The purpose of the qathet Regional District (qRD)’s Privacy Management Program (PMP) is to describe how the qRD collects, uses, discloses, and protects personal information. This program outlines how the qRD will ensure personal information is managed in accordance with the Freedom of Information and Protection of Privacy Act (FIPPA). The qRD’s PMP contains information for the public including the qRD’s Privacy Lead, processes relating to Privacy Impact Assessments (PIA) and Information Sharing Agreements (ISA), processes for privacy breaches, privacy awareness training and education within the organization, a list of policies relating to privacy management, and processes for informing third parties that work with the qRD of their privacy obligations.
Questions regarding this program or any qRD privacy related matters can be directed to Michelle Jones, Corporate Officer, via email at administration@qathet.ca or via phone at 604-485-2260.
Background
The Freedom of information and Protection of Privacy Act (FIPPA), Section 26 states that personal information may be collected only if such collection is authorized by or under legislation, essential for operating programs or activities, or collected for law enforcement purposes. A public body may collect personal information only if:
- The collection of the information is expressly authorized under an Act;
- The information is collected for the purposes of law enforcement;
- The information relates directly to and is necessary for a program or activity of the public body with respect to personal information collected for a prescribed purpose:
- The individual the information is about has consented in the prescribed manner to that collection; and
- A reasonable person would consider that collection appropriate in the circumstances;
- The information is necessary for the purpose of planning or evaluating a program or activity of a public body;
- The information is necessary for the purpose of reducing the risk that an individual will be a victim of domestic violence, if domestic violence is reasonably likely to occur;
- The information is collected by observation at a presentation, ceremony, performance, sports meet or similar event:
- At which the individual voluntarily appears; and
- That is open to the public; or
- The information is personal identity information that is collected by:
- A provincial identity information services provider and the collection of the information is necessary to enable the provincial identify information services provider to provide services under section 69.2.
- A public body from a provincial identity information services provider and the collection of the information is necessary to enable:
- The public body to identify an individual for the purpose of providing a service to the individual; or
- The provincial identity information services provider to provide services under section 69.2.
Part 3 Division 4 of FIPPA outlines that the Privacy Head of an organization must develop a privacy management program and processes for privacy breach notifications for the public body, and must do so in accordance with the directions of the minister responsible for FIPPA.
Under Section 69 (6) of FIPPA, public bodies are required to create and maintain a Personal Information Directory (PID), which lists the specific collections of personal information maintained by the public body, including a directory of personal information banks (PIB).
This requirement helps to ensure that public bodies, including school districts, are maintaining an appropriate inventory of the personal information maintained by their programs and departments. It also assists members of the public to understand what personal information public bodies maintain, and in this sense supports transparency in data management practices.
Section 69 (6) of FIPPA also provides that the PID must be made available to the public and set out the following information about each PIB:
- Its title and location;
- A description of the kind of personal information and the categories of individuals whose personal information is included;
- The authority for collection of the personal information;
- The purpose for which the personal information was obtained or compiled and the purposes for which it is used or disclosed by the public body;
- The categories of persons who use the personal information or to whom it is disclosed within the public body and externally; and
- Information required under Section 69 (7) of FIPPA.