Records Containing Personal Information
Access and privacy are a balance. All Dalhousie employees are responsible
Access and privacy are a balance. All Dalhousie employees are responsible for the proper management of records. Records containing personal information should be used only for the purpose identified at the point of collection, and must be managed in an efficient and transparent manner. This means that such records should be accessible only to employees who require the information to do their jobs, and that personal information is retained no longer than necessary. DalCLASS outlines retention periods to ensure that all records are kept no longer than required.
Each unit should appoint someone to manage user-access groups, to maintain a current list of access groups and to ensure that employees have the access permissions required by their positions. This will limit accidental disclosures of personal information.
Question to ask about the access of records:
- Do those that require access have the correct access rights?
- Are personal records secure?
- Are paper records stored in a locked cabinet with key access for the appropriate employee(s)?
- Do folders of electronic records have current user groups’ access attached?
Access groups should be reviewed every three years and each time there is a staffing change.
For more information, please contact the Dalhousie’s Privacy Officer