The university is subject to the Freedom of Information and Protection of Privacy Act (FIPPA) and must ensure the responsible collection, use, storage and management of personal information within its infrastructure.

Privacy Impact Assessments (PIAs) are now mandatory under FIPPA for all relevant initiatives involving personal information. The privacy impact assessment service offered by Information Security enables users of information technology to identify and assess privacy impacts and risks affecting staff, faculty, librarians and students.

PIAs must be conducted as part of all vendor and application reviews to ensure alignment and mitigate privacy risks. Any changes to existing processes that affect data flows are also required to undergo a PIA to maintain compliance with FIPPA obligations.