Privacy Office
OVERVIEW
The Board of Education of School District No. 36 (Surrey) ("SD36", "Surrey Schools", "the District") is subject to the Freedom of Information and Protection of Privacy Act of BC ("FIPPA", "FOI") and the School Act of BC ("the School Act") when handling personal information.
PRIVACY MANAGEMENT PROGRAM
The Privacy Management Program Direction issued by the provincial government details the key components of a privacy management program (PMP) for public sector organizations. The below information provides an overview of the SD36 PMP.
Privacy Officer
Privacy Officer: Simon Ayres, Email: privacy@surreyschools.ca.
The Privacy Officer is responsible for being a point of contact for privacy-related matters such as privacy questions or concerns; supporting the development, implementation, and maintenance of privacy policies and/or procedures; and supporting the public body's compliance with FIPPA.
How to contact the Privacy Office:
- Submit any privacy questions, concerns or complaints to the Privacy Officer in writing at email: privacy@surreyschools.ca.
- Requests for access to records under FIPPA can be submitted using the Surrey Schools FIPPA Request Form.
- Requests for employment information related to legal actions should be forwarded to the Surrey Schools Human Resources department.
Privacy Impact Assessments/Information Sharing Agreements
Section 69 of FIPPA provides guidance to public sector organizations regarding the use of Privacy Impact Assessments (PIA) and Information-Sharing Agreements (ISA).
Procedure 5700.2 - Privacy Impact Assessments details the SD36 process for completing and documenting privacy impact assessments. Information-sharing agreements are developed for individual initiatives, as required.
Privacy Complaint and Privacy Breach Processes
Direct all privacy complaints to the Privacy Officer at email: privacy@surreyschools.ca.
A privacy breach means the theft or loss, or the collection, use or disclosure of personal information in the custody or control of a public body that is not authorized under FIPPA.
Procedure 5700.3 - Privacy Breach Management details the district process for responding to privacy breaches.
Privacy Awareness and Education
All SD36 staff are required to complete a mandatory Privacy Training course to ensure they understand their responsibilities under FIPPA. Other education and awareness activities are provided, as required.
Privacy Policies and Procedures
The Privacy policy and associated procedures set out the district's commitment, standards and expectations regarding the appropriate practices for the collection, use, and protection of personal information.
Service Provider Management
Public bodies are responsible for informing service providers of their privacy obligations when handling personal information.
Privacy reviews and, where necessary, Privacy Impact Assessments are completed for contracts to identify and mitigate risks associated with service provider management of personal information. Service provider contract language includes, but is not limited to, appropriate information use, disclosure, and disposal; security and training requirements; and notice to SD36 in the event of a privacy-related contract breach.
Monitoring and Updating the PMP
SD36 monitors, assesses, and revises its PMP regularly and consistently to ensure it is compliant with FIPPA requirements.