Advice notice on routine access to personal records Maynooth University
Under the Freedom of Information Acts all records, including records containing personal information, under the control of the University may be accessed.
We are in an era of openness and transparency. As staff members we are therefore encouraged to readily make appropriate information available and provide assistance to students and staff members toaccess their records. Access to personal records should therefore generally be provided routinely to the student and staff in question. However, information concerning students and staff must not be released to another person without the explicit consent of the student or staff member. Confidentiality of personal records is paramount and we are all personally responsible for safeguarding the privacy rights of students and staff members.
Where access to a record cannot be provided, the student or staff member should be informed of this sand advised of the option of making an application under the Freedom of Information Acts. Certain information may be of such a sensitive nature that requests for access will only be dealt with under the Freedom of Information legislation.
This advice notice can be used as a reference or a guide together with any existing good practices that are already in place regarding access to information.
The University supports the right of students and staff to see information that is held about them. Access to records and information held may be sought by a number of different means, e.g.
- Discussion between staff/students and staff member and information provided routinely.
- Freedom of Information Acts.
The term “Personal Information” used in these guidelines is defined as being personal to the student or staff member and would ordinarily be known only to the student or staff member or his/her family or friends and is held by a public body on the understanding that it would be treated as confidential.
- Personal information includes information relating to:
- educational, medical, psychiatric, or psychological history
- financial affairs of students and staff members
- employment and employment history
- criminal history
- religion, age, sexual orientation or marital status
- social welfare entitlements
- assessment of liability to pay tax or duty to the exchequer
- property of the students and staff
- name, symbol or code identifying students or staff in public records containing personal information
- views or opinions of another person about students or staff.
These guidelines also refer to the members of Governing Authority including non-staff members.
Personal information for staff and Governing Authority members does not include:
- name of staff or Governing Authority member
- information relating to office/position held
- terms of occupancy of position or terms of the contract
- anything written or recorded by a staff member or Governing Authority member in the course of performing their functions of office or position.
This type of information may be released by the University, subject to the need to protect the public interest and confidentiality.
The words “health records” used in these guidelines in relation to students and staff includes the clinical or any other form of health/social/counselling information about students or staff held in any material form e.g. paper, database, etc. by the University.
The classes of personal information which may be held by the University includes:
Academic records (includes exam scripts)
Personnel and related records
- Students and Staff – Academic, administrative, personnel and related records.
Students and staff may seek access to records containing personal information about them in writing, by phone or by calling to the department in question.
- In all cases students and staff should be advised that the department will contact them within a few days. Routine access to personal records
- The records must be thoroughly checked (See “Exceptions to routine access” below) to ensure that the student or staff member can be given access routinely and approval to release of the records must be given by the head of department/office.
Students and Staff – Health records (including psychiatry, social work and counselling records).
Students and staff may seek access to records containing personal information about them in writing, by phone or by calling to the department or office in question.
- In all cases students and staff should be advised that the department will contact them within a few days.
- The appropriate health professional must be advised and they will decide if the student or staff member can be given access routinely.
- It is advisable that, where possible, the professional meets with the student or staff member to discuss the records.
- The student or staff member should be contacted and given an appropriate appointment time to call to the department/office to view and discuss their records and/or receive a copy of their records.
- Prior to the student or staff member accessing the records it is essential that the student/staff member provides authentic identification if he/she is not personally known to the department.
- If it is felt that access should not be provided to certain information contained in the record, the student/staff member should be advised of their right to request access to the records under the Freedom of Information Act 1997 and given assistance if appropriate to do so. (See “Exceptionsto routine access” below)
Third party requests.
A request for access to records from third parties containing personal information about students or staff should never be given without the explicit consent of the student or staff. The “Contact with Third Parties, University Code of Practice” must be adhered to when dealing with third party requests.
Requests by Legal Representatives.
A request for access to records from a solicitor containing personal information about students or staff members should not be given without the explicit consent of the student or staff member.
Records of deceased.
All applications for access to deceased person’s records (students and staff) should be processed
under the Freedom of Information Act 1997.
Exceptions to routine access
If a Head of Department/office believes that access should not be provided to certain information in records containing personal information, the student or staff member should be advised accordingly and assisted in making a request under the Freedom of Information Acts.
The following are examples of personal records that must not be released routinely.
- Records containing personal information relating to deliberations of an investigation, allegations, complaints and other such information.
- Records containing personal information of a deceased person.
- Records containing personal information where it is considered that access could be prejudicial to the physical or mental well-being or emotional condition of the person.
- Records containing personal information where it is considered that the record contains information about a third party or information received in confidence from a third party.
- Records containing sensitive information.
Except on the instruction of a Court or the Information Commissioner original records should not be released from the possession of the University. Where release of original records is required a copy should always be retained.
An employee or agent of the University must not disclose, directly or indirectly, any information acquired by reason of being such an employee or agent, if a person who is, or has been a student or member of staff is identified from that information.
The previous paragraph does not apply:-
- To the giving of any information that the employee or agent (including the Law Agents of the
University) is expressly authorised or permitted to give under the Freedom of Information Acts or any other Act or that is required by operation of law;
- To the giving of information with the prior consent of the person to whom it relates or, if that person has died, with the consent of the senior available next of kin of that person.
An individual who has been an employee or agent of the University must not disclose, directly or indirectly, any information acquired by reason of being such an employee or agent which, at the time when that individual ceased to be such an employee or agent, it was his or her duty not to disclose.
Proof of identity required for access to personal records
- Where access to personal information is sought by a student or staff member the identity of that applicant must be verified. This requires that the person furnish documentary evidence of proof of identity. The stringency of verification procedures required will vary according to the nature of the document(s) requested and the sensitivity of the personal information recorded on the document.
- As a general rule, such matters as political and religious affiliations, criminal record, medical history, racial origin and financial details are considered to be the most sensitive of data. In such matters, greater care should be taken with identification procedures.
- The discretion to determine whether an applicant is providing sufficient proof of identity when seeking access to personal records rests with the head of the department/office. Therefore, there are no mandatory rules to apply and it is recommended that heads of departments/offices adopt a common sense approach to each request, especially where a student or staff member is well known to the department/office.
The documents considered to be the most reliable or “primary” identification documents from experience in other jurisdictions are:
- original birth certificate and /or
- current passport;
- a current drivers or provisional licence issued by the relevant Licensing Authority
naturalisation citizenship’s certificate
Other documents, which are considered to be reasonable evidentiary value, are:
- student cards or official identification card from a public body of the state.
- official identification card issued by the Department of Social Community and Family Affairs.
- a marriage certificate.
- a degree, school examination certificate or report that is less than 2 years old from an Irish school, college or university.
- overseas passport with current entry permit.
In addition to the above:
- Where access to personal information is requested by post, the identity of the applicant should be verified by a certified copy of one or several of the primary identification documents listed above. The requested information should then be sent to the applicant by “Acknowledged Receipt- Registered”. This ensures a signed receipt is returned to sender upon delivery to the applicant.
The Information Commissioner
The office of the Information Commissioner was established under of the Freedom of Information Acts and as such has a statutory right of access to records held by public bodies covered by the Act including Universities. The Commissioner may in the course of his deliberations, Routine access to personal records seek further information, require any person to hand over relevant documents in their possession and if necessary enter any premises occupied by a public body, to obtain the necessary access to the records concerned.
The Information Commissioner also has a statutory review function in relation to requests for access to records/information under of the Freedom of Information Acts.
Updated June 2016