Skip to main content
Ontario Tech acknowledges the lands and people of the Mississaugas of Scugog Island First Nation.

We are thankful to be welcome on these lands in friendship. The lands we are situated on are covered by the Williams Treaties and are the traditional territory of the Mississaugas, a branch of the greater Anishinaabeg Nation, including Algonquin, Ojibway, Odawa and Pottawatomi. These lands remain home to many Indigenous nations and peoples.

We acknowledge this land out of respect for the Indigenous nations who have cared for Turtle Island, also called North America, from before the arrival of settler peoples until this day. Most importantly, we acknowledge that the history of these lands has been tainted by poor treatment and a lack of friendship with the First Nations who call them home.

This history is something we are all affected by because we are all treaty people in Canada. We all have a shared history to reflect on, and each of us is affected by this history in different ways. Our past defines our present, but if we move forward as friends and allies, then it does not have to define our future.

Learn more about Indigenous Education and Cultural Services

Privacy Impact Assessment

A privacy impact assessment (PIA) is a process used to determine how a particular project, system or initiative could affect the privacy of an individual. The purpose of a PIA is to ensure that privacy considerations are addressed during the planning and implementation of projects that involve the collection, use, disclosure, or storage of personal information.

PIAs support Ontario Tech’s strategic priority of “Tech with a Conscience”, promoting the ethical use of technology to enhance our academic and administrative service offerings while ensuring that stakeholders’ rights and expectations of privacy are respected and upheld.

PIAs consider:

  • The contractual arrangement between the vendor and Ontario Tech
  • The adequacy of technological safeguards and the policies and practices of the vendor as they relate to privacy
  • The university’s obligations under the Freedom of Information and Protection of Privacy Act (FIPPA) and other applicable legislation.

The goal is to generate recommendations to better ensure the privacy of our stakeholders, including providing a notice of collection, minimizing the personal information involved, activating security features where available and/or making sure there are adequate contractual protections in place.

  • When do I need to request a PIA?

    If you are contracting with a third party for services or information systems, contracts require a legal review including a PIA where the contract involves the transfer, storage or use of personal information.

    You should request a PIA as early as possible where a proposed project has the potential to affect the privacy of Personal Information of identifiable individuals. This may include developing or upgrading computer systems, integrating Personal Information from multiple databases, moving to online service provision, or contracting with a cloud service provider.

  • What information do I need to provide to start the PIA process?

    We ask that you provide the information listed below as a starting point. Please submit the information to

    1. Vendor agreements and terms of service; (a copy of the draft agreement between the University and Vendor)
    2. Vendor privacy policies;
    3. Vendor information regarding security and privacy;
    4. Information regarding any partners involved in the provision of the service (e.g. any cloud storage platform used for storing personal information)
    5. Audit certificates and reports related to vendor security and privacy (e.g. SOC 2 Report, ISO certification, HECVAT)
    6. A description of the personal information involved and the number of individuals and what constituent groups they come from (e.g. students from a particular faculty, employees, alumni).
    7. A description of the integration with any existing systems, and any personal information transferred to/from those systems (e.g. integration with the LMS or Banner systems.)
    8. A contact at the Vendor in case we have any further questions.
  • What is Personal Information?

    What is Personal Information?

    Personal information is defined under FIPPA. It means recorded information about an identifiable individual. This can include, but is not limited to:

    • an individual’s biographical details (name, sex, age, race)
    • an individual’s biological details (face, fingerprints, blood type, etc.)
    • nationality
    • religion
    • marital status
    • education
    • medical or criminal history
    • financial information
    • identifying numbers, for example, Social Insurance Numbers
    • an individual’s contact details (personal address, phone number, etc.)
    • personal opinions and views.

If you have any questions or concerns, please contact the Privacy Office at