1. | PURPOSE1.1. | As a public body that is subject to the British Columbia Freedom of Information and Protection of Privacy Act (“FIPPA”), District No 36 (Surrey) (the “district”) is committed to upholding the principles of privacy, transparency, and accountability. | 1.2. | The district recognizes the fundamental importance of maintaining the privacy and security of the personal information that it collects, uses, and discloses during its operations and programs. | 1.3. | The district also acknowledges and supports transparency with the community by facilitating access to district records and information in accordance with the requirements of FIPPA. |
|
2. | DEFINITIONS2.1. | Where used in this procedure, the following terms have the following meanings:
a) | “consent” means express written consent to the collection, use or disclosure of personal information. | b) | “FIPPA” means the Freedom of Information and Protection of Privacy Act of BC, and procedures thereto. | c) | “personal information” means recorded information about an identifiable individual but excludes a person’s business contact information. | d) | “procedures” means the procedures enacted by the of the district under its Privacy Policy. | e) | “records” include any paper or electronic media used to store or record information, including all paper and electronic records, books, documents, photographs, audio or visual records, computer files, email and correspondence. | f) | “staff” means all persons employed or engaged by the district to carry out its operations and includes independent contractors and volunteers. |
|
|
3. | PRINCIPLES3.1. | District staff are responsible for:- Making reasonable efforts to familiarize themselves with this procedure and the requirements of FIPPA, including by participating in privacy training initiatives offered by the district.
- Following responsible information management practices to ensure that the district collects, uses, and discloses personal information in compliance with FIPPA and other applicable laws.
- Protecting personal information against unauthorized collection, use and disclosure, including by limiting the sharing of sensitive personal information on a need-to-know basis.
- Cooperating with district procedures to facilitate the appropriate release of records within its custody or control in response to access requests received from members of the community under FIPPA.
- Reporting privacy breaches to the district in accordance with procedure 5700.2.
- Cooperating with the district procedure 5700.3 for the completion of privacy impact assessments
|
|
4. | ACCOUNTABILITY4.1. | The Superintendent has been designated by the Board of Education as “Head” of the public body for the purposes of FIPPA. | 4.2. | The Superintendent has designated the Privacy Officer with responsibility for the supervision and ongoing management of the Privacy Management Program. |
|
5. | COMMITMENT TO PRIVACY PROTECTION5.1. | The district protects the privacy of students, staff, and individuals whose personal information it collects, uses, shares, and retains and expects all staff to follow responsible information management practices to ensure that the district fully complies with its obligations under FIPPA and other applicable laws. | 5.2. | The district respects the privacy and confidentiality of personal information entrusted to them in the course of their duties, and collects, uses, and discloses personal information only where authorized by FIPPA. |
|
6. | PURPOSES FOR COLLECTING PERSONAL INFORMATION6.1. | The district communicates the purposes for which personal information is collected at or before the time the information is collected, unless otherwise permitted or required by FIPPA. | 6.2. | In the ordinary course of carrying out its programs and activities, the district collects personal information of its students for purposes including:
a) | Registration, enrollment, and transfer of students. | b) | To provide and deliver educational programs and services. | c) | To accommodate students with special needs. | d) | To communicate with students and respond to inquiries or complaints. | e) | To prepare and provide assessments of student performance. | f) | To supervise and ensure the safety and security of the district (such as the use of video surveillance). | g) | To investigate and respond to accidents, safety events, misconduct, and similar incidents. | h) | To ensure compliance with applicable district bylaws, policies, and other laws. | i) | To make all required reports and filings to the Ministry of Education. |
| 6.3. | In the ordinary course of carrying out its employment programs and activities, the district collects the personal information of prospective, current, and former staff for purposes including:
a) | Hiring and recruitment. | b) | To manage and administer the employee relationship. | c) | To communicate with authorized union representatives. | d) | To administer employment compensation and benefits. | e) | To evaluate and manage disciplinary incidents. | f) | To supervise and ensure the safety and security of the district (such as the use of video surveillance). | g) | To investigate and respond to accidents, safety events, misconduct, and similar incidents. | h) | To ensure compliance with applicable district policies and procedures. | i) | For other purposes required under applicable laws. |
|
|
7. | COLLECTION, USE AND DISCLOSURE OF PERSONAL INFORMATION7.1. | The district limits the personal information it collects to information that is related to and necessary to carry out its programs and activities or for other purposes authorized by FIPPA. | 7.2. | The district seeks to collect personal information by fair, lawful, and transparent means, including by collecting personal information directly from the individual, except where otherwise authorized by FIPPA. | 7.3. | The district seeks to inform individuals from whom it collects personal information the purpose for which the information is being collected, the legal authority for collecting it and the name and contact information for someone at the district who can answer questions about the collection and use of the information. |
|
8. | SECURING PERSONAL INFORMATION8.1. | The district protects personal information by ensuring it has reasonable security safeguards in place which are appropriate to the sensitivity of the information. Such security safeguards shall include consideration of physical security, organizational security, and electronic security. | 8.2. | All staff have a duty to protect the privacy and security of personal information collected and used by them as part of their ongoing employment responsibilities, including by complying with the terms of the Privacy Policy and all associated procedures. | 8.3. | The district provides training to all staff to ensure they have the requisite knowledge to ensure compliance with the terms of this Procedure and FIPPA. |
|
9. | RETENTION9.1. | The district does not seek to retain personal information longer than necessary to satisfy the district’s applicable operational, instructional, financial, and legal needs. | 9.2. | Personal information that is no longer required for either administrative, operational, financial, legal, or historical purposes shall be securely destroyed in a confidential manner in accordance with district policies and approved record retention protocols. |
|
10. | ACCURACY AND CORRECTION 10.1. | The district shall make reasonable efforts to ensure the accuracy of the personal information that they collect and use while performing their duties. | 10.2. | Individuals have the right to request the correction of their personal information, and the district will receive and respond to such requests in accordance with FIPPA and the procedures of this procedure. |
|
11. | ACCESS TO INFORMATION 11.1. | The district supports appropriate transparency and accountability in its operations by making information available to the public as permitted or required under FIPPA. | 11.2. | The district shall, on at least an annual basis, consider and designate categories of records that will be made available to the public without the need to make a request in accordance with FIPPA. | 11.3. | The district recognizes that individuals may make requests for access to records within the custody and control of the district, and the district will respond to such requests in accordance with FIPPA and the procedures. | 11.4. | The district recognizes that individuals have a right to access their own personal information within the custody and control of the district and will facilitate such access in accordance with the requirements of FIPPA. |
|
12. | COMPLAINTS AND INQUIRIES12.1. | Questions or complaints about the district’s personal information management practices should be directed to the Privacy Officer at email: privacy@surreyschools.ca or phone: 604-596-7733. | 12.2. | The district will respond to all complaints in writing. | 12.3. | An individual who is not satisfied with the district’s practices or response regarding Personal Information may also write to the Information and Privacy Commissioner of British Columbia: Officer of the Information and Privacy Commissioner for British Columbia PO Box 9038, Stn. Prov. Govt. Victoria, BC V8W 9A4 Phone: (250) 387-4629 Fax: (250) 387-5629 Email: info@oipc.bc.ca. |
|
13. | REFERENCES AND RELATED DOCUMENTS 13.1. | Policy #5700 Privacy Policy | 13.2. | Procedure #5700.2 Privacy Impact Assessments | 13.3. | Procedure #5700.3 Privacy Breach Management |
|
14. | AUTHORITY AND RESPONSIBILITY 14.1. | Superintendent of Schools | 14.2. | Privacy Officer |
|
15. | HISTORY Revised: | 2023-09-13 2015-06-05 | Approved: | 1995-06-22 |
|