RDP Information Access and Privacy

PURPOSE

Red Deer Polytechnic (RDP), as a public post-secondary institution, is governed by the Freedom of Information and Protection of Privacy (FOIP) Act of Alberta. RDP is committed to the security, privacy, and confidentiality of personal information, within RDP's custody or control, in alignment with FOIP and other applicable legislation and policies. This policy ensures RDP's alignment with the principles set forth by FOIP.

SCOPE

This policy applies to anyone who performs a service for or on behalf of RDP as an employee, volunteer, Board Member, contractor, or agent, and is applicable to all personal information in the custody or control of RDP, regardless of medium or format.

POLICY

Accountability

  1. The RDP President is responsible for ensuring RDP is compliant with FOIP, but may delegate, in writing, any duties or functions under FOIP, as seen in the Delegation of Authority table.
  2. The development and implementation of policies, procedures, and training related to FOIP are delegated to Risk Services. Risk Services provides support on matters pertaining to privacy legislation, request for access to information, privacy impact assessments for the implementation of new or existing software, and addressing questions or concerns regarding the access, collection, use, disclosure, or security of personal information at RDP.
  3. All employees must make every reasonable effort to become acquainted with the requirements of FOIP, RDP policies, associated procedures and practices.
  4. All employees are responsible for the personal and confidential information under their custody or control and it must be governed in accordance with FOIP and RDP policies, associated procedures and practices.
  5. Employees must report any unauthorized access, collection, use, or disclosure of any personal information to their supervisor and to Risk Services (privacy@RDP.ab.ca).

Accuracy and Retention

  1. RDP makes reasonable efforts to ensure that personal information used to make decisions that directly affects an individual is accurate and complete and will correct personal information where the individual believes there is an error or omission.
  2. RDP retains personal information used to make a decision about an individual for a year, at minimum, to allow the individual opportunity to obtain access to it. The exact length of retention is dependant on the record type and is listed on RDP retention schedule. After such a time the record is destroyed or deleted in accordance to the Records and Information Management policy.

Access: Formal/Informal

  1. Individuals have the right to access their personal information and records, as well as records that are under the custody and control of RDP, subject to exceptions within FOIP. RDP makes every reasonable effort to assist applicants with the information access request.
  2. Individuals who wish to request their personal information can make an informal request to the department that has control over the information. If the department cannot informally release the information, or the information is not routinely disclosed or actively disseminated, a formal request can be submitted to privacy@RDP.ab.ca.
  3. Access to any personal information should only be granted in accordance with the use and disclosure provisions outlined by FOIP.
  4. The Registrar restricts and controls access to the student academic record.

Collection

  1. RDP only collects personal information for the following purpose: a. the information relates directly to and is necessary for an operating program or activity of RDP; or b. c. the collection of personal information is expressly authorized by an enactment of Alberta or Canada; or for a security or administrative investigation, including complaints that give rise to the investigation, that lead or could lead to a penalty or sanction.
  2. RDP will collect personal information directly from the individuals the information is about, except where there is a reasonable requirement to collect from another source(s), and where indirect collection is permitted under FOIP.
  3. The individual is notified before information is collected, except in cases of emergency or if required by law. A notification statement must be provided in a manner appropriate for the circumstances (ex. verbal notification if information collected verbally) and must state the purpose of collection, specific legal authority for collection, and contact information for someone who can answer questions regarding the collection.
  4. Student personal information, contained in their academic records, is collected under the authority of FOIP, as well as the Post-secondary Learning Act of Alberta, the Statistics Act of Canada and the Income Tax Act of Canada.

Use and Disclosure

  1. RDP may use personal information for the purposes in which it was collected or for a use that is consistent with that purpose, stated at the time of collection, or by obtaining consent for use from the individual the information is about.
  2. Personal information contained in the alumni records can be used for the purposes of RDP fund-raising activities, unless the individual requests not to use their information in this manner.
  3. Personal information may only be disclosed in accordance with FOIP.
  4. Student personal information, contained in their academic records, is used to determine eligibility for admission and registration in programs; collecting transcripts; administering records, scholarships and awards; providing student services; and for alumni relations and fundraising. It may be disclosed to academic and administrative units for planning and research activities; federal and provincial agencies for reporting requirements; contracted or public health care providers, including collaborative educational, funding, and workplace agencies as required; and the Student’s Association of RDP through data sharing agreements.

Information Security

  1. RDP protects personal and confidential information by making every reasonable security arrangement against the risk of unauthorized access, collection, use, disclosure, or destruction and is protected according to the sensitivity of the information.
  2. RDP conducts privacy impact assessments on new or changing initiatives, software or application upgrades that collect, use or disclose personal information to ensure that personal information risk is identified, mitigated or brought under control such that the impact is minimal.
  3. RDP strives to prevent unauthorized access, collection, use, disclosure, or destruction of personal or confidential information by offering employees FOIP training and, where possible, limiting access to and within information technology system.
  4. RDP has the right and responsibility to authenticate an individual's identity before modifying records, releasing information or making corrections to personal information.

Non-compliance

  1. Willful non-compliance for any provisions under FOIP, including access, collection, use, disclosure, or destruction of personal information in contravention of FOIP may be subject to disciplinary action in accordance with RDP policies, collective agreements, and/or could result in penalty under the law.

RELATED POLICIES

Ellucian Privacy Policy

Copyright © 2026, All Rights Reserved.