Skip to main content

Privacy Office


The Board of Education of School District No. 36 (Surrey) ("SD36", "ż", "the District") is subject to the ("FIPPA", "FOI") and the ("the School Act") when handling .


The issued by the provincial government details the key components of a privacy management program (PMP) for public sector organizations. The below information provides an overview of the SD36 PMP.

  • Privacy Officer: Simon Ayres, Email: privacy@surreyschools.ca.

    The Privacy Officer is responsible for being a point of contact for privacy-related matters such as privacy questions or concerns; supporting the development, implementation, and maintenance of privacy policies and/or procedures; and supporting the public body's compliance with FIPPA.

    How to contact the Privacy Office:

    1. Submit any privacy questions, concerns or complaints to the Privacy Officer in writing at email: privacy@surreyschools.ca.
    2. Requests for access to records under FIPPA can be submitted using the .
    3. Requests for employment information related to legal actions should be forwarded to the ż Human Resources department.
  • of FIPPA provides guidance to public sector organizations regarding the use of Privacy Impact Assessments (PIA) and Information-Sharing Agreements (ISA).

    details the SD36 process for completing and documenting privacy impact assessments. Information-sharing agreements are developed for individual initiatives, as required.

  • Direct all privacy complaints to the Privacy Officer at email: privacy@surreyschools.ca.

    A privacy breach means the theft or loss, or the collection, use or disclosure of personal information in the custody or control of a public body that is not authorized under FIPPA.

    details the district process for responding to privacy breaches.

  • All SD36 staff are required to complete a mandatory Privacy Training course to ensure they understand their responsibilities under FIPPA. Other education and awareness activities are provided, as required.

  • The Privacy policy and associated procedures set out the district's commitment, standards and expectations regarding the appropriate practices for the collection, use, and protection of .

  • Public bodies are responsible for informing service providers of their privacy obligations when handling .

    Privacy reviews and, where necessary, are completed for contracts to identify and mitigate risks associated with service provider management of personal information. Service provider contract language includes, but is not limited to, appropriate information use, disclosure, and disposal; security and training requirements; and notice to SD36 in the event of a privacy-related contract breach.

image description
Back to top