Privacy Management Resources
Privacy Management Policy
The purpose of the Privacy Management Policy is to:
- establish the roles and responsibilities of McMaster University regarding the protection of privacy and
the right of access to information in compliance with privacy laws, specifically the Freedom of
Information and Protection of Privacy Act (FIPPA), RSO, 1990 and the Protection of Personal Health
Information Protection Act (PHIPA) S.O., 2004; - ensure that personal information in the University’s custody and control, including personal information
that has been received by the University through an agent or services provider, is managed and
protected in accordance with FIPPA, PHIPA and other applicable legislation; and - provide principles and accountability mechanisms to ensure that all McMaster Employees involved in
the planning, management and day-to-day operations of the University are in compliance with FIPPA
and with PHIPA, their associated regulations and the privacy policies, procedures and practices set out
by the Universit
Privacy Management Policy February 13, 2024, supersedes the:
- Policy for the Handling of Personal Health Information, June 16, 2015
- Policy for the Handling of Personal Information, June 16, 2015
- Policy Governance and Accountability Framework, June 16, 2015
Portable Storage and Mobile Devices Policy – effective July 1, 2017
Background Check Policy – Students/Alumni – REVISED – effective July 1, 2017
Electronic Mail (E-mail) Protocol for Personal Information (PI) and Personal Health Information (PHI) – effective July 1, 2017
Guideline for Verifying Identity for Formal Correction of Personal Health Information (PHI) – effective July 1, 2017
Guideline on Obtaining Consent re Personal Health Information to be Transmitted via Email (PHI) – effective July 1, 2017
Forms
Policy on Correction of Personal Health Information
Guideline on Obtaining Consent re Personal Health Information to be Transmitted via Email
Lock Box Protocol