This online version is for convenience; the official version of this policy is housed in the University Secretariat. In case of discrepancy between the online version and the official version held by the Secretariat, the official version shall prevail.

1. Identify what records are in your custody and control. If more than one unit collects and maintains the same data, you will need to work together to implement a common set of classifications and guidelines.
2. As a unit, assign data classification labels (Open, Internal and Restricted Data). If you need assistance in determining what category your data should be classified as, please contact ITS or the Privacy Office.
3. If your data falls into a category that has access restrictions (Internal or Restricted), ensure that only those employees who need the information for their job can access the data. It may be that others in the office need access in cases when an employee is away or sick. This is acceptable as long as all those who can access the data are aware of their responsibilities.
4. Ensure you have departmental procedures in place to assist staff in following the correct guidelines for access, storage, retention and disposal. Depending on the unit, retention periods may vary. If you need assistance, please contact the Privacy Office. If you need assistance in applying access restrictions for electronic information, ITS can help.
5. Once you have classified your data and determined procedures, ensure staff are aware of their responsibilities. Training in the protection of personal information is available through the Privacy Office if you need it.
6. Send copies of procedures to help@wlu.ca (to be stored in a shared drive).