Privacy Compliance Guidelines

Following the rules and regulations around student privacy is an important consideration in using learning technologies at UBC. Find out the key points you need to know to choose tools and use them in a way that complies with BC’s Freedom of Information and Protection of Privacy Act (FIPPA) and UBC policy.

UBC & FIPPA Protect Students’ Personal Information

The British Columbia Freedom of Information and Protection of Privacy Act (FIPPA) ensures that UBC collects, uses, and discloses personal information in a lawful and appropriate manner.

Responsibilities of instructors

For instructors at UBC, FIPPA primarily affects how you handle information about your students. Any information that can personally identify a student, such as names, student numbers, email addresses, or student biographical, financial, educational, and employment data is protected by FIPPA. You are required to keep this information confidential and secure.

  • Confidentiality: Students’ personal information may be accessed by faculty and staff members on a need-to-know basis. Students are also entitled to know the names of other students in their own classes, to facilitate learning and engagement. Otherwise, identifiable information about students should not be disclosed without their consent.
  • Security: Personal information should only be stored on encrypted computers, encrypted mobile devices (i.e., laptops, tablets, or smart phones), or learning technologies that have passed a UBC Privacy Impact Assessment (PIA). Large amounts of personal information should not be emailed; Microsoft OneDrive or another secure information-sharing tool should be used instead. As of November 25, 2021, changes to FIPPA mean that there is no longer a strict requirement to store and access personal information on Canadian servers, and it is no longer a requirement to obtain consent from students if data is stored outside of Canada.

Learning Technology You Use Should Pass a UBC PIA

All tools recommended by the LT Hub have passed a UBC Privacy Impact Assessment (PIA) and receive central technical and pedagogical support. But, for pedagogical reasons, you may in some instances want to use other learning technologies (e.g., applications, tools, platforms).

Changes to FIPPA in November 2021 made it easier to use tools that store personally identifiable information outside of Canada; however, a UBC PIA is still required to ensure that the learning technology in question meets UBC’s privacy and security standards.

Ask the right questions in choosing technology

Here are the key questions to consider when thinking about selecting technology for your course:

  1. What are your learning goals in choosing this technology?
  2. Is there already a UBC-supported, PIA-approved technology that can support your learning goals? Explore the UBC tool finder, talk to your Instructional Support Unit or contact us in the LT Hub about possible alternatives.
  3. If there are no alternatives: what will the technology allow you to do that you couldn’t do before? What are the concrete benefits?
  4. What are the risks to you and your students? How do these risks measure up against the benefits?
  5. If you determine this technology is right for your context, you will need to start the UBC PIA process. This process will ensure that the technology complies with relevant privacy and security standards, which will keep student personal information safe.

You will need an approved PIA to document that you are complying with the requirements of UBC and FIPPA. Should a student complain about a breach of privacy, this documentation will be important to demonstrate that you—on behalf of UBC—took reasonable steps to comply with UBC’s obligations under FIPPA.

Learn More About Privacy at UBC

  • You can read more about FIPPA on the Office of the Information and Privacy Commissioner of BC’s website.
  • The UBC Office of the University Council has a Protection of Privacy overview to introduce some of the key requirements and implications of FIPPA.
  • Privacy Matters @ UBC is a website for increasing the awareness of privacy and information security at UBC, including how to protect personal information and keep your data secure.