NEWS RELEASE: New report highlights gaps in student privacy in BC’s K-12 education system.

VANCOUVER, September 17, 2020 – The BC Freedom of Information and Privacy Association (FIPA) has released their latest report Troubling clouds: Gaps affecting privacy protection in British Columbia’s K-12 education system.  

Click here for full report.

 “The government is setting the system up for failure.” according to Jason Woywada BC FIPA Executive Director. “Without the resources, guidance and supports they need, teachers, schools, and districts are making the best of a bad situation. The result puts personal information in the system at risk.” 

The project started in 2018 when FIPA began hearing from educators, parents and students with questions and concerns about privacy.  Shifts towards cloud-based learning management systems (LMS) were leading to increasing concern and a search for answers. FIPA decided to launch a major research project to explore privacy protection in K-12 education across BC with more rigorous legal research and analysis. 

The project has come to fruition during the COVID-19 pandemic. The public health emergency is leading to even more digitization of workplaces and the education system. The closure of schools was combined with the temporary loosening of privacy safeguards to facilitate the use of online platforms and applications.  

With schools reopening, there are concerns about how students will be physically protected. This report reveals that, whether online or in the classroom, student privacy is being sacrificed by a patchwork approach. It highlights the need to develop systematic solutions for managing the risks going forward. 

“Education shouldn’t come at the expense of teacher and student privacy,”  Woywada  adds. “The recommendations are easily acted upon. Taking these steps will help ensure education doesn’t jeopardize the personal information of the students, parents and educators in the system.” 

We would like to thank lawyer, lead researcher, and project author Matthew A. J. Levine for his hard work on this comprehensive report, and the Law Foundation of British Columbia for their continued support and commitment. Mr. Levine will be presenting on this topic during a FIPA Information Summit 2020 event

Contact: 
Jason Woywada, Executive Director 
BC Freedom of Information and Privacy Association 
Email: jason@fipa.bc.ca 
Phone: 604-739-9788 


Recommendations 

  1. The Ministry of Education should play a more active role in supporting the procurement of cloud computing services. The Ministry’s strategic role in the public education system and relatively sophisticated information technology capacity should be leveraged to maximize resources, exchange knowledge, and develop best practices for privacy risk management. 
  1. Privacy Commissioner should make use of the International Conference of Data Protection and Privacy Commissioners’ (“ICDPPC”) activities regarding online platforms in public schools. Specifically, 
    1. Actively participate in the ICDPPC Digital Education Working Group’s activities, including the questionnaire that was circulated by the French data protection authority and Canada’s OPC in June 2019, so as to exchange best practices with other jurisdictions; 
    2. In light of commitments and norms embodied in ICDPPC Resolution, formulate a guidance document for public bodies in the education sector so that they may fully comply with their privacy obligations when engaged in contracting out cloud computing services. 
  1. School boards should ensure they have information technology and privacy expertise necessary to: 
    1. Conduct substantive privacy impact assessments on private sector providers of information technology services; 
    2. Develop policies and procedures to assess, approve, and support the use of internet platforms and software applications without compromising students’ privacy rights or shifting the privacy risk management burden; 
    3. Provide training and support for teachers in respect of classroom technology and privacy; 
    4. As required and appropriate, seek valid, informed and meaningful consent from individuals, i.e. students and guardians. 
  1. Ministry of Education and school boards should strengthen co-ordination to: 
    1. Negotiate, as necessary, service agreements with service providers who may be unwilling to negotiate with individual school districts; 
    2. Establish a shared mechanism for rating and otherwise exchanging knowledge about internet platforms and software applications; 
    3. Maintain said mechanism while taking on-board feedback from students, guardians, and teachers. 

BC FIPA’s 2019 Annual Report

Looking back at a year of positive change, we are proud of the work we’ve done to further BC’s and Canada’s information and privacy rights landscape.

The 2019 report reflects our ongoing commitment to strengthening FIPA’s position within the information and privacy rights field through legal research, law reform, public legal education, and advocacy and public aid. We will continue to push and advocate for government transparency and freedom of information, surveillance and privacy, and civil liberties.

This report is available as a downloadable PDF. We invite you to explore its content and learn more about FIPA’s work.

NEWS RELEASE: Civil society groups’ joint statement – Too early to launch contact tracing apps

BC FIPA, CCLA, BCCLA, CIPPIC, ICLMG, and OpenMedia are calling for more research and analysis prior to the release of new federally approved contact tracing app

VANCOUVER, June 24, 2020 – On June 18, 2020 the federal government announced that a contact tracing app, “COVID Alert” will be available for Ontarians in July. The app will be in its testing phase, though the nature of testing remains unclear.

BC FIPA, in collaboration with CCLA, BCCLA, CIPPIC, ICLMG, and OpenMedia have written a joint letter to the Prime Minister and First Ministers regarding serious concerns with the application’s implementation and operation at a regional and national level.

The federal Privacy Commissioner’s office has not yet received the necessary information and access to the application in order to analyze and provide recommendations on it, nor has a Privacy Impact Assessment been completed or submitted to that office for review. It is highly concerning that a deployment date has been publicly announced before the federal Privacy Commissioner has been given the opportunity to comprehensively review the application and its privacy impacts.

We call on the federal government to provide the Privacy Commissioner of Canada and their provincial and territorial counterparts with the time necessary to fully analyze the application and release an assessment before the application is released to the public. In addition, prior to release, the privacy policy for the application must be clear, detailed, and understandable so users can provide informed and meaningful consent, as well as understand their privacy rights and protections. Lastly, all elements of the application’s source code must be released to the public so that the privacy and security of the initiative can be assessed.

In today’s digital age, if a contact tracing application is to earn the trust of Canadians, then privacy must be of paramount importance. We feel that the government’s current actions fall short. For this reason, we, the undersigned, are calling on the government to meet the following principles before the application is made publicly available. Details on our joint letter can be found here.

Contact:
Jason Woywada, Executive Director
BC Freedom of Information and Privacy Association
(e) jason@fipa.bc.ca | (p) 604-739-9788

News Release: Time to reform BC’s privacy laws

BC FIPA recommends key changes to BC’s Personal Information Protection Act (PIPA)

VANCOUVER, June 10, 2020 – During the Special Committee’s public consultations to review PIPA, BC Freedom of Information and Privacy (FIPA) presented several key recommendations. 

Details of our presentation found here.

Compared to other provincial and the federal privacy legislation, BC’s PIPA has had no substantive amendments in the last 17 years. Presently, more than ever, personal information is being collected and stored in exponential amounts, subject to advanced analytics, and highly prone to being compromised. Changes to PIPA are needed for two main reasons – citizens expect increased privacy protections and education, and BC’s economy faces a real risk if the province’s privacy protections are inadequate to international data protection standards. 

Our submission proposes several recommendations, many of which have been called for in previous legislative reviews. We are calling for mandatory data breach reporting, algorithmic transparency, as well as an increase in the following: transparency and accountability by organizations, protections during international transfers of personal information, Commissioner’s enforcement powers, and resources for public education campaigns regarding PIPA. We also recognize and urge BC’s leadership in subjecting political parties to PIPA.  

“We are excited for the opportunity to contribute to the reform of a piece of legislation that is increasingly relevant in today’s digital age,” says FIPA’s executive director, Jason Woywada. “This legislative review offers BC the opportunity to regain leadership in its privacy protection laws and amend PIPA to offer its citizens the protections they expect and deserve.”  

We look forward to presenting a comprehensive list of recommendations as part of our written submission to the Special Committee prior to the August deadline. Details on our presentation can be found here.  

Contact: 
Jason Woywada, Executive Director 
BC Freedom of Information and Privacy Association 
(e) jason@fipa.bc.ca | (p) 604-739-9788