Safeguards & Protections
MHC uses a combination of administrative, technical, and physical safeguards to protect personal information. The following safeguards are designed to prevent unauthorized access, use, or disclosure, while still allowing information to be used appropriately to support learning, college operations, and student success.
The college has governance measures in place to support the responsible use of artificial intelligence (AI) and automated systems. These measures are designed to ensure that personal information is used appropriately, that risks are considered, and that human oversight is maintained where decisions may have a significant impact on individuals.
Use of these technologies is guided by privacy, security, and ethical considerations to ensure compliance and to support the responsible use of information across the college.
When personal information is collected and will be used in automated processing or AI-supported decision-making, individuals are informed through the applicable collection notice. This ensures transparency about how information will be used at the point it is collected.
The college uses a data classification framework to help ensure personal and other institutional information is protected in a way that is appropriate to its sensitivity and importance. This approach supports compliance by ensuring that safeguards are aligned with the type of information being handled. Copies are available upon request.
Each classification level outlines the requirements for how information must be handled, stored, accessed, and shared. This provides clear guidance to employees and helps ensure consistent protection of information across all college systems and operations.
Personal information is collected only when it is necessary for an authorized purpose. At the time of collection, individuals are informed of the purpose for which their information is being collected through a collection notice.
Collection notices explain what information is being collected, the purpose of the collection, and the legal authority under which it is collected, supporting transparency and compliance with legislative requirements.
In some situations, the college may request consent before personal information is disclosed or used for purposes beyond its original intent. Consent is typically asked for where use or disclosure is not required but is requested for optional or discretionary purposes.
Examples may include providing a reference, sharing information with a third party at the request of an individual, or using photographs for promotional purposes.
Where consent is requested, it is obtained in a clear and informed manner, and individuals are provided with enough information to understand how their personal information will be used or shared. Consent may be written, electronic, or verbal depending on the situation, and individuals may choose whether or not to provide consent without affecting their access to college services, unless consent is required for a specific activity.
The college maintains processes to guide when consent is required and how it is documented.
The college may use non-personal, aggregated, or anonymized data to support planning, reporting, research, and service improvement. This information may be derived from personal information but is processed so that individuals are not identifiable.
Where personal information is used to create anonymized or aggregated datasets, the college applies safeguards to reduce the risk of re-identification. These practices support the requirement under Alberta’s Protection of Privacy Act for public bodies to take reasonable measures to protect personal information and limit risks associated with its use and disclosure.