Skip to main content Skip to main navigation Skip to footer content

Privacy and access

Freedom of information and protection of privacy

North Island College, as a public body, is subject to the Freedom of Information and Protection of Privacy Act (FOIPPA, FIPPA, or the Act). The purpose of FOIPPA is to ensure public bodies are accountable to the public and take appropriate measures to protect personal privacy.

The Privacy and Access Office, located within College Governance and Strategy, supports the following functions:

  • Freedom of Information (FOI) requests
  • General FOI and privacy support and training
  • Privacy Impact Assessments (PIAs)
  • Privacy breach management  

Requests for information

Members of the college community and the public may request access to records held by the college, including access to their own personal information. Depending on the nature of the information requested, access may be provided informally (through routine requests or publicly available sources) or formally (through a request made under the Freedom of Information and Protection of Privacy Act).

Informal requests and access

Routine requests

Many records held by NIC are available through informal channels. For example, registered students can access their tax receipts, official transcripts and financial information via myNIC, and past students can request their official transcripts through Student Services. Employees can access their own employment records by contacting the Human Resources department.

If you're requesting access to your own personal information, it may be possible to obtain it directly from the office that holds the information. Individuals are encouraged to contact the relevant office before submitting a formal FOI access request.

Please note that records that contain confidential, personal or third-party information are subject to exemptions under the Act and are not disclosed routinely.

Publicly available information

NIC regularly produces public reports to ensure accountability in meeting our mandate. Most/all of these reports can be accessed through the following webpages:

General
Governance and strategy

Formal requests

Freedom of information (FOI) access request

Freedom of Information requests must be submitted in writing, by emailing privacy@nic.bc.ca with the following information:

  • Your first and last names
  • Phone number
  • Email address and mailing address, if relevant
  • Description of the record(s) you're seeking

Important: To help avoid delays, be as specific as possible when describing the records you are seeking and include a date range where applicable.

Under the Act, the College has 30 business days to respond to a request; however, timelines may be extended in certain circumstances. Fees may apply. If needed, the Privacy and Access Office may contact you to clarify your request or to advise you of any applicable fees.

Individuals requesting copies of their own personal information may be asked to provide proof of identity before records are released. If you're requesting access to another person's personal information, a signed Release of Information / Proxy Form or proof of authority to act on that person's behalf is required.

Privacy impact assessments

A Privacy Impact Assessment (PIA) is a process used to identify, assess and manage privacy risks associated with new or significantly changed projects, initiatives, systems or processes that involve personal information.

PIAs are required under the Freedom of Information and Protection of Privacy Act (FOIPPA) and support good privacy practices by identifying potential risks early. Completing a PIA helps ensure privacy is considered from the outset and reduces the risk of privacy breaches.

PIA Process at NIC

  1. A PIA should be initiated during the early planning stages of any new or changing program, service, system or process that involves personal information and/or before any significant changes are implemented.
  2. The department or project lead should contact the Privacy and Access Office as early as possible for guidance and support throughout the process.
  3. The responsible department leads the PIA development by identifying privacy considerations and providing project details, with guidance and support from the Privacy and Access Office. Technology-based initiatives may need involvement from IT, and other groups may also be involved during the PIA development.
  4. The PIA must be completed and signed off by the appropriate administrator and the Privacy and Access Office before the launch of a new initiative or system. 

If you're planning a new initiative or have questions regarding the completion of a Privacy Impact Assessment, please contact the Privacy Office at privacy@nic.bc.ca.

Privacy breach management

Privacy breaches occur when personal information is accessed, collected, used or disclosed without proper authorization. They can be accidental or deliberate and may include theft, loss, alteration or destruction of information.

For all privacy breaches, it’s important to take action as soon as possible. In the event of a suspected or actual privacy breach, follow these steps:

  1. Report

    You must report the incident immediately to your supervisor, who will notify NIC’s Privacy and Access Office (by email privacy@nic.bc.ca or by phone 250-334-5058) and NIC’s IT and/or other departments as needed.

    If your NIC device or personal device with access to NIC applications or data has been lost, stolen or compromised, please inform IT through a Service Desk ticket.

  2. Contain / Recover
    Take immediate steps to contain the incident and recover any personal or confidential information to reduce potential harm. Actions may include recalling emails, retrieving lost or stolen records or equipment, correcting physical or technical security gaps or stopping and isolating the activity that caused the incident.
  3. Remediate
    Work with your supervisor and the Privacy Office to assess the nature and cause of the incident. Implement appropriate corrective actions to address the breach and, where required, support the notification of affected individuals.
  4. Prevent
    Review and improve departmental practices to reduce the risk of future incidents. This includes understanding privacy responsibilities, handling personal and confidential information with care and actively contributing to a culture of responsible and secure information management.