Skip to main content

Privacy Office

OVERVIEW

The Board of Education of School District No. 36 (Surrey) ("SD36", "Surrey Schools", "the District") is subject to the Freedom of Information and Protection of Privacy Act of BC ("FIPPA", "FOI") and the School Act of BC ("the School Act") when handling personal information.

PRIVACY MANAGEMENT PROGRAM

The Privacy Management Program Direction issued by the provincial government details the key components of a privacy management program (PMP) for public sector organizations. The below information provides an overview of the SD36 PMP.

  • Privacy Officer: Simon Ayres, Email: privacy@surreyschools.ca.

    The Privacy Officer is responsible for being a point of contact for privacy-related matters such as privacy questions or concerns; supporting the development, implementation, and maintenance of privacy policies and/or procedures; and supporting the public body's compliance with FIPPA.

    How to contact the Privacy Office:

    1. Submit any privacy questions, concerns or complaints to the Privacy Officer in writing at email: privacy@surreyschools.ca.
    2. Requests for access to records under FIPPA can be submitted using the Surrey Schools FIPPA Request Form.
    3. Requests for employment information related to legal actions should be forwarded to the Surrey Schools Human Resources department.
  • All SD36 staff are required to complete a mandatory Privacy Training course to ensure they understand their responsibilities under FIPPA. Other education and awareness activities are provided, as required.

  • Public bodies are responsible for informing service providers of their privacy obligations when handling personal information.

    Privacy reviews and, where necessary, Privacy Impact Assessments are completed for contracts to identify and mitigate risks associated with service provider management of personal information. Service provider contract language includes, but is not limited to, appropriate information use, disclosure, and disposal; security and training requirements; and notice to SD36 in the event of a privacy-related contract breach.

image description
Back to top