Freedom of Information & Protection of Privacy

The Freedom of Information and Protection of Privacy Act (FOIPPA) helps promote good municipal government by balancing the following principles:

Freedom of Information (FOI)

  • The public has the right to access government information.
  • Whenever possible, information held by the District of Sicamous should be available to the public.

Protection of Privacy (POP)

  • Individuals have the right to have their personal information protected.
  • The District of Sicamous should not improperly collect or disclose personal information.

Privacy Management

Collection of Personal Information

When collecting personal information (e.g. forms, surveys, applications), the District will communicate:

  • The purpose for collecting the information
  • The District's legal authority for collecting the information
  • The contact information for an officer or employee of the public body who can answer the individual's questions about the collection

A further clause will indicate whether documentation will be routinely available to the public (e.g. issued permits and/or licenses). The District will ensure that notice is applied to al forms that collect personal information.

District of Sicamous Privacy Management Policy No. A-34

Submit a Privacy Complaint or Breach

In circumstances where the District can rely on consent for the collection of personal information (i.e. recording or updating an individual's contact information, updating an individual's name), the District will obtain consent in writing.

A consent notice must include the following information:

  • Description of the personal information the consent relates to
  • Purpose of the disclosure
  • To whom the personal information will be disclosed
  • The jurisdiction where the personal information will be disclosed (if practicable)
  • The date when the consent is effective and the date it expires (if applicable)

People have a right to access their personal information and to request corrections to it. People also have the right to request a correction of personal information if they believe there is an error or omission.

Requests to access personal information or the correction of personal information must be made to the District's privacy coordinator. The District must provide the change to any other body the information has been provided to within the preceding one-year period.

The District is responsible for protecting personal information in its control by making reasonable security arrangements against risks such as unauthorized collection, use,
disclosure or disposal. The District’s Freedom of Information and Protection of Privacy
Policy & Procedures Manual (pages 27-28) discusses privacy protection measures practiced
by staff.

A privacy breach is the theft or loss of personal information or the access, collection, use or
disclosure of personal information in the custody or control of a public body. This is not
limited to written information. The District is required to have a documented process for responding to privacy breaches and complaints. Any privacy breaches and complaints must or are to be reported to the District’s privacy coordinator. District staff are required to
follow the District’s Privacy Breach Procedure. If a privacy breach is reasonably expected to result in significant harm to an individual, public bodies are required to issue a notification about that breach to the affected individual and to the Information and Privacy Commissioner.

Submit a Privacy Complaint or Breach

The District is required to retain personal information for one year if that information was used as a basis for a decision directly affecting the individual and to allow the affected individual a reasonable opportunity to obtain access. After one year, the information is disposed of in accordance with the records retention schedule defined in the District's Records & Information Management Program Handbook (pages 13-15).

A privacy impact assessment (PIA) is used to determine whether a project or initiative
involves personal information and, if so, how the information will be collected or used. Staff are required to complete a Privacy Impact Assessment Form and submit it to the District’s privacy coordinator prior to proceeding with a new initiative that involves the collection of personal information. The goal is to work together to identify, evaluate and manage privacy risks.