Privacy is at the heart of K-12 excellence.
Ensuring privacy is a shared goal, yet navigating its complexities and ever-evolving landscape can be daunting. Here, we simplify the journey and empower you to create a district-wide privacy culture that safeguards personal information and engenders trust.
Members: Login to discover an overview of public sector privacy obligations paired with a manual to help guide you through the implementation of a Privacy Management Program (PMP).
School District Obligations
In British Columbia, the Freedom of Information and Protection of Privacy Act (FIPPA) stands as the cornerstone legislation, ensuring that governmental bodies, including school districts, adhere to stringent rules and standards for personal information protection. Given the trust we place in these institutions, it’s paramount that our data is collected, utilized and safeguarded with the utmost integrity.
Public organizations in BC, including school districts, are subject to oversight from the Office of Information and Privacy Commissioner (OIPC) for their privacy management practices.
For deeper insight into this legislation, explore:
- Privacy Management Direction (Province of BC)
- Accountable Privacy Management in B.C.’s Public Sector (OIPC)
- Privacy Management Program Guidance for B.C. Public Bodies (Government of BC)
Seven Components of Privacy Management Program (PMP)
Section 36.2 of FIPPA mandates the creation of a Privacy Management Program (PMP), which is essentially an evolving set of policies, procedures and tools, for all BC public bodies. These obligations have been summarized in a Privacy Management Program Direction issued by the Minister of Citizens’ Services in February 2023.
The PMP Direction mandates that a Privacy Management Program should be comprised of seven components:
The Components
1
Designate a Privacy Officer
Appoint a privacy contact to address privacy concerns, oversee the creation and management of privacy guidelines, and ensure organizational compliance with FIPPA.
2
Privacy Impact Assessments & Information-Sharing Agreements Processes
Create a process for completing Privacy Impact Assessments as required & Information Sharing Agreements as appropriate under FIPPA.
3
Privacy Complaint & Breach Processes
Develop processes for responding to privacy complaints and privacy breaches.
4
Privacy Awareness & Education
Help employees identify personal information, understand their privacy obligations, and their role in privacy breach prevention.
5
Privacy Policies & Procedures
Develop policies and procedures that outline the principles and processes of the organization related to privacy compliance.
6
Service Provider Management
Inform service providers of their privacy obligations when handling personal information on behalf of a public body.
7
Monitoring & Updating the PMP
Keep Privacy Management Programs up-to-date to align with FIPPA and current operating practices.
Privacy Management Program Manual
We have gathered all the resources in one place to help guide those responsible for creating a Privacy Management Program. Our PMP manual is available to download or for those wishing to peruse the seven components and resources online, we also have them available individually via the links above.
Featured Resources
Freedom of Information & Protection of Privacy Act Overview
Learn about the legal privacy obligations that apply to school districts.
The Freedom of Information and Protection of Privacy Act (FIPPA) is a legal framework that guides access to public sector information and safeguards personal privacy. It grants individuals the right to obtain records from government bodies, enhancing transparency, while also enforcing strict rules on how these bodies handle personal data, only allowing collection, use, and sharing under specific, lawful circumstances. FIPPA's core is to promote open governance while respecting privacy rights, detailing when information should be released or withheld.
