Access to Information and Protection of Privacy
Black Gold School Division is governed by two provincial laws:
- Access to Information Act (ATIA): Gives people the right to access records in BGSD’s custody, subject to limited exceptions.
- Protection of Privacy Act (POPA): Controls how BGSD collects, uses, shares, and safeguards personal information. It also requires public bodies to maintain a Privacy Management Program.
Black Gold School Division – Privacy Management Program (PMP)
What is the Privacy Management Program?
Black Gold Schools protects personal information under Alberta’s Protection of Privacy Act (POPA). Our Privacy Management Program (PMP) brings together the policies, procedures, and safeguards we use to collect, use, share, and protect personal information. The PMP is BGSD's formal framework for how we collect, use, disclose, and safeguard personal information. As a public body in Alberta, BGSD must maintain a documented privacy management program under the Protection of Privacy Act (POPA) and related regulations.
Why does this matter to you?
The PMP helps ensure your information is handled responsibly, transparently, and securely. It also explains your privacy rights and how to contact us with questions or requests.
Your privacy rights and assurances
- Access & correction: You can request access to your personal information and ask us to correct it if it’s inaccurate.
- Breach notification: If a privacy breach creates a real risk of significant harm, we will notify you and also notify the Office of the Information and Privacy Commissioner (OIPC) and the Minister of Technology & Innovation.
- Automated decisions: If we use automated systems to generate content or make decisions about you, we will tell you at the time of collection.
- Independent review: If you are not satisfied with our response, you may request an independent review by the OIPC of Alberta.
What the PMP includes
- Policies: Access to Information; Protection of Privacy; Delegation of Authority – Information & Technology. These set responsibilities and decision‑making authority.
- Procedures: Access to information, privacy protections, privacy complaints, privacy incidents/breaches, records & information management, and user account management. These guide day-to-day compliance.
- Regulations: Data & Information Security Classification; Privacy by Design; Privacy Management Program; Privacy Impact Assessment; Acceptable Use of IT; Cloud Vendor Assessment; Personal Information Bank (PIB) Directory. These reinforce secure, transparent, risk‑based practices.
- Forms & tools: Privacy Impact Assessment templates, PIB forms, access request forms, complaint and breach checklists, and correction‑of‑information templates.
- Staff training: All BGSD employees complete mandatory privacy training to help keep your information safe.
When automated decision systems are used, BGSD will inform individuals at the time of collection.
What personal information does BGSD collect—and for what purposes?
BGSD collects only what it needs to provide post‑secondary programs and services. Personal Information Bank (PIB) Directory describing what data we hold, why we hold it, how we use it, and common disclosures—improving transparency about our information holdings.
Personal information collected from students and families is used for:
- Managing programs and services
- Emergency contacts
- Providing library and computer services
- Providing specific services, such as wrap-around health supports
- Maintaining financial records of student accounts
- Determining suitability for an honour or award and graduation
How does BGSD use or disclose personal information?
We use personal information only for the purpose identified at the time of collection or for a purpose consistent with that original purpose; some information is disclosed to government bodies where required by law (e.g., Alberta Education & Childcare).
What are my privacy rights?
You can:
- Access your personal information held by BGSD (subject to limited exceptions).
- Request corrections to your personal information; if used to make a decision that directly affects you, POPA requires BGSD to retain it for at least one year after use so you can access it.
Seek an independent review of access or privacy decisions by the Office of the Information and Privacy Commissioner (OIPC) of Alberta.
What about Student Photographs?
A photograph or digital image of a student is deemed to be that person's personal information.
- Black Gold School Division protects privacy involving photographs with the same confidentiality as other personal information.
- Photos or videos taken for Black Gold School Division marketing purposes are taken in a manner that respects privacy concerns. Participating students’ guardians will be asked to sign a form or to refrain from having their picture taken.
What Personal Information about Students Has Restricted Access?
- Student addresses, telephone numbers, grades, and class schedules are not released without a guardian's consent
- Unless a guardian provides written consent or as required by law, Black Gold School Division employees cannot release personal information to non-guardians or other third parties (e.g., regarding grades, financial records, addresses, etc.).
- Not all Black Gold School Division employees have access to all student records.
- Redaction may be required before records are released if an official request for information is made.
How do I make an access request or ask for a correction?
Submit an access request under ATIA using this Access to Information online form; BGSD must respond within 30 business days (extensions may apply as permitted). Correction requests can be made by directly contacting the school or department holding the information.
Will BGSD notify me about a privacy breach?
Yes. If a breach involves you or your child’s personal information and creates a real risk of significant harm (RROSH), BGSD must notify you, the OIPC, and the Minister of Education and Child Care without unreasonable delay, and the notice must describe what happened, what information was involved, and how risks are being managed.
How does BGSD handle privacy complaints?
You can file a complaint with the Privacy & Access Office. BGSD acknowledges, investigates, and provides a written decision (with timelines set out in our procedure). If you are not satisfied, you may request an independent review by the OIPC.
What is a Privacy Impact Assessment (PIA) and when is it required?
A PIA is a risk assessment BGSD completes before launching new or significantly changed initiatives that handle personal information (including data matching, automated decision systems, and derived/non‑personal data). When required by regulation, BGSD submits the PIA to the OIPC.
What is “automated decision making” and how will I be informed?
Automated decision‑making includes systems that generate content or make decisions, recommendations, or predictions using personal information. BGSD will inform you at the time of collection when such systems are used, and puts oversight and validation controls in place.
What is “data matching” and what rules apply?
Data matching links personal information across two or more datasets. Under POPA, BGSD may conduct data matching for permitted purposes (e.g., program planning, evaluation, research) and must meet specific safeguards, including re‑identification risk assessment and quality assurance for derived/non‑personal data before use or disclosure.
How does BGSD protect my information?
BGSD assigns a security classification level to information (e.g., Public, Protected A/B/C) and applies safeguards proportionate to sensitivity—especially for high‑sensitivity information (e.g., financial data or information about minors/vulnerable individuals). Staff complete mandatory training on privacy and information handling.
How quickly will BGSD respond to an access request?
BGSD must respond within 30 business days of receiving a complete request, with the possibility of an extension where authorized under legislation; any extension and reasons must be communicated to the applicant.
Who do I contact with questions or to report a concern?
Privacy & Access Office
Email: raymond.cable@blackgold.ca
Associate Superintendent
-Human Resource & Administration
-Privacy & Access Officer
3rd Floor, 1101-5st
Nisku, AB T9E 7N3
We handle privacy questions, ATIA access/correction requests, privacy complaints, and reports of suspected breaches.