Privacy Impact Assessment (PIA)

Sea to Sky School District conducts Privacy Impact Assessments (PIAs) on software systems and applications used to deliver education services to students and families.
Completed PIAs and updates are retained in a secure location at the School Board Office for the purposes of demonstrating due diligence and if needed, to respond to a requested Privacy Commissioner’s Audit. Questions regarding any of Sea to Sky School District's PIAs can be directed to the School Board Office (604-892-5228).

What is a PIA?

A Privacy Impact Assessment (PIA) is a process which assists our district in identifying and managing the privacy risks arising from new applications, initiatives, systems, processes, strategies, policies, and business relationships.

A Privacy Impact Assessment is a type of impact assessment conducted by an organization (i.e.: School District with access to a large amount of sensitive, private data about individuals). The organization reviews its own processes to determine how these processes affect, or might compromise, the privacy of the individuals whose data it holds, collects, or processes.

A PIA is typically designed to accomplish three main goals:

Ensure conformance with applicable legal, regulatory, and policy requirements for privacy.
Identify and evaluate the risks of privacy breaches or other incidents and effects.
Identify appropriate privacy controls to mitigate unacceptable risks.

Source

Why do we need to complete a PIA?

A PIA is a tool to help school districts ensure compliance with applicable privacy legislation. This document helps assess and mitigate unintended privacy risks when implementing a new initiative. As part of the process, school districts take the appropriate steps to ensure that parents, students and educators understand what measures are taken with regards to the safety and security of personal information. The designated privacy officer in the district determines internal policies for review and signs off on a Privacy Impact Assessment. If you have any questions about the PIA process or FIPPA in general, you may contact the provincial Privacy and Access Helpline at 250 356-1851 or [email protected].

What is Personal Information?

Note: The definition of personal information is “Recorded information about an identifiable individual other than contact information.” The following are examples of personal information (this is a non-exhaustive list):

- Name, address, email address, telephone number;

- Age, sex, sexual orientation, marital / family status, blood type;

- Information about an individual’s health care history, including a physical / mental disability;

- Information about an individual’s education, financial, criminal, employment history;

- Social Insurance Number (SIN), Personal Education Number (PEN);

- Personal views, opinions, religious / political beliefs and associations.