Effective February 1, 2023, Section 36.2 of the Freedom of Information and Protection of Privacy Act (FOIPPA) requires B.C. public bodies to develop a privacy management program (PMP). 

The goal of the program is to ensure public bodies, like the Resort Municipality of Whistler, are accountable and transparent with respect to their management of personal information. 

Privacy complaints and privacy breaches

As part of the PMP, public bodies are required to have a documented process for responding to privacy complaints and privacy breaches. The privacy and security of the personal information the RMOW is entrusted with is our highest priority. 

The Resort Municipality’s Privacy Breach Administrative Procedure A-08 describes the appropriate and immediate action to be taken by RMOW employees if a real or suspected privacy breach occurs.

The privacy contact is the point of contact for privacy-related matters such as privacy questions or concerns. 

Privacy impact assessments and information-sharing agreements

As part of the PMP, public bodies are required to include a process for completing and documenting privacy impact assessments (PIA) and information-sharing agreements (ISA), as required, under FOIPPA. A PIA is an assessment that is conducted to determine if a current or proposed system, project, or activity meets or will meet the requirements of FOIPPA.

The Resort Municipality of Whistler’s Privacy Impact Assessment Administrative Procedure J-01 is applicable to all staff who are in the planning stages of an update to a new project or service that collects personal information.

Service provider privacy obligations

Under FOIPPA, any service providers have the same privacy obligations for the service that they are providing to the RMOW under contract.

Prior to sharing any confidential information with a service provider, the RMOW requires a signed Non-Disclosure Agreement to be signed by the third party. If the scope of work is agreed to, the RMOW and the service provider would enter into the RMOW’s standard consulting agreement with a confidentiality clause. The agreement sets the conditions for the collection, use, or disclosure of personal information by the parties in the agreement. If the RMOW agrees to utilize a third-party agreement, this agreement must be reviewed by the privacy contact before execution.

Privacy practices and policies

The RMOW is dedicated to ensuring that all its documented privacy processes and practices are available to all RMOW employees and, where possible, to the public.

The following Resort Municipality of Whistler privacy policies and procedures are available to the public:

• Privacy Impact Assessment Administrative Procedure J-01
• Privacy Breach Administrative Procedure A-08

Privacy awareness and education

The RMOW provides regular privacy training sessions throughout the year to all staff. All privacy training sessions include the importance of protecting personal information as well as privacy best practices.

• Provincial resources
  • Privacy Management Program Guidance
  • Privacy and Personal Information Resources
  • Mandatory Privacy Breach Notification Regulation
  • Privacy Management Program Directions
  • Guidance on Mandatory Privacy Breach Notifications
  • Privacy Protection Schedule

Privacy contact

The privacy contact is the point of contact for privacy-related matters such as privacy questions or concerns. They support the development, implementation, and maintenance of the public body’s privacy policies and/or procedures. The privacy contact conducts annual reviews of the RMOW’s privacy policies and procedures to ensure continued compliance with all applicable privacy legislation. 

Legislative and Privacy Coordinator
privacy@whistler.ca