Skip to McMaster Navigation Skip to Site Navigation Skip to main content
McMaster logo

Privacy Management Resources

Privacy Management Policy

The purpose of the Privacy Management Policy is to:

  • establish the roles and responsibilities of McMaster University regarding the protection of privacy and
    the right of access to information in compliance with privacy laws, specifically the Freedom of
    Information and Protection of Privacy Act (FIPPA), RSO, 1990 and the Protection of Personal Health
    Information Protection Act (PHIPA) S.O., 2004;
  • ensure that personal information in the University’s custody and control, including personal information
    that has been received by the University through an agent or services provider, is managed and
    protected in accordance with FIPPA, PHIPA and other applicable legislation; and
  • provide principles and accountability mechanisms to ensure that all McMaster Employees involved in
    the planning, management and day-to-day operations of the University are in compliance with FIPPA
    and with PHIPA, their associated regulations and the privacy policies, procedures and practices set out
    by the Universit

Privacy Management Policy   February 13, 2024, supersedes the:

  • Policy for the Handling of Personal Health Information, June 16, 2015
  • Policy for the Handling of Personal Information, June 16, 2015
  • Policy Governance and Accountability Framework, June 16, 2015

Privacy Breach Protocol

Portable Storage and Mobile Devices Policy – effective July 1, 2017

Background Check Policy – Students/Alumni – REVISED – effective July 1, 2017

Electronic Mail (E-mail) Protocol for Personal Information (PI) and Personal Health Information (PHI) – effective July 1, 2017

Policy on Access to Personal Health Information (PHI)

Policy on Correction of Personal Health Information (PHI)

Guideline for Verifying Identity for Formal Correction of Personal Health Information (PHI) – effective July 1, 2017

Guideline on Obtaining Consent re Personal Health Information to be Transmitted via Email (PHI) – effective July 1, 2017

Lock Box Protocol for Personal Health Records (PHI) – effective July 1, 2017

Forms

Policy on Correction of Personal Health Information

Guideline on Obtaining Consent re Personal Health Information to be Transmitted via Email

Lock Box Protocol