Access and Privacy at UWinnipeg

Introduction to The Freedom of Information and Protection of Privacy Act (FIPPA)

This guideline provides an introduction to The Freedom of Information and Protection of Privacy Act (FIPPA). Subjects include:

• Purpose of FIPPA
• Types of University Records
• Types of Personal Information
• Roles and Responsibilities

This guideline is intended for all University employees. Except where specifically excluded, it is applicable to all information collected, used, or disclosed in the conduct of official University business. Additional procedural guidelines are available to assist University employees in fulfilling their duties under FIPPA.

Purpose of FIPPA

As its name suggests, FIPPA has a dual role: facilitating access to information and protecting personal privacy. In Manitoba, citizens have the right to access information contained in records in the custody or control of public bodies, such as the University. The public also has the right to access records containing personal information about themselves and request correction if such information is found to be inaccurate.

The public may request access to information contained in the University’s records by submitting a formal FIPPA request form. Individuals may request access to their own personal information or to general University records, such as budgets and meeting minutes. Once received, the University has thirty days to respond to a FIPPA request, although time extensions are possible.

FIPPA also contains rules that govern the collection, use, and disclosure of personal information, to safeguard the rights of individuals. All University employees are responsible for adhering to these rules when handling personal information. In addition, FIPPA requires that the University implement physical and electronic safeguards to protect the personal information contained within its records.

Types of University Records

A university record is any record created by an employee of the University of Winnipeg in the course of conducting University business, regardless of media. University records include emails, letters, journals, reports, maps, plans, sound and video recordings, photographs, and any other type of record.

However, certain University records are exempt from FIPPA. These include proprietary teaching materials, faculty research materials, and examination or test questions. In other instances, the University is obligated, or reserves the right, not to provide access to certain information contained within its records.

Types of Personal Information

Personal information (PI) is any recorded information about an identifiable individual. Personal information includes:

• The individual’s name, home address, or home telephone, fax, or email;
• Information about the individual’s age, sex, sexual orientation, or marital or family status;
• Information about the individual’s ancestry, race, colour, nationality, or national or ethnic origin;
• Information about the individual’s religion or creed, or religious belief, association, or activity;
• Personal health information about the individual;
• The individual’s blood type, fingerprints, or other hereditary characteristics;
• Information about the individual’s political beliefs, association, or activity;
• Information about the individual’s education, employment or occupation, or educational, employment, or occupational history;
• Information about the individual’s source of income or financial circumstances, activities, or history;
• Information about the individual’s criminal history, including regulatory offences;
• The individual’s own personal views or opinions, except if they are about another person;
• The views or opinions expressed about the individual by another person; and
• Any identifying number, symbol, or other particular assigned to the individual.

Roles and Responsibilities

Corporate Secretary and General Counsel or a designate is the Head of the University as regards the administration of FIPPA. Access to information requests are received and processed by the University’s FIPPA Office. Any member of the public, including University staff, faculty, and students, may submit an access request.

University employees are responsible for assisting the FIPPA Office in locating records that may contain information that is responsive to an access request. University employees must adhere to FIPPA when collecting, using, and disclosing personal information. They must also ensure that physical and electronic safeguards are in place to protect the personal information contained within the records that are in their custody or control.