The report from the Privacy Commissioner slams Saanich’s use of spyware, and says, among other things, “During the course of this investigation my staff found that District employees and officers were almost entirely unaware of the District’s obligations under Part 3 of FIPPA, which governs the protection of individuals’ privacy and places limits on the District’s ability to collect, use or disclose personal information. To the extent that the District had processes in place to meet the requirements of that Act, those processes were limited only to those which are needed to comply with the access to information obligations in Part 2 of FIPPA. With respect to the FIPPA obligations that are the subject of this investigation, the District has not taken any steps to meet the requirements of Part 3.
The District’s submissions to my office demonstrate a deep lack of understanding about the most basic tenets of the Act, such as what constitutes the collection of personal information by the District. The District of Saanich must implement a privacy management program to ensure that all personal information in its custody or under its control is adequately protected and that any collection, use, or disclosure is compliant with FIPPA.