Respecting Confidentiality

In your work as a TA, protect the privacy of your students by sharing their personal information with people who are authorized to see it and keeping it safe from those who are not authorized to see it.

The University is governed by the Freedom of Information and Protection of Privacy Act (FIPPA).

RELEVANT UNIVERSITY OF TORONTO POLICIES & OFFICES

GENERAL POLICIES, PROCEDURES & GUIDELINES

There are three areas with confidentiality concerns:

  1. handling assignments and grades;
  2. communication with students; and
  3. record keeping and disclosure.

The practices set out below will help you to reasonably protect privacy, consistent with FIPPA. If you become aware of a privacy breach/issue, immediately contact the FIPP Office at 416.946.7303.

Handling of Assignments

Do This: Best Practices

  • write grades and comments inside assignment/test books, so they are not visible to others when materials are returned
  • return work in controlled, supervised conditions
  • permit individuals to pick up only their own work
  • retain unclaimed student work for one year
  • arrange for secure destruction of unclaimed work

Don’t Do This: What to Avoid

  • don’t write student grades on the front page of their assignment/test
  • don’t leave graded assignments/tests unattended for pick up, in your class or outside your work area
  • don’t allow anyone to collect the work of others

Posting of Student Grades

Do This: Best Practices

  • post grades on Portal so individuals see only their own grade
  • announce how grades will be posted at the start of the tutorials
  • disclose grades only to the student to whom they pertain
  • only release academic/personal information to a third party (e.g., a parent), with the written consent of the student
  • if you must email grades, only use your @utoronto.ca email
  • if it is necessary to post grades with student numbers, only use the last four digits (use this practice each time you have to include student numbers)

Don’t Do This: What to Avoid

  • don’t post grades outside of Portal
  • avoid posting student grades in public places (and if you do, don’t include their full names and student number)
  • don’t verbally tell students their grades in class
  • don’t reveal a student’s grade to a third party (e.g., their friends, siblings or parents)
  • don’t use a student’s work as example in class without the student’s consent
  • don’t share grade files via non-U of T email

Taking Student Attendance and Group Work Signup

Do This: Best Practices

  • inform students at the start of the tutorial/lab how personal information, including attendance, will be collected and used
  • student’s full name and complete student number should not be visible to others when collecting attendance
  • take attendance yourself (e.g., calling roll is proper practice)
  • for group work, collect personal information necessary to conduct the class so that group work scheduled can be developed but be clear on how this information is to be used
  • set up groups, seminars, etc., with group sign-up in Quercus

Don’t Do This: What to Avoid

  • don’t take attendance by passing around a sheet where students record their full names and student numbers
  • don’t get students to write their student numbers next to their full names
  • don’t allow class lists with personal information to circulate

Email Correspondence With and About Students

Do This: Best Practices

  • advise students at the start of the course what email practices you will follow
  • tell your students that you are expected to correspond with students only through their official U of T email account
  • avoid “reply all” responses where practical—use “bcc” to avoid disclosing recipient identities to the whole group
  • write emails in a professional manner

Don’t Do This: What to Avoid

  • don’t share student emails (addresses and content) unless needed
  • don’t forward student emails to persons not involved in administering the course
  • don’t use the “reply-all” when communicating with a student
  • don’t communicate with students who use non-U of T accounts

Students’ Records

Do This: Best Practices

  • only collect personal information that you need to do your job
  • if a student wishes to access their records, speak with the CI, Registrar or FOI Liaison

Don’t Do This: What to Avoid

  • don’t access student records unless there is a need to do so

Reference Letters

Do This: Best Practices

  • confidential academic references are generally protected and are not given to the individual to whom they pertain

Don’t Do This: What to Avoid

  • don’t disclose to a third party what you write in a reference letter on behalf of a student

Record Keeping

Do This: Best Practices

  • retain emails from and to students for at least one year if they contain personal information which you have used
  • all records fall under FIPPA and can be requested and released (and so they have to withstand public scrutiny)
  • create excellent, professional records
  • destroy personal information no longer needed for your work

Don’t Do This: What to Avoid

  • don’t delete/destroy correspondence you’re your students
  • don’t keep student records and/or correspondence in public and/or easily accessible areas

Disclosure of Student Information

Do This: Best Practices

  • emergencies, health and safety trump privacy
  • personal information can be shared within U of T on a need-to-know basis and/or with a student’s consent

Don’t Do This: What to Avoid

  • don’t disclose student information unless there is a need to do so

Updated by Nicole Birch-Bayley, Faculty Liaison Coordinator, TATP/CTSI © 2022