Preaload Image

6.2.       Use and Disclosure of Personal Data Policy

  • Processing of personal data may only be carried out on a legitimate basis and fairly and transparently based on one or more of the following legitimate bases:
  • To enable the University to carry out its mandate,
  • To ensure the safety and security of persons of concern or other individuals,
  • To ensure and respect confidentiality, personal data must be filed and stored in a way that it is accessible only to authorized personnel,
  • To ensure and implement a high level of data security that is appropriate to the risks presented by the nature and processing of personal data,
  • Maintaining physical security of premises, portable equipment, individual case files and records, and
  • Maintaining computer and information technology (IT) security, for example, access control (e.g. passwords, tiered access), user control, storage control, input control, communication, and transport control (e.g., encryption) to ensure the privacy of users.
  • In deteriorating security situations that pose a serious risk of personal data breaches, the ICT Directorate shall take all necessary and possible steps to avoid such personal data breaches, by relocating, or, as a matter of last resort, destroying individual case files, whether in paper or computerized form, that contain personal data, in order to prevent harm to data subjects;
  • If a personal data breach is likely to result in personal injury or harm to a data subject, the data controller should use his or her best efforts to communicate the personal data breach to the data subject and take mitigating measures as appropriate without undue delay. The notification should describe: 
  • The nature of the personal data breach, including the categories and number of data subjects and data records concerned, 
  • The known and foreseeable adverse consequences of the personal data breach, and
  • The measures  taken or proposed to be taken to mitigate and address the possible adverse impacts of the personal data breach.



 6.3. Use and Disclosure of Personal Data Policy  

6.4. Access and Correction of Personal Data Policy  

6.5. Automatically Processed Information 

6.6. Use of Identifiers Policy 

6.7. Anonymity Policy 

6.8. Security and Quality of Personal Data Policy