Privacy and the Protection of Personal Information

Our Commitment to Privacy 

At McGill University, we are committed to protecting the privacy, confidentiality, and Personal Information of all members of our community—students, faculty, staff, alumni, researchers, research participants, and visitors. In a digital and data-driven world, safeguarding Personal Information is a priority in all areas of university life, from academic services and research to administrative processes and online engagement. 

We process (that is, collect, use, communicate, retain, and destroy) personal information in accordance with Quebec’s Act Respecting Access to Documents Held by Public Bodies and the Protection of Personal Information (Access Act) and our Policy on the Governance of Personal Information, as well as other applicable privacy legislation.  

Our Privacy Principles 

McGill University’s approach to privacy is guided by Quebec’s Access Act. The following principles inform how we process Personal Information across all university activities. 

What Is Personal Information? 

Personal information is defined by the Access Act as any information that allows an individual to be identified, directly or indirectly. This includes names, contact information, identification numbers, educational records, demographic information or any data that could be used to identify someone, either directly or indirectly. 

Why we process Personal Information 

We process Personal Information only for purposes that are directly related to our academic, mission, and administrative activities. These may include the processing of Personal Information to: 

• Assess and administer applications, admissions, and enrolment
• Provide academic and career guidance, health and wellness services, and accommodations
• Manage financial transactions, scholarships, and awards
• Support research, teaching, and institutional planning
• Fulfill legal obligations, including reporting to government authorities
• Engage alumni and donors
• Ensure the security and functionality of our digital platforms

Personal Information is stored securely and accessed only by authorized personnel who require it for legitimate university purposes.  

To learn more about how McGill University processes Personal Information, please consult the McGill Privacy Notice and its Annex A.  

Privacy in Research 

McGill upholds rigorous standards in research ethics, including the protection of Personal Information in research involving human participants. All research projects that collect, use, or disclose Personal Information must comply with federal and provincial privacy regulations and receive approval from a McGill Research Ethics Board (REB). 

For details, visit the Research Ethics Board website. 

Online Privacy 

McGill’s websites, digital platforms, and online services may collect limited technical information (such as IP address, browser type, and usage patterns) to enhance functionality, improve user experience, and ensure system security. Where applicable, cookies or analytics tools may be used—but always in line with McGill’s privacy commitments. You can adjust your browser settings to control the use of cookies. 

For more information on how McGill uses cookies, please consult the McGill Cookies Notice. 

In addition, many of McGill’s digital services are hosted on cloud platforms. To ensure the protection of personal information and institutional data, McGill follows a rigorous Cloud Directive that governs the acquisition and use of cloud services. Only vetted and approved cloud platforms may be used for storing or processing sensitive data, and all services undergo privacy, IT risk, and contract assessments. 

For more information: 

• Cloud Services at McGill 
• Cloud Process: How-to 
• Approved and Rejected Cloud Services (login required)

Your Privacy Rights 

As a public institution, McGill recognizes and respects your rights to: 

• Access your Personal Information held by the University 
• Request corrections to inaccurate or incomplete Personal Information 
• Understand how and why your Personal Information is processed 

To learn more about how McGill University processes Personal Information and your rights, please consult the McGill Privacy Notice and its Annex A.  

Privacy Officer 

Responsibility for privacy and access to information rests with the Secretary-General, who serves as McGill’s Privacy Officer and is also the person designated to respond to access requests under the Access Act. 

Complaints 

McGill University is committed to addressing privacy-related concerns promptly and respectfully. 
If you believe your Personal Information has not been handled in accordance with applicable laws or University policies, you may submit a complaint to the Access and Privacy Office using our Privacy Complaint Form. 

The Access and Privacy Office will: 

• Investigate complaints diligently, promptly, and confidentially; 
• Provide a written response within 30 business days; and 
• Take appropriate corrective measures, where warranted, to mitigate risk and prevent recurrence. 

Contact Us 

If you have questions about how McGill processes Personal Information, or wish to make a privacy-related request, please contact the Access to Information and Privacy Office at any of the following coordinates: 

Email: privacy.secretariat [at] mcgill.ca  

Phone: 514-398-4719 

Mail: Privacy Manager, James Administration Building, Room 313, 845 Sherbrooke Street West, Montreal, Quebec H3A 0G4 

Related Policies 

• Policy on the Governance of Personal Information 
• Policy on the Responsible Use of McGill Information Technology Resources  
• McGill University Records Retention Schedule (MURRS)   
• Cloud Directive   
• Policy on Data Governance
• Standard on Enterprise Data Classification  
• Standard on Enterprise Data Governance   
• Regulation on the Conduct of Research   
• Policy on the Ethical Conduct of Research Involving Human Participants