Privacy Office
OVERVIEW
The Board of Education of School District No. 36 (Surrey) ("SD36", "ÁñÁ«ÊÓƵ", "the District") is subject to the ("FIPPA", "FOI") and the ("the School Act") when handling .
PRIVACY MANAGEMENT PROGRAM
The issued by the provincial government details the key components of a privacy management program (PMP) for public sector organizations. The below information provides an overview of the SD36 PMP.
Privacy Officer
Privacy Officer: Simon Ayres, Email: privacy@surreyschools.ca.
The Privacy Officer is responsible for being a point of contact for privacy-related matters such as privacy questions or concerns; supporting the development, implementation, and maintenance of privacy policies and/or procedures; and supporting the public body's compliance with FIPPA.
How to contact the Privacy Office:
- Submit any privacy questions, concerns or complaints to the Privacy Officer in writing at email: privacy@surreyschools.ca.
- Requests for access to records under FIPPA can be submitted using the .
- Requests for employment information related to legal actions should be forwarded to the ÁñÁ«ÊÓƵ Human Resources department.
Privacy Impact Assessments/Information Sharing Agreements
of FIPPA provides guidance to public sector organizations regarding the use of Privacy Impact Assessments (PIA) and Information-Sharing Agreements (ISA).
details the SD36 process for completing and documenting privacy impact assessments. Information-sharing agreements are developed for individual initiatives, as required.
Privacy Complaint and Privacy Breach Processes
Direct all privacy complaints to the Privacy Officer at email: privacy@surreyschools.ca.
A privacy breach means the theft or loss, or the collection, use or disclosure of personal information in the custody or control of a public body that is not authorized under FIPPA.
details the district process for responding to privacy breaches.
Privacy Awareness and Education
All SD36 staff are required to complete a mandatory Privacy Training course to ensure they understand their responsibilities under FIPPA. Other education and awareness activities are provided, as required.
Privacy Policies and Procedures
The Privacy policy and associated procedures set out the district's commitment, standards and expectations regarding the appropriate practices for the collection, use, and protection of .
Service Provider Management
Public bodies are responsible for informing service providers of their privacy obligations when handling .
Privacy reviews and, where necessary, are completed for contracts to identify and mitigate risks associated with service provider management of personal information. Service provider contract language includes, but is not limited to, appropriate information use, disclosure, and disposal; security and training requirements; and notice to SD36 in the event of a privacy-related contract breach.
Monitoring and Updating the PMP
SD36 monitors, assesses, and revises its PMP regularly and consistently to ensure it is compliant with FIPPA requirements.