Effective February 1, 2023, Section 36.2 of the Freedom of Information and Protection of Privacy Act (FIPPA) requires BC public bodies to develop a privacy management program (PMP).
For more information, also see:
Privacy management programs help ensure that public bodies are properly equipped to manage and protect any personal information in their custody or under their control. They also help provide transparency and accountability by ensuring public bodies document their privacy practices.
Personal information is information we hold that is identifiable as being about you. The RDKB takes its privacy obligations seriously.
Our collection, use and disclosure of your personal information is regulated by the British Columbia Freedom of Information and Protection of Privacy Act, R.S.B.C. 1996, c. 165, as amended from time to time. You can find more information about your privacy rights at the website of the British Columbia Office of the Information and Privacy Commissioner (OIPC).
Read the RDKB’s Privacy Management Program Policy here.
Designating a Privacy Officer
As required under section 76.1(a) of the Freedom of Information and Protection of Privacy Act, the Board designates the Corporate Officer the official head of the Regional District of Kootenay Boundary for the purposes of the Act.
As permitted under section 76.1(b) of the Freedom of Information and Protection of Privacy Act, the Corporate Officer is authorized to fulfill the role of Privacy Officer and to administer the Act and make operational decisions.
For any privacy related matters, please email the Privacy Officer.
Privacy Impact Assessments and Information Sharing Agreements
As part of the PMP, public bodies are required to include a process for completing and documenting privacy impact assessments (PIA) and information-sharing agreements (ISA), as required, under FIPPA. A PIA is an assessment that is conducted to determine if a current or proposed system, project, or activity meets or will meet the requirements of FIPPA.
The RDKB’s Privacy Management Program Policy is applicable to all staff who are in the planning stages of an update to a new project or service that collects personal information.
Privacy Complaints and Privacy Breaches
If you have a privacy concern or would like to make a freedom on information request, please contact the Privacy Officer at firstname.lastname@example.org.
Privacy Awareness and Education
Privacy training and awareness helps employees identify personal information, understand their privacy obligations, and are an important part of breach prevention.
What is considered personal information?
Personal information includes information that can be used to identify an individual through association or inference. Some examples are:
- Name, age, sex, weight, height
- Home address and phone number
- Race, ethnic origin, sexual orientation
- Medical information
- Human resources information
The following privacy topics for education activities are relevant for most public bodies:
- An understanding of what constitutes personal information.
- Appropriate collection, use and disclosure of personal information.
- Reasonable security measures and access controls to protect personal information.
- Identification and reporting of privacy breaches and privacy complaints.
Training on the following topics may also be included:
- Privacy impact assessments.
- Privacy and security requirements for storage of sensitive personal information outside of Canada.
Employees in the RDKB with access to employee or public personal information are subject to FIPPA training and final test.
Making Privacy Practices and Policies Available
Read the RDKB’s Privacy Management Program Policy Here
Service Provider Privacy Obligations
When service providers handle personal information related to the provision of services for a public body, the public body must inform them of their privacy obligations. Contracts are one way to demonstrate privacy obligations for service providers. (See Information Sharing Agreements above)
PIAs are another useful tool to demonstrate how public bodies and service providers can meet their privacy obligations. By completing a PIA, a public body can assess the services, confirm compliance for such things as collection, use and disclosure of personal information under FIPPA, and identify privacy risks.
Privacy training, policies and procedures will also support a service provider in complying with their privacy obligations when providing services for a public body. (See sections above)
Monitoring and Updating
The RDKB will continue to review its PMP and ensure its relevancy each year. New or updated information from the Province of BC or the Office of the Information and Privacy Commissioner will added as it becomes available.
Privacy Contact Person
The privacy contact is the point of contact for privacy-related matters such as privacy questions or concerns. They support the development, implementation, and maintenance of the public body’s privacy policies and/or procedures. The privacy contact conducts annual reviews of the RMOW’s privacy policies and procedures to ensure continued compliance with all applicable privacy legislation.
Email the Privacy Head at email@example.com, call 250.368.0225 or mail to 202-843 Rossland Avenue, Trail, BC V1R 4S8
For more information, also see: