Privacy Management Program

A Privacy Management Program is an evolving set of policies, procedures and tools developed by a public body to enable systematic privacy protection throughout the personal information lifecycle.

Section 36.2 of the Freedom of Information and Protection of Privacy Act (FIPPA) requires each public body to develop a Privacy Management Program (PMP).

The components each public body is expected to include in their privacy management program are:

Designating a Privacy Contact person

As required under section 76.1 of the Freedom of Information and Protection of Privacy Act, the Board designates the Superintendent as the official head for the purposes of the Act.

As permitted under section 76.1(b) of the Act, the Board authorizes the Secretary-Treasurer to administer the Act and make operational decisions.

For any privacy related matters, please contact the District Privacy Officer [email protected] or call (250) 770-7700.

When might you need to contact the Privacy Officer?

Questions or concern regarding the accuracy and/or correction of personal information
Permitting individuals to access their own personal information (held by the school district)
Consent
Collection notices
Records Retention and disposal schedules
Reasonable security for the personal information in the public body's custody or under its control
Completing or obtaining Privacy Impact Assessments (PIA)

Privacy Impact Assessments and Information Sharing Agreements

The District maintains Information Sharing Agreements (ISAs) with various organizations such as Interior Health and private contractors used for school photos or yearbooks. The School District does not provide student or employee personal information with third parties unless otherwise specified through a multi-step approval process for the use of software or applications needed for learning or business purposes.

Administrative Procedure 182 - Privacy Impact Assessments

Privacy Impact Assessments

Privacy Complaints and Privacy Breaches

Privacy Practices and Policies

Informing Service Providers of Privacy Obligations

When service providers handle personal information related to the provisions of services for a public body, the public body must inform them of their privacy obligations. Contracts are one way to demonstrate privacy obligations for service providers.

PIAs are another useful tool to demonstrate how public bodies and service providers can meet their privacy obligations. By completing a PIA, a public body can assess the services, confirm compliance for such things as collection, use and disclosure of personal information under FIPPA, and identify privacy risks.

Privacy training, policies, and procedures will also support a service provider in complying with their privacy obligations when providing services for a public body.

Monitoring and Updating