Skip to main content Skip to main navigation Skip to footer content

Privacy and access

Freedom of information and protection of privacy

North Island College, as a public body, is subject to the Freedom of Information and Protection of Privacy Act (FOIPPA, FIPPA, or the Act). The purpose of FOIPPA is to ensure public bodies are accountable to the public and take appropriate measures to protect personal privacy.

The Privacy and Access Office, located within College Governance and Strategy, supports the following functions:

  • Freedom of Information (FOI) requests
  • General FOI and privacy support and training
  • Privacy Impact Assessments (PIAs)
  • Privacy breach management  

Requests for information

Members of the public may request access to records held by the college, including access to their own personal information. Depending on the nature of the information requested, access may be provided informally (through routine requests or publicly available sources) or formally (through a request made under the Freedom of Information and Protection of Privacy Act).

Routine requests

Many records held by NIC are available through standard service requests / informal channels. For example, registered students can access their tax receipts, official transcripts and financial information via myNIC. Employees can access their own employment records by contacting the Human Resources department.

If you're requesting access to your own personal information, it may be possible to obtain it directly from the office that holds the information. Individuals are encouraged to contact the relevant office before submitting a formal FOI access request.

Please note that records that contain confidential, personal or third-party information are subject to exemptions under the Act and are not disclosed routinely.

Publicly available information

NIC regularly produces public reports to ensure accountability in meeting our mandate. It may be helpful for you to consult the following webpages to determine if the record(s) you are seeking are released regularly to the public:

General
Governance and strategy
How to submit a Freedom of Information (FOI) access request

Freedom of Information requests must be submitted in writing, by emailing privacy@nic.bc.ca with the following information:

  • Your first and last names
  • Phone number
  • Email address and mailing address, if relevant
  • Description of the record(s) you're seeking

Important: To help avoid delays, be as specific as possible when describing the records you are seeking and include a date range where applicable.

Under the Act, the College has 30 business days to respond to a request; however, timelines may be extended in certain circumstances, and fees may apply. If needed, the Privacy and Access Office may contact you to clarify your request or to advise you of any applicable fees.

Individuals requesting copies of their own personal information may be asked to provide proof of identity before records are released. If you're requesting access to another person's personal information, a signed Release of Information / Proxy Form or proof of authority to act on that person's behalf is required.

Privacy impact assessments

A Privacy Impact Assessment (PIA) is a process used to identify, assess and manage privacy risks associated with new or significantly changed projects, initiatives, systems or processes that involve personal information.

PIAs are required under the Freedom of Information and Protection of Privacy Act (FOIPPA) and support good privacy practices by identifying potential risks early. Completing a PIA helps ensure privacy is considered from the outset and reduces the risk of privacy breaches.

PIA Process at NIC

  1. A PIA is initiated during the early planning stages of any new or changing program, service, system or process that involves personal information and/or before any significant changes are implemented.
  2. The department or project lead contacts the Privacy and Access Office as early as possible for guidance and support throughout the process.
  3. The responsible department leads the PIA development by identifying privacy considerations and providing project details, with guidance and support from the Privacy and Access Office. Technology-based initiatives receive support from IT, and other relevant groups may be involved during the PIA development.
  4. The PIA must be completed and signed off by the appropriate administrator(s) and the Privacy and Access Office before the launch of a new initiative or system. 

If you're planning a new initiative or have questions regarding the completion of a Privacy Impact Assessment, please contact the Privacy Office at privacy@nic.bc.ca.

Privacy breach management

Privacy breaches occur when personal information is accessed, collected, used or disclosed without proper authorization. They can be accidental or deliberate and may include theft, loss, alteration or destruction of information.

For all privacy breaches, it’s important to take action as soon as possible. In the event of a suspected or actual privacy breach, follow these steps:

  1. Report

    You must report the incident immediately to your supervisor, who will notify NIC’s Privacy and Access Office (by email privacy@nic.bc.ca or by phone 250-334-5058) and NIC’s IT and/or other departments as needed.

    If your NIC device or personal device with access to NIC applications or data has been lost, stolen or compromised, please inform IT through a Service Desk ticket or by calling 250-334-5255.

  2. Contain / Recover
    Take immediate steps to contain the incident and recover any personal or confidential information to reduce potential harm. Actions may include recalling emails, retrieving lost or stolen records or equipment, correcting physical or technical security gaps or stopping and isolating the activity that caused the incident.
  3. Remediate
    Work with your supervisor and the Privacy Office to assess the nature and cause of the incident. Implement appropriate corrective actions to address the breach and, where appropriate, support the notification of affected individuals.
  4. Prevent
    Review departmental practices to reduce the risk of future incidents. This includes understanding privacy responsibilities, handling personal and confidential information with care and actively contributing to a culture of responsible and secure information management.