Student Privacy Basics

Information and Privacy Office

1. What student information is considered "personal information"?

All information about identifiable students is considered personal information, such as:

  • Name and contact information
  • Ethnicity, race, religion, age, gender, sexual orientation
  • Student number and student ID photo
  • Educational information (enrolment, marks, grades, etc.)
  • Medical information (sick notes, accommodation information, etc.)

2. When is it OK to collect student personal information?

  • Collect only as necessary for approved University services, programs or activities
  • Limit collection to the least amount of information required
  • Provide students with the purpose(s) for which their information is collected

3. With whom may student information be shared?

  • Share only as necessary to carry out the purpose for which the information was collected or compiled
  • Students may consent to sharing for other purposes
  • All sharing must be on a need-to-know basis and limited to the least amount of information necessary

4. What about the posting of marks and grades?

  • Provide marks and grades to students directly or through limited-access tools such as Nexus and WebAdvisor whenever possible
  • Mark papers on the inside cover
  • If marks and grades must be posted publicly, redact all but the last two or three digits of the student number and scramble the class order

5. How else can student personal information be protected?

  • Limit access on a need-to-know basis
  • Store files in a secure place other than when being used for work
  • Transport files only as necessary
  • Encrypt electronic files before emailing or transporting
  • Dispose safely through shredding, deletion and media destruction

Click here for a PDF / poster version of this tipsheet.