FIPPA, Privacy, and Consent Resources
It is second nature to most to take selfies, share them on Instagram, Snapchat, etc., but once you move into the role of a public body employee (e.g., in health, education, etc.), you must adhere to the laws set out by the B.C. Office of Information and Privacy Commissioner. Their office has put together guidelines for both public bodies and private bodies. The guidelines for public bodies to better understand what the rules are is linked below and how to get consent is detailed on page 4:
and you can review the Freedom of Information and Protection of Privacy Act here.
Each public body will have their own process (which may range from not allowing tools to pressure to integrate networked learning tools from outside of Canada), so it is important to understand your own setting and the law. You may find some administrators or staff breaking these rules or not aware of them. It is important for you to enter your field and uphold the law, regardless of the culture you enter. This does not mean that you do not engage online or outside of Canada. It means that if/when you do so, that you understand the steps, which are not much more complex than the consent you would get normally for going “on the Internet,” as is described in most settings, but you must name the date consent is effective and, if applicable, the date it expires. It is important that you work with your school district on the consent process. You can see an example of how school district are addressing access to cloud tools outside of Canada here (Coquitlam) and here plus here (Victoria). You must also name each tool individually. It cannot be “blogging.” You must name WordPress.com or Blogger, etc. If you use Flipgrid, you must name Flipgrid. Consent must also be informed, so effort must be taken to ensure that those signing consent understand the implications – that their data may leave Canada, how it may be harvested, and to know about the U.S. Patriot Act. One archived resource by the Canadian Treasury Board provides significant detailed information about the Patriot Act here. It is helpful to also review section 4(b) of the B.C. Digital Literacy Framework which is applicable K12 contexts but helpful for others.
Additional resources can be found here:
Privacy Education for Kids by the Office of the Privacy Commissioner of Canada
Information Security Awareness by the BC Government
FIPPA, Privacy, and Consent Competencies
Learners should ensure that they:
- Are aware of the OIPC, FIPPA, and the Cloud Computing Guidelines and follow them
- Understand what constitutes personal information
- Understand that privacy online is a personal choice and must be respected
- Understand if that you assume a “public body” hat, you have a duty for those under your care, their parents and families, and your colleagues with regard to their privacy and protection of personal information
- Are aware that the Canadian federal government states that the chances are remote that the US Patriot Act will access personal information of Canadians, but recognizes that it is our responsibility to protect privacy preferences and to ensure that consent obtained is informed consent. Some families may be involved with restraining orders and need to be private for their safety, but the reasons for privacy may be preference. Either way, it is not our business as to the reasons for privacy preferences, but it is our responsibility to uphold preferences.
- Understand how media moves through networks into US cloud-based services (e.g., back-ups on iTunes, syncing with Dropbox, messages with personal information is sent on Gmail, blog RSS subscriptions, etc.)
- Understand that these acts do not prohibit participation in networked tools outside of Canada and many public bodies are in need of staff and leaders who model networked literacy and positive citizenship online for their community
- Understand what appropriate consent looks like for public bodies and is aware of what alternative steps are to support learners when consent is not obtained.