Skip to Main Content

Privacy considerations for online teaching

Privacy and online teaching

The recent rapid shift to remote teaching and online delivery has brought renewed attention to the privacy issues related to teaching and learning.  This guide is designed to enable instructors to enhance their knowledge and awareness of  privacy related issues, and to provide answers to frequently asked questions. 

This guide provides an interpretation of the college's Protection of Privacy policy in the teaching and learning context.   The Protection of Privacy policy is applicable to all college operations and activities. This guide is not intended to be comprehensive in regards to the application of the policy.  This guide includes a number of best practices; it's important to note these best practices are informed by policy and legislation as well as sound pedagogy and ethical teaching practice. 

Privacy, and other compliance issues such as copyright and accessibility, are complex. If you have any questions, ask. 

Amber Nash 

Executive Assistant, VP Administration 

Policy specific questions 

Freedom of Information requests

Ted Pennell 

Chief Information Officer 

Use of college supported technologies such as Office 365 and Teams 

Privacy Impact Assessments

Data security


Scott Harris 


Student records


Director, Learning Services

Use of 3rd party-cloud based tools for teaching and learning 

Privacy issues related to D2L, Kaltura, Collaborate and other college supported educational


Definitions and BC legislation

Privacy is not specifically defined in British Columbia legislation, however there are some commonly held definitions that underpin this concept. In 1890 Louis Brandeis, later a justice of the United States Supreme Court,  provided a definition of  privacy – the right to be left  alone – that is still relevant today.   Today, a key element of privacy is the right of an individual to control their own personal information. We all have the right to maintain a private life, separate and apart from our public life. We negotiate our identity in the world and choose to share pieces of ourselves with those we trust. 

Related to privacy are the concepts of confidentiality and anonymity.  Confidentiality is a shared obligation to safeguard information provided by a individual.   Confidentiality is an action you take to protect the privacy of another individual. In some contexts confidentiality is determined by professional standards (e.g. counselling or medical professionals).   In some digital settings an individual may choose to be anonymous, where the information never has personal identifiers associated with it. Complete anonymity may be hard to achieve.  In the relationship between instructor and students, anonymity rarely exists. 

British Columbia's Freedom of Information and Protection of Privacy Act  (FIPFA) outlines the obligations of public bodies such as Camosun have to protect  privacy. The act states that public bodies  must collect, use, disclose, retain and protect an individual’s personal information in a lawful and appropriate manner. And that an individual also has the right to: (a) access their personal information, (b) request correction of their personal information if they believe it is inaccurate, (c) notice of the collection of their personal information, and (d) complain if they believe their privacy has been breached.   

Personal information is considered information that would allow an individual to be identified.  Examples of  personal information include, but are not limited to: name, home address, home telephone number, email address, mobile telephone number, Camosun ID number, ethnicity, gender, marital status, employment history, criminal history, grades, and health-related information.

Another key aspect of the provincial legislation is the direction where personal information (data) should be stored. BC privacy legislation is specific about storage of personal data outside of Canada.  Section 30 of the act states:

30.1 A public body must ensure that personal information in its custody or under its control is 
stored only in Canada and accessed only in Canada, unless one of the following applies:
(a) if the individual the information is about has identified the information and has consented, in 
the prescribed manner, to it being stored in or accessed from, as applicable, another jurisdiction;
(b) if it is stored in or accessed from another jurisdiction for the purpose of disclosure allowed 
under this Act;
(c) if it was disclosed under section 33.1 (1) (i.1).

The college's Protection of Privacy policy makes the following commitment: 

Camosun College is committed to meeting the spirit, intent, and requirements of the British Columbia Freedom of Information and Protection of Privacy Act (the “Act”). The Act clearly stipulates the requirements of a public body regarding disclosure obligations as well as the management of personal information within its custody and control. As a (local) public body, Camosun College facilitates the disclosure of information as well takes precautions to protect the privacy of personal information under its custody or control, as required by the Act.

All college employees are required to be familiar with the Protection of Privacy policy  (see Standards of Conduct).  The Standards of Conduct Policy also outlines employee's responsibilities in regards to confidential information. 


Privacy within D2L

D2L, the college's learning management system, is a cloud based service hosted on Canadian servers in Waterloo and Toronto.  The platform is licensed to the college through BCNet; compliance with college policy and BC legislation is maintained as part of this consortial license agreement. 

Access or authentication to the system is handled by Camosun's single sign-on system (Shibboleth), managed by ITS. 

The eLearning team, with direction from the Director, Learning Services, manages the system for the college.  Local system decisions are made to ensure high standards of privacy are maintained.  Personal student information,  may be viewed by the eLearning department  while performing routine system duties and providing support to instructors.  Internal procedures and protocols have been established to protect the privacy of students and instructors.  

Students' information can be accessed by the instructor of the course the student is enrolled in.   That information includes:  

  • First and last name
  • email address
  • Student number
  • Grades, performance, evaluation and everything else related to assessments in the course
  • Student work, such as assignment submissions, quiz responses and discussion forum contributions
  • In the User Progress tool, instructors have the ability to review the course statistics, individual student and/or overall class progress in the course.  They can see what course content/materials have been accessed and how long was spent on each item.  

Students have limited  access to information about the other students in the class. The type of information students have access to is similar in nature to what they might have access to in a traditional classroom. Students will  only see others students first and last names in their class.  

  • In the class email 
  • On any posts to discussion boards
  • If they are assigned to a groupIf the instructor has allowed students to email other student’s, email address will not be displayed unless a student choose to share them

While the system settings and roles assigned (instructor, student, guest) enable a high level of privacy protection, instructors should consider these best practices: 

  • inform students how their names might be shared within the course
  • If an instructor chooses to  reuses any student work in course content--make sure all personal information is removed. Permission 
  • Remind student to be careful about sharing personal information in discussions or chats 
  • Remind students that they can email the members of their group from the course shell, but the email addresses are in a bcc field, so they cannot see the email addresses. If students decide to share email addresses with each others, so that they can email each other directly from their personal  email accounts, that is their prerogative.
  • If instructors have any guests added to the course, they should alert students of their presence