIPPA, 2015 or other applicable privacy legislation. Examples of a privacy breach are personal information becoming lost or stolen and personal information mistakenly emailed to the wrong person. See below* for specific instructions on dealing with a privacy breach caused by a misdirected email.
It is our duty as Memorial University employees to report privacy breaches. To report a breach, contact:
Rosemary Thorne, CIPP/C
University Access and Privacy Advisor
Memorial University of Newfoundland
Spencer Hall, Room SP-4018
St. John's, NL A1C 5S7
Phone: (709) 864-8214
- Ask the individual(s) who received the information in error to confirm by email that they have not retained it or disseminated it and also that they have deleted it from their in box and from their deleted/trash folder.
- Once you’ve had the confirmation in #1 above, advise the affected individual of the incident:
- Let them know the email was deleted and not retained or disseminated.
- Invite them to contact you if they have any questions.
- Notify them they can opt to contact the province's Information and Privacy Commissioner (www.oipc.nl.ca) about the incident.