Info handling unchanged
By Colleen MacPherson
Even though there has been a change in the way personal information is accessed at the U of S, the responsibility for using that information in an appropriate manner remains the same.
That’s the message from University Secretary Lea Pennock and Rick Bunt, Associate Vice-President of Information and Communications Technology, who have been fielding inquiries from all quarters of campus about information access since new web-based administrative systems like SiRIUS, UniFi and PAWS have come on stream.
Whether information comes from a piece of paper or a computer screen, Bunt said the University has a collective responsibility to safeguard the personal information of students and staff.
“The principles are still the same” when it comes to handling information, said Pennock, “but the processes might be different. We might expect that the technology is going to somehow enforce those principles but in fact, it’s our own choices that enforce them.”
Under the law and according to its own regulations and policies, the obligations of the University include using information only for the purpose for which is is collected, not sharing the information with a third party without written consent, seeing that it is destroyed when no longer needed, and ensuring those using the information know their responsibilities and obligations.
Bunt used the example of a student phone number, saying certain people have always had access to that information “but they have a professional responsibility to use it in an appropriate way. The new administrative systems don’t change that person’s right to access it or their responsibility to use it correctly.”
“In a perfect world, the technology would identify every piece of information a person might need to do their job and limit their access, but that’s years down the road,” Pennock explained. “There has to be a certain level of trust on the part of the University that our employees are going to be sensible, ethical and responsible with the information they do see.”
Both Bunt and Pennock said many questions come from employees who find they can view more personal information on the new administrative systems than they were able to in the past, and those who now must go through new steps to see what was easily accessible before. “Process change is difficult,” said Bunt, but being able to view never-before-seen data “doesn’t allow people unfettered use of that information. What’s important is knowing what you can do with what you have”.
The new administrative systems move the University futher into what Bunt described as a “self-service environment” and, as a result, some of the oversight that was once provided by, for example, department secretaries who controlled access, has disappeared.
Responsible use of personal information is not a new issue, said Pennock, but as processes change, it is important to be reminded that use of that information is a matter of trust and stewardship.
Hutchinson said “nothing should change” in terms of how information is handled once the policy is in place, which he expects will happen by the end of the calendar year. The policy simply “formalizes and confirms the legislation we’re under already,” he said. “It will be something we can point to easily.”