In accordance with the Act respecting Access to documents held by public bodies and the Protection of personal information, chapter A-2.1 (the “Act”), the University must record, in the appropriate register, certain specific uses or instances of sharing of Personal Information. Below is a description of some of the required registers.
The following describes some of the required registers
- When there is a Privacy Incident and a decision has been made, in accordance with the Guidelines Concerning Privacy Incidents, to notify the concerned individual(s), this information must be recorded in the Privacy Incident Register. The Privacy Incident Register is kept and managed by the Privacy Officer.
- When Personal Information is released to a third party for the purpose of carrying out a mandate or performing a contract for work or services for Concordia, this information must be recorded in a register. This register is made available to all relevant units and to Procurement.
- When the University releases information necessary for the carrying out of a collective agreement, order, directive or regulation establishing conditions of employment, such instances are recorded in a register managed by Human Resources.
- When Personal Information is used for a purpose other than that for which it was collected but for a purpose that is consistent with the original purpose and/or when its use is clearly for the benefit of the person concerned, this use is recorded in a register. This register is kept and managed by the Privacy Officer or the relevant unit.
- When the University releases information that must be released for the application of an Act in Québec, these instances are recorded in a register. This register is managed by the Privacy Officer in collaboration with specific units.
- When Personal Information is used for the production of statistics or released for study and/or research purposes, these uses are recorded in a register. This register is kept and managed by the Privacy Officer.
Note: Any questions about the registers may be directed to the relevant unit, Privacy Ambassador or to the Privacy Officer.