Rocky Mountain School District No. 6


Section 36.2 of the Freedom of Information and Protection of Privacy Act (FIPPA) requires each public body to develop a privacy management program (PMP). A PMP is an evolving set of policies, procedures and tools developed by a public body to enable systematic privacy protection throughout the personal information lifecycle.

As of February 1, 2023, B.C.’s Freedom of Information and Protection of Privacy Act (FIPPA) requires all public bodies to develop a PMP in accordance with mandatory PMP directions issued by the Minister of Citizens’ Services. The district’s PMP in full detail is posted below.

The components each public body is expected to include in their PMP are:


As required under section 76.1(a) of the Freedom of Information and Protection of Privacy Act, the Board designates the Superintendent of Schools as the official head of the school district for the purposes of the Act.

As permitted under section 76.1(b) of the Freedom of Information and Protection of Privacy Act, the Board authorizes the Secretary Treasurer to administer the Act and make operational decisions.

For any privacy related matters, please contact the Privacy Officer at or by calling (250) 342-9243.

When would you need to contact the Privacy Officer?

  • Question or concern on the accuracy and/or correction of personal information
  • Permitting individuals to access their own personal information (held by the school district)
  • Consent
  • Collection notices
  • Records retention and disposal schedules
  • Reasonable security for the personal information in the public body’s custody or under its control
  • Completing or obtaining privacy impact assessments (PIAs)

The district maintains Information Sharing Agreements (ISAs) with various organizations such as Interior Health and private contractors used for school photos or yearbooks. The school district does not provide student or employee personal information with third parties unless otherwise specified through a multi-step approval process for the use of software or applications needed for learning or business purposes.

District Practice 2950.6 – Privacy Impact Assessments

A list of our current Privacy Impact Assessments (PIAs) - (Coming October 2023)


Privacy training and awareness helps employees identify personal information, understand their privacy obligations, and are an important part of breach prevention.

What is considered personal information?

Personal information includes information that can be used to identify an individual through association or inference. Some examples are:

  • Name, age, sex, weight, height
  • Home address and phone number
  • Race, ethnic origin, sexual orientation
  • Medical information
  • Human resources information

The following privacy topics for education activities are relevant for most public bodies:

  • An understanding of what constitutes personal information.
  • Appropriate collection, use and disclosure of personal information.
  • Reasonable security measures and access controls to protect personal information.
  • Identification and reporting of privacy breaches and privacy complaints.

Training on the following topics may also be included:

  • Privacy impact assessments.
  • Privacy and security requirements for storage of sensitive personal information outside of Canada.

Employees in the school district with access to student or employee personal information are subject to FIPPA training and assessment.

The policy and accompany district practices can be found on our website here


When service providers handle personal information related to the provision of services for a public body, the public body must inform them of their privacy obligations. Contracts are one way to demonstrate privacy obligations for service providers (See Information Sharing Agreements above).

PIAs are another useful tool to demonstrate how public bodies and service providers can meet their privacy obligations. By completing a PIA, a public body can assess the services, confirm compliance for such things as collection, use and disclosure of personal information under FOIPPA, and identify privacy risks.

Privacy training, policies and procedures will also support a service provider in complying with their privacy obligations when providing services for a public body (See sections above).


The school district will continue to review its PMP and ensure its relevancy on an annual basis. New or updated information from the Province of B.C. or the Office of the Information and Privacy Commissioner will added as it becomes available.