Privacy

Vancouver School of Theology Privacy Policy

Approved: Feb 4, 2020

Vancouver School of Theology (VST) respects the privacy of the personal information of its students, alumni, faculty, staff, management, volunteers, donors, Library patrons, other stakeholders and contractors and is committed to the protection of that information.

Scope

Vancouver School of Theology collects through its website, by phone and email and departmental office forms personal information in the course of business in accordance with the general authority of the Vancouver School of Theology Act (Bill Pr 402 – 1992) and other applicable administrative policies approved by VST’s Board of Governors; and relevant provincial and federal legislation.
All personal information provided for VST’s administrative and operational purposes and any other information placed into a student, alumnus, employee or donor record will be collected, protected, used, disclosed and retained in compliance with the Personal Information Protection Act of British Columbia (SBC 2003 Chapter 63.)

Definitions

  • Academic employee: any individual hired by Vancouver School of Theology, whether on a full-time, part-time, or sessional basis to provide instruction in any of VST’s diploma, degree, certificate or continuing education programs.
  • Access: the process of viewing personal information collected and retained by VST about one’s self.
  • Alumni: individuals who have attended VST and who have completed a formal degree, diploma or certificate program. For the purpose of this policy “alumni” also refers to any individual who has taken one or more courses offered at VST including the Summer School or Indigenous Studies Program.
  • Collection: the act of gathering or acquiring and recording personal information from any source.
  • Consent: voluntary agreement with the collection, use or disclosure of personal information for the specified purposes. Consent may be expressed or implied by written, verbal, opt-in or opt-out means.
  • Disclosure: the act of making personal information available to others.
  • Donor: any individual, business or organization who has donated money or gifts-in-kind in support of VST.
  • Faculty: see academic employee.
  • FIPPA: Freedom of Information and Protection of Privacy Act. FIPPA is the act governing public bodies. This would include provincial government ministries, provincial agencies, boards, and commissions, provincial Crown corporations, municipalities, regional districts, universities, colleges, school boards, municipal police forces, and self-governing professional bodies (such as the College of Registered Nurses of British Columbia).
  • Non-academic employee: any individual engaged by Vancouver School of Theology, whether on a full-time, part-time, temporary or volunteer basis to work in a paid or unpaid capacity for VST whose work is not primarily teaching in any of VST’s programs.
  • Personal Information (PI): means information about an identifiable individual and includes employee personal information but does not include information to enable an individual at a place of business to be contacted (name, position name or title, business telephone number, business address, business email or business fax number of the individual); or work product information, that is, information prepared or collected by an individual or group of individuals as a part of the individual’s or group’s responsibilities or activities related to the individual’s or group’s employment or business.
  • PIPA: Personal Information Protection Act. PIPA is applicable to all organizations not governed under FIPPA or otherwise mentioned in the PIPA act. They include corporations, partnerships, doctor’s offices, associations that are not incorporated, co-operative associations, societies, churches or other religious organizations, charities, sports clubs, trade unions, political parties, trusts, and any individual involved in a commercial activity.
  • Privacy Impact Assessment: means an assessment that the school conducts to determine if a current or proposed system, project, program or activity meets or will meet FIPPA’s privacy protection requirements.
  • Record (noun): includes books, documents, maps, drawings, photographs, letters, vouchers, papers and any other thing on which information is recorded or stored by graphic, electronic, mechanical or other means, but does not include a computer program or any other mechanism that produces records.
  • Record/Recorded(verb): means a Surveillance System is used to convert images and/or sound into a record that can be reproduced.
  • Staff: see non-academic employee.
  • Student: any individual registered for a program or course at VST.
  • Surveillance System: means an analog or digital video recording system (with or without audio) authorized and used by the university intended to monitor or record the activities of people or monitor or record an area that is accessible to the university community or public. For the purposes of this policy and its associated procedures, surveillance does not include the use of personal video equipment or the recording or broadcasting of public events, and educational activities.
  • Use: the treatment, handling and management of personal information by and within VST.
  • Volunteer: a person who assists with something, including helping other people, willingly and without compensation.

Accountability

VST is responsible for the protection of all personal information under its control in accordance with the principles for the protection of privacy that underlie the Personal Information Protection Act of British Columbia and Freedom of Information and Protection of Privacy Act. The Principal has designated VST’s Privacy Officer to represent the policy and ensure protection of privacy through collection, disclosure and use of personal information in compliance with legislation.

Review of procedures

The designated Privacy Officer will develop the Annual Report on Privacy Compliance (ARPC). The content of the report includes:

  • A description of privacy training provided for staff
  • Review of personal information management, communications, achievements and issues
  • Results of privacy impact assessments and privacy audits, their recommendations and the status of implementation
  • Privacy inquiries and complaints and their resolution
  • Privacy breaches, if any, related recommendations and the status of their implementation
  • Review of privacy policies and recommendations for change, especially enforce keeping the amount of collected information to a minimum
  • Privacy Office’s strategic plan priorities, implementation timelines, and resource requirements

The final Annual Report on Privacy Compliance is reviewed by the Principal and provided to the VST Board of Governors.

Purposes for Collection

All personal information collected is used by VST in the course of its normal business. VST will identify the purposes for which it collects personal information at or before time of collection either orally or in writing. VST will not use personal information for any new purpose without the consent of the individual concerned.

The main purposes for collecting personal information are as follows:

Students & Alumni

The collection and retention of student and alumni information is related directly to and needed by VST for the purposes of admission, registration, graduation and other activities related to its programs, being a member of the VST community, and receiving communications (written, printed, oral or electronic) from VST. The information will be used to admit, register and graduate students; record academic achievement; issue library cards and other student identification as required; administer and operate academic, recreational, alumni and other VST programs; and other such activities necessary to manage the student or alumni relationship.
Information on admission, registration and academic achievement may also be disclosed and used for statistical and research purposes by VST, our founding denominations and the Association of Theological Schools of the United States and Canada. Information so used will be made anonymous.
In addition to collecting personal information for its own purposes VST collects specific and limited personal information on behalf of the UBC and the Alma Mater Society.

This information for the purpose of membership administration, elections, annual general meetings and its transit and health plans as well as Canvas registrations. VST discloses the personal information only for those purposes.
Please contact the relevant UBC office if you have any questions about its collection, use and disclosure of the information. Contact information can be found here:
https://students.ubc.ca/about-student-services

Academic Employees

The collection and retention of academic employee personal information is related directly to and needed by VST for the purposes of hiring, managing and providing services to faculty members. The information will be used to evaluate applications for academic employment and make a hiring decision; for payroll and benefits administration; to evaluate a faculty member’s qualifications for renewal, tenure and promotion; to issue library cards; open computing and email accounts; to receive communications (written, printed, oral or electronic) from VST; and other such activities necessary to manage the employment relationship.

Non-Academic Employees

The collection and retention of non-academic employee personal information is related directly to and needed by VST for the purposes of hiring, managing and providing services to non-academic employees. The information will be used to evaluate applications for employment and make a hiring decision; for payroll and benefits administration; to conduct performance appraisals; to evaluate an employee’s qualifications for promotion; to issue library cards; open computing and email accounts; to receive communications (written, printed, oral or electronic) from VST; and other such activities necessary to manage the employment relationship.

Donors & Supporters

The collection and retention of donor and supporter personal information is related directly to and needed by VST to communicate by mail, telephone, email and face-to-face contact in order to relate VST’s activities, events, and news; to administer and maintain accurate donation information and ensure compliance with all legal and regulatory requirements; to facilitate fundraising activities that support programs and projects; and other such activities necessary to manage the relationship.

Consent

The knowledge and consent of individuals, expressed or implied, is required for the collection, use and disclosure of personal information. An individual’s expressed consent is communicated to VST either personally or through an authorized representative. VST may seek implied consent from individuals in situations where it is more fitting to seek consent through “opt-out” opportunities presented through correspondence, telephone, email or other communication methods. Where such mechanisms are not employed by an individual, VST shall be entitled to assume that the individual has consented.
Any individual may withdraw his or her consent to the collection, use or disclosure at any time, (subject to legal or contractual restrictions and reasonable notice). In case of verbal withdrawal, direction, date and how we became aware of the decision will be recorded.
In certain specific circumstances consent is not required. These include situations where collection of personal information is in the interest of the individual, for example nominees for an honorary degree, and consent cannot be obtained in a timely way; where collection and use is required in the case of emergency threatening the life, health or security of the individual; where information is already publicly available; where a proceeding is before a court or a judicial or quasi-judicial tribunal; in collecting a debt or fine or making a payment.

Limiting Collection

Collection of personal information shall be limited to that which is necessary for the stated purposes. Furthermore, the Annual Report on Privacy Compliance (ARPC) will determine how we can limit the collection of Personal Information.

Use, Disclosure & Retention

Accuracy
VST will make every reasonable effort to ensure that the personal information it uses is accurate and complete. Upon request by an individual to whom information relates, VST will correct or annotate the information with a correction.

Disclosure Without Consent
It is permitted to disclose the following information without a consent:
a) an Employee’s Contact Information: information about employee’s position, functions
b) name of individuals who have received degrees, the names of degrees those individuals received and the years in which the degrees were awarded; and
c) Personal Information about an individual in an emergency situation or where the designated person determines that compelling circumstances exist that affect anyone’s health or safety. Compelling Circumstances exist where one is compelled to act to protect an individual whose health or safety is in imminent danger. Emergency means a present or imminent event of a short duration that affects or threatens: the health, safety or welfare of people, property and infrastructure, and or the purposes of the school. Urgent incidents are those which may include incidents of persons in extreme emotional distress; involving sudden trauma or death; of inter-personal conflict; and of other matters similar in nature.

Protection
VST will protect personal information by making reasonable security arrangements to prevent the risk of unauthorized collection, access, use, disclosure or disposal of personal information. VST will not use or disclose personal information for purposes other than those for which the information was collected, except with the consent of the individual or as required or permitted by law. VST does not share, sell, or rent any personal information to outside parties.

Retention and Disposition
Personal information will be retained only as long as is necessary for the fulfillment of the purposes for which it was collected and for VST’s established legal and business purposes. The School will retain Personal Information used to make a decision about an individual for a minimum of one year.

Surveillance Systems

VST may use surveillance systems to:

  • improve personal safety on school property by acting as a deterrent or increasing the likelihood of identifying individuals who may commit criminal activity;
  • assist law enforcement agencies with the investigation of any suspected criminal activity;
  • assist with the protection of school’s assets and infrastructure; or
  • assist with the application of VST policies.

Surveillance Systems shall not be used to monitor or record areas where VST community or public have a reasonable expectation of privacy. Those monitoring systems will be designed to minimize the impact on privacy and that impact will be assessed and documented in the Annual Report on Privacy Compliance.
The school will provide notice of the use of Surveillance Systems by prominently displaying signage at the perimeter or entrance to the area being monitored or recorded to alert individuals that such systems are or may be in use before they enter any area under surveillance. This monitored area applies to all VST buildings.

Privacy Officer’s Responsibilities

The Privacy Officer has the following key responsibilities and obligations, to be undertaken in compliance with relevant provincial and federal policies and procedures:

  • Oversight of the development, implementation, review and amendment of privacy policies, practices, procedures, standards and guidelines (together, referred to as the policy privacy)
    Ensure compliance with privacy policies and procedures.
  • Advise management of privacy risks, issues and opportunities.
  • Provide to the Principal the necessary support of the privacy program and facilitate the following:
    1. Ensure that privacy policies are transparent, accessible and understood.
      Facilitate compliance with FIPPA and its regulations.
      Ensure staff, faculty, management, contractors, volunteers are aware of:
        FIPPA and its Regulation and their duties, obligations and responsibilities in relation to FIPPA.
      Direct, deliver or ensure the delivery of the initial privacy orientation and the ongoing privacy training and fostering a culture of privacy.
      In co-ordination with staff collecting PI and legal counsel (as required) establish consistent practices to address willful failure to comply with VST’s privacy policies, and.
      Oversee the management of privacy complaints.
      Oversee the management of privacy inquiries.
      Provide direction for managing privacy breaches or suspected privacy breaches.
      Determine needs for privacy audits and program reviews.
      Identify trends, both positive and negative, in privacy management within VST.
  • Liaise with the Office of the Information and Privacy Commissioner for British Columbia regarding FIPPA compliance;
  • Periodically review, monitor, assess, investigate and report on VST systems and projects regarding their compliance with FIPPA;
  • Review and monitor third party privacy agreements, employee confidentiality agreements, information notices, legal practices and requirements under FIPPA and adherence to FIPPA where a persons PI is involved; and
  • In collaboration with the VST Information Technology Department, ensure alignment between security and privacy practices and where alignment cannot be reached, notify the Principal.

Privacy Impact Assessments

The Privacy Officer must conduct a risk-based Privacy Impact Assessment for all new systems, projects, programs or activities and substantially modified systems or activities. The nature and extent of the assessment will be based upon the risk.
Before committing the school to a project or initiative or before procurement that may entail privacy risks, the Privacy Officer will assess the project or initiative for potential privacy risks.
Upon completion of the said Privacy Impact Assessment, The Privacy Officer will determine whether the project’s risk after mitigation shall be accepted, whether the project should not proceed or, whether changes need to be implemented to the project.

Individual Access

Upon written request, VST will inform an individual of the existence, use and disclosure of his or her personal information and the individual will be given access to that information, subject to exceptions under the FIPPA. VST may lawfully deny access where the information is protected by solicitor/client privilege or if disclosure of personal information results in the disclosure of personal information about another individual. Individuals have a right to request corrections to Personal Information about themselves, subject to exceptions under the FIPPA.

Requests for Information

An individual may request, in writing, information about his or her personal information from the Privacy Officer. Furthermore, any questions about this policy should be directed as well to the said officer.

Privacy Officer
Vancouver School of Theology
6015 Walter Gage Road
The University of British Columbia
Vancouver, BC V6T 1Z1
Canada
privacyofficer@vst.edu