The recent rapid shift to remote teaching and online delivery has brought renewed attention to the privacy issues related to teaching and learning. This guide is designed to enable instructors to enhance their knowledge and awareness of privacy related issues, and to provide answers to frequently asked questions.
This guide provides an interpretation of the college's Protection of Privacy policy in the teaching and learning context. The Protection of Privacy policy is applicable to all college operations and activities. This guide is not intended to be comprehensive in regards to the application of the policy. This guide includes a number of best practices; it's important to note these best practices are informed by policy and legislation as well as sound pedagogy and ethical teaching practice.
Privacy, and other compliance issues such as copyright and accessibility, are complex. If you have any questions, ask.
|
Amber Nash (on leave) Ann Behennah (current contact) |
Policy specific questions Freedom of Information requests |
|
Ted Pennell |
Use of college supported technologies such as Office 365 and Teams Privacy Impact Assessments Data security
|
|
Scott Harris |
Student records
|
|
Erin Howard |
Use of 3rd party-cloud based tools for teaching and learning Privacy issues related to D2L, Kaltura, Zoom, and other college supported educational technologies |
Privacy is not specifically defined in British Columbia legislation, however there are some commonly held definitions that underpin this concept. In 1890 Louis Brandeis, later a justice of the United States Supreme Court, provided a definition of privacy – the right to be left alone – that is still relevant today. Today, a key element of privacy is the right of an individual to control their own personal information. We all have the right to maintain a private life, separate and apart from our public life. We negotiate our identity in the world and choose to share pieces of ourselves with those we trust.
Related to privacy are the concepts of confidentiality and anonymity. Confidentiality is a shared obligation to safeguard information provided by a individual. Confidentiality is an action you take to protect the privacy of another individual. In some contexts confidentiality is determined by professional standards (e.g. counselling or medical professionals). In some digital settings an individual may choose to be anonymous, where the information never has personal identifiers associated with it. Complete anonymity may be hard to achieve. In the relationship between instructor and students, anonymity rarely exists.
British Columbia's Freedom of Information and Protection of Privacy Act (FIPPA) outlines the obligations of public bodies such as Camosun have to protect privacy. The act states that public bodies must collect, use, disclose, retain and protect an individual’s personal information in a lawful and appropriate manner. And that an individual also has the right to: (a) access their personal information, (b) request correction of their personal information if they believe it is inaccurate, (c) notice of the collection of their personal information, and (d) complain if they believe their privacy has been breached.
Personal information is considered information that would allow an individual to be identified. Examples of personal information include, but are not limited to: name, home address, home telephone number, email address, mobile telephone number, Camosun ID number, ethnicity, gender, marital status, employment history, criminal history, grades, and health-related information.
Another key aspect of the provincial legislation is the direction where personal information (data) should be stored. BC privacy legislation is specific about storage of personal data outside of Canada. Section 30 of the act states:
30.1 A public body must ensure that personal information in its custody or under its control is
stored only in Canada and accessed only in Canada, unless one of the following applies:
(a) if the individual the information is about has identified the information and has consented, in
the prescribed manner, to it being stored in or accessed from, as applicable, another jurisdiction;
(b) if it is stored in or accessed from another jurisdiction for the purpose of disclosure allowed
under this Act;
(c) if it was disclosed under section 33.1 (1) (i.1).
The college's Protection of Privacy Policy O-6.1 makes the following commitment:
Camosun College is committed to meeting the spirit, intent, and requirements of the British Columbia Freedom of Information and Protection of Privacy Act (the “Act”). The Act clearly stipulates the requirements of a public body regarding disclosure obligations as well as the management of personal information within its custody and control. As a (local) public body, Camosun College facilitates the disclosure of information as well takes precautions to protect the privacy of personal information under its custody or control, as required by the Act.
All college employees are required to be familiar with the Protection of Privacy Policy (see Standards of Conduct Policy O-5.11). The Standards of Conduct Policy also outlines employee's responsibilities in regards to confidential information.
D2L, the college's learning management system, is a cloud based service hosted on Canadian servers in Waterloo and Toronto. The platform is licensed to the college through BCNet; compliance with college policy and BC legislation is maintained as part of this consortial license agreement.
Access or authentication to the system is handled by Camosun's single sign-on system (Shibboleth), managed by ITS.
The eLearning team, with direction from the Director, Learning Services, manages the system for the college. Local system decisions are made to ensure high standards of privacy are maintained. Personal student information, may be viewed by the eLearning department while performing routine system duties and providing support to instructors. Internal procedures and protocols have been established to protect the privacy of students and instructors.
Students' information can be accessed by the instructor of the course the student is enrolled in. That information includes:
Students have limited access to information about the other students in the class. The type of information students have access to is similar in nature to what they might have access to in a traditional classroom. Students will only see others students first and last names in their class.
While the system settings and roles assigned (instructor, student, guest) enable a high level of privacy protection, instructors should consider these best practices: