Privacy Review of Contracts, Projects or Systems


In accordance with the university's Contract Review Procedure, any contract that involves the provision of services or use by a third party of the personal information that is collected, used or disclosed in providing the programs and services of the university, is to be sent to the Office of General Counsel for review.

Privacy and Security Reviews

The Freedom of Information and Protection of Privacy Act (the FOIP Act) requires public bodies such as the University of Alberta to have reasonable safeguards in place to protect against such risks as unauthorized access, collection, use, disclosure or destruction of personal information.

A privacy and security review is a risk management and compliance tool used to identify and correct or mitigate potential privacy and security issues, thus avoiding costly program, service, or process redesign.

Privacy and security reviews are generally done in conjunction with the review of contracts in which a third party may have access to personal information that is collected in the course of an operating program or activity of the university.

In general, it is also good to conduct a privacy and security review when you are responsible for a new project involving personal information, or for an existing project in which significant changes will be made to the way personal information is collected, used or disclosed.

To initiate a privacy and security review, please contact the IPO.

Important Operational Requirements

Please note that when you undergo a privacy and security review, your unit will be asked to confirm that it will comply with the Operational Requirements set out here. Please ensure that the people within your unit who are responsible for meeting the relevant requirements, will be made aware of them before the initiative is implemented.

May 2017

Mailing address:
Ring House 4
University of Alberta
Edmonton, AB T6G 2E1

Phone: (780) 492-9419
Fax: (780) 492-6571