A PMP is an evolving set of policies, procedures and tools developed by a public body to enable systematic privacy protection throughout the personal information lifecycle
Section 36.2 of the Freedom of Information and Protection of Privacy Act (FIPPA) requires each public body to develop a privacy management program (PMP). A PMP is an evolving set of policies, procedures and tools developed by a public body to enable systematic privacy protection throughout the personal information lifecycle.
As of February 1, 2023, B.C.’s Freedom of Information and Protection of Privacy Act (FIPPA) requires all public bodies to develop a PMP in accordance with mandatory PMP directions issued by the Minister of Citizens’ Services. The district’s PMP in full detail is posted below.
As required under section 76.1(a) of the Freedom of Information and Protection of Privacy Act, the Board designates the Superintendent of Schools as the official head of the school district for the purposes of the Act.
As permitted under section 76.1(b) of the Freedom of Information and Protection of Privacy Act, the Board authorizes the Director of Human Resources to administer the Act and make operational decisions.
For any privacy related matters, please contact the Privacy Officer at [email protected] or by calling (250) 624-6717.
When would you need to contact the Privacy Officer?
- Question or concern on the accuracy and/or correction of personal information
- Permitting individuals to access their own personal information (held by the school district)
- Consent
- Collection notices
- Records Retention and disposal schedules
- Reasonable security for the personal information in the public body’s custody or under its control
- Completing or obtaining privacy impact assessments (PIAs)
- REGULATION 6720-10 Privacy Impact Assessment
- A List of our Current Impact Assessments (PIA’s) will be attached when complete. Please see Privacy Officer for requests.
- A privacy impact assessment (PIA) is a step-by-step review process to make sure the school district protects the personal information it collects or uses for business and/or educational purposes.
- Section 69 (5) of the Freedom of Information and Protection of Privacy Act (FOIPPA) requires the school district to conduct a PIA when a project involves Personal Information and if so, how it will protect the information it collects or use in a project.
- Learn more about privacy principles for keeping information safe in B.C.
- The district maintains Information Sharing Agreements (ISAs) with various organizations such as Northern Health and private contractors used for school photos or yearbooks. The school district does not provide student or employee personal information with third parties unless otherwise specified through a multi-step approval process for the use of software or applications needed for learning or business purposes.
- REGULATION 6720-10 Privacy Impact Assessment
– Regulation 6720-30 – Critical Incident and Privacy Breach
If you have a privacy concern or would like to make a freedom on information request, please contact the Privacy Officer at [email protected] or (250) 626-6717.
Privacy training and awareness helps employees identify personal information, understand their privacy obligations, and are an important part of breach prevention.
What is considered personal information?
Personal information includes information that can be used to identify an individual through association or inference. Some examples are:
- Name, age, sex, weight, height
- Home address and phone number
- Race, ethnic origin, sexual orientation
- Medical information
- Human resources information
The following privacy topics for education activities are relevant for most public bodies:
- An understanding of what constitutes personal information.
- Appropriate collection, use and disclosure of personal information.
- Reasonable security measures and access controls to protect personal information.
- Identification and reporting of privacy breaches and privacy complaints.
Training on the following topics may also be included:
- Privacy impact assessments.
- Privacy and security requirements for storage of sensitive personal information outside of Canada.
Employees in the school district with access to student or employee personal information are subject to FIPPA training and final test.
Privacy related policies or procedures are published on the school district’s website and are also listed below.
LINKS TO POLICY AND REGULATIONS
- Board Governance Policy 6720 – Privacy Policy
- Regulation 6720-10 – Personal Information Management Program
- Regulation 6720-20 – Privacy Impact Assessments
- Regulation 6720-30– Critical Incident and Privacy Breach
- Board Governance Policy 6710 – Records Management Policy
- Regulation 6710-10 – Records Management Regulation
- Regulation 6710-20– Student Records Regulation
- Board Governance Policy 3350 – Acceptable use of Technology Policy
- Regulation 3350-20 – Acceptable use of Technology Regulation
- Regulation 3350-40 – Data and Security Privacy Regulation
- Board Governance Policy 3420 – Video Surveillance Policy
- Regulation 3420-10 – Video Surveillance Regulation
When service providers handle personal information related to the provision of services for a public body, the public body must inform them of their privacy obligations. Contracts are one way to demonstrate privacy obligations for service providers. (See Information Sharing Agreements above)
PIAs are another useful tool to demonstrate how public bodies and service providers can meet their privacy obligations. By completing a PIA, a public body can assess the services, confirm compliance for such things as collection, use and disclosure of personal information under FOIPPA, and identify privacy risks.
Privacy training, policies and procedures will also support a service provider in complying with their privacy obligations when providing services for a public body. (See sections above)
The school district will continue to review its PMP and ensure its relevancy on an annual basis. New or updated information from the Province of B.C. or the Office of the Information and Privacy Commissioner will be added as it becomes available.