Privacy

A Privacy Management Program (PMP) is vital to ensuring the district is accountable and transparent with respect to their management of personal information. A PMP promotes trust by assuring information sharing partners and the public that the district is protecting the personal information in its custody or under its control. The district’s privacy management program comprises existing Board policies and administrative practices.

Definition of Terms

“employee” has the same meaning as in FOIPPA;

“head” has the same meaning as in FOIPPA;

“privacy breach” has the same meaning as in FOIPPA; 

“personal information” has the same meaning as in FOIPPA; 

“public body” has the same meaning as in FOIPPA;

“service provider” has the same meaning as in FOIPPA.

Privacy Management Program Components

Designated Privacy Officer

The PMP Directions require that the head of the public body appoint a privacy contact. 

The Director of Corporate Services is designated as the Privacy Officer and is responsible for: being a point of contact for privacy-related matters such as privacy questions or concerns; supporting the development, implementation, and maintenance of privacy policies and/ or administrative practices; and supporting the district’s compliance with FOIPPA. 

Privacy Impact Assessments

As defined under section 69 of FOIPPA, an information-sharing agreement (ISA) is an agreement that sets the conditions on the collection, use or disclosure of personal information by the parties to the agreement.

Administrative Practice I2 Privacy Impact Assessments details the district’s approach to Privacy Impact Assessments (PIAs).

Information-Sharing Agreements

As defined under section 69 of FOIPPA, an information-sharing agreement (ISA) is an agreement that sets the conditions on the collection, use or disclosure of personal information by the parties to the agreement.

Administrative Practice I3 Information Sharing Agreements provides guidance regarding Information-Sharing Agreements (ISAs).

Privacy Complaints and Privacy Breaches

A privacy breach is the theft or loss of personal information, or the access, collection, use or disclosure of personal information in the custody or control of a public body that is not authorized by FOIPPA. A privacy complaint is a complaint from an individual about a breach of their own personal information and are to be directed to the Privacy Officer

Note that a privacy breach is not limited to written or recorded information. Personal information that is breached verbally may need to be responded to in the same manner as other breaches. 

Administrative Practice I4 Information Technology Access and Security establishes security safeguards for appropriate use of the District’s Information Technology System.

Administrative Practice I1 Responding to Breeches of Privacy provides guidance regarding addressing breaches of privacy. 

Privacy Awareness and Education Activities

The district engages in privacy awareness and education activities during the onboarding phase of employment for each employee to ensure employees are aware of their privacy obligations. 

Delivery of awareness and education during employee onboarding and throughout the school year include (and not limited to):

• FOIPPA Foundations certification for each employee (to be completed prior to first day worked)
• New Employment Orientation (shared responsibilities for protection of privacy/information)
• Quick reference posters at each worksite (staff rooms / copy rooms)
• Terms of Acceptable Use Consent Forms (signed and kept on file for each employee) - IN PROGRESS/ADMIN PRACTICE NOT YET FINALIZED
• Regular email information updates/news (provided monthly by Info Tech department)

To specifically support use of copyrighted materials by staff, the district has developed Administrative Practice I5 Copyright and Fair Dealing.

Accessing Privacy Practices And Policies 

Administrative practices related to the protection of privacy are available to staff and the public on the district website.

Personal Information Directory

The Freedom of Information and Protection of Privacy Act (FOIPPA) is the privacy legislation applicable to B.C. public bodies. Section 69 of FOIPPA requires public bodies to publish a directory of personal information holdings including personal information banks.

The purpose of the Personal Information Directory (PID) is to document the management of personal information holdings of the district and to assist the public in identifying the location of personal information about them.

The Freedom of Information and Protection of Privacy Act requires that, at the time of collection, an individual must be informed as to the reason and of the authority for collection and be provided with an appropriate person within the organization to contact.

Administrative Practice I6 Personal Information Directory houses the district’s directory in accordance with the act.

Informing Service Providers of Privacy Obligations 

Letters of Understanding and/or contracts with service providers will include privacy obligations effective February 1, 2023.

Administrative Practice I7 Approval of Software and Apps contains language suitable for the inclusion within contracts.

Monitoring & Updating the PMP

Policies and administrative practices will be reviewed annually, and updates will be completed in a timely fashion no later than June 30th of each calendar year.

Contact

District Privacy Department

phone: 250-537-5548  ext. 0205 

email: sd64privacy@gulfislandssecondary.ca

Privacy Head Jesse Guy, Secretary Treasurer

email: jguy@gulfislandssecondary.ca

Privacy Officer Lori Deacon,

Director of Corporate Services

email: ldeacon@gulfislandssecondary.ca