Students interested in this project should complete the online application form http://resources.slais.ubc.ca/2016/07/16/profexapp/, please cite the project number “Mount Royal University”. Please include a resume and cover letter.
|Professional Experience Project Proposal Form|
|Name of Organization|
|Mount Royal University|
|4825 Mount Royal Gate SW
Calgary, Alberta T3E 6K6
|Purpose of the project:|
|Mount Royal University is a public body that falls under the Freedom of Information and Protection of Privacy (FOIPP) Act within the Province of Alberta. One of the obligations under the Act is to ensure that public bodies protect personal information by making reasonable security arrangements against such risks as unauthorized access, collection, use, disclosure or destruction.
As records management practices for the University transition into a digital/cloud environment, one risk mitigation strategy often used by public bodies (Privacy/Legal/IT) is completing a Privacy Impact Assessment (PIA), which is a tool that checks whether business units have made reasonable security arrangements prior to the implementation of their project proposals.
The current PIA tool requires recommendations and revisions in an effort to make the risk assessment tool more efficient to use for both the privacy office and the business units.
|Summary of activities required to carry out the project:|
|(1) Establish familiarity of the pertinent Protection of Privacy Legislation
(2) Review past recommendations (materials) provided by both the Office of the Information and Privacy Commissioner’s Office and Service Alberta (Government of Alberta)
(3) Evaluate the current Privacy Impact Assessment (PIA) or Privacy Risk Assessment document and propose recommendations.
(4) Develop and revise the risk mitigation tools to facilitate their use by University business units.
|Expectations of the end result of the project, for both host and student:|
|The anticipated end result of the project will be a revised Privacy Impact Assessment (PIA) template or tool to be used by University departments for new business projects that manage identifiable personal information.
The student participating in the project will become familiar with various aspects of Access and Protection of Privacy Legislation such as the rules concerning the collection, use, disclosure and protection of personal information. Notably, although this project falls within the context of Alberta, these principles are often reiterated both in other legislative jurisdictions and the “Generally Accepted Privacy Principles (GAPP)”, which auditors use to assess organizations.
|Time periods in which the project could be supervised (check all that apply):|
|Is there a deadline by which the project must be completed?|
|This project is part of the process improvement plan for the University Privacy Office; therefore, the deadline is flexible.|
|Considering the project requirements, please suggest suitable coursework as pre-requisite or co-requisite: (e.g. LIBR 580 Collection Management, ARST 515 Arrangement & Description of Archival Materials.)|
|ARST 516 – Management of Current Records
ARST 575B – Administering Records under Freedom of Information and Protection of Privacy Legislation
|Have you already arranged to work with an iSchool student? please name them here|
|Not at this time|