The Records/Information & Privacy Coordinator is the point of contact for all privacy-related matters, such as privacy questions or concerns, and can be reached at:
455 Wallace Street, Nanaimo, BC V9R 5J6
Privacy Management Program
Section 36.2 of the Freedom of Information and Privacy Protection Act (FOIPPA) requires B.C. public bodies to develop a Privacy Management Program (PMP). A PMP is an evolving set of policies, procedures and tools developed by a public body to ensure protection of personal information.
The City of Nanaimo is responsible for protecting significant amounts of personal information. Privacy, information security, and compliance are some of the City’s top priorities. The PMP is reviewed regularly to ensure it is relevant to the City’s activities and personal information holdings. The City has implemented mandatory FOIPPA training for all employees who have access to personal information or records or deal directly with the public.
Core components of the City’s Privacy Management Program include:
Privacy Impact Assessments & Information Sharing Agreements
A Privacy Impact Assessment (PIA) is a step-by-step risk management and compliance review process. A PIA is required before a new project, program, or initiative is started, or before a significant upgrade to an existing project, program, or initiative. PIAs are typically completed as a collaborative effort between the Legislative Services staff, the individuals working on the initiative, and the IT Department.
PIAs require staff to consider the privacy implications of existing or new programs or services, the likelihood of threat or risk occurring, and the severity of the consequences of a privacy breach.
An Information Sharing Agreement (ISA) is an agreement that sets the conditions of collection, use, or disclosure of personal information by the parties to the agreement.
Personal Information Banks
Schedule 1 of FOIPPA
defines that a personal information bank
(PIB) is a collection of personal information that is organized or retrievable by an identifying number, symbol, or other particular assigned to an individual.
A part of the City of Nanaimo's process for identifying PIBs is using privacy impact assessments (PIAs) to determine whether or not personal information will be collected. If it is, the PIA helps the City to analyze how to reduce the risk of personal information being used and/or disclosed in a manner not authorized by FOIPPA.
The City also identifies PIBs in our Records Classification and Retention Schedule to ensure proper retention and destruction procedures are followed.
Service Provider Privacy Obligations
When service providers handle personal information related to the provision of services for the City of Nanaimo, the City must inform them of their privacy obligations. Privacy requirements are addressed in procurement documents during procurement processes. Where appropriate, a Privacy Protection Schedule is included in contracts and agreements.
Privacy Complaints and Privacy Breaches
FOIPPA requires public bodies to have a documented process for responding to privacy complaints and breaches.
A privacy breach is the theft or loss of personal information, or the access, collection, use, or disclosure of personal information in the custody or control of a public body that is not authorized by FOIPPA. A privacy complaint is a complaint from an individual about a breach of their own personal information.
The Records/Information & Privacy Coordinator is the point of contact for all privacy-related matters such as privacy questions or concerns and can be reached at:
455 Wallace Street, Nanaimo, BC V9R 5J6
The Office of the Information & Privacy Commissioner (OIPC) for British Columbia is an independent office appointed by the legislature that oversees compliance with FOIPPA and promotes and protects the information and privacy rights of British Columbians. The City reports all privacy breaches to the OIPC using the privacy breach checklist for public bodies.