entity icon indicating copy to clipboard operation
entity copied to clipboard
verified publisher icon bcgov

FOIPPA Collection Notice

Open mbertucci opened this issue 1 year ago • 9 comments

User Story:
As a Team Lead responsible for regulatory compliance,
I want to display the FOIPPA collection notice prominently on the first page or in the footer of the application,
So that users are informed about the purpose and legal authority of personal information collection, ensuring transparency and compliance with FOIPPA.

Context:
To comply with the Freedom of Information and Protection of Privacy Act (FOIPPA), it is essential to inform users of the collection of their personal information. This notice needs to be visible on the first page of the application or in the footer of every page, ensuring that users are aware of the purpose and authority for the collection of their data. TBH I'm not sure where it should go and I'll leave it up to the designers to talk to other teams to figure out where it goes

Andy please find out how other projects are handling the FOIPPA notice

UX/UI Design:

  • [Link to wireframes or prototypes showing the notice placement]
  • [Link to any relevant design documentation]

Business Rules:

  • [ ] The FOIPPA collection notice must be visible on the first page of the application
  • [ ] The user will view the message but no need to acknowledge it (i.e., no need to click a checkbox or store this info in the DB)
  • [ ] The notice must include the following text and STRAA will be in italic

Any personal information required is collected to support the administration and enforcement of the Short-Term Rental Accommodations Act, under the authority of section 33(1) of that Act. Any questions about the collection of any information can be directed to the Executive Director of the Short-Term Rental Branch, at [email protected].

Scenarios

Scenario 1: Viewing the FOIPPA notice on the first page of the application

Given the user accesses the first page of the application,
When the page loads,
Then the FOIPPA collection notice should be prominently displayed,
And it should include all required information about data collection and legal authority.

Scenario 2: Contacting support regarding the FOIPPA notice

Given the user has questions about the collection of their personal information,
When they view the FOIPPA collection notice,
Then they should see clear contact information provided within the notice,
And they should be able to reach out for further clarification or support.

mbertucci avatar Aug 14 '24 18:08 mbertucci

Sample Collection Notice:

We are collecting your personal information to [purpose]. If you have questions about our collection of your information, please contact us at [contact information].

We are collecting your personal information under section [e.g. 26(c)] of the Freedom of Information and Protection of Privacy Act.

mbertucci avatar Aug 14 '24 18:08 mbertucci

This is a requirement of the PIA https://www2.gov.bc.ca/gov/content?id=650377D1931545499C09A855830530C3#q-6

mbertucci avatar Aug 14 '24 18:08 mbertucci

See PIA https://bcgov.sharepoint.com/:w:/r/teams/09399/Shared%20Documents/PIA%20and%20STRA/Short%20Term%20Rental%20Registry%20PIA.docx?d=wb3cea5832fee402eb6d0d779350196fc&csf=1&web=1&e=BDf51J

mbertucci avatar Aug 14 '24 18:08 mbertucci

@fionazhou-jsb does the blurb work?

mbertucci avatar Aug 16 '24 23:08 mbertucci

I sent an email to Pia Dewar to confirm we can just use the sample. I think we can but wanted to confirm. @fionazhou-jsb we need a contact email. And a

mbertucci avatar Aug 19 '24 18:08 mbertucci

Conversation with Pia Dewar regarding FOIPPA

Hey there. I hope you're doing well.

The FOIPPA collection notice. Does it need to be visible at all times? In the footer for example?

Is it a check box stating the user acknowledges the FOIPPA consideration.

Do you know what other teams have done?

Pia Dewar: hi, it tends to go in two places - right before someone logs in through a portal (thereby giving someone the chance to decide if they'll even log in), and on the first page with instructions

such as, when they're registering their rental. I would put it at the top of that page

Ok I'm wondering if it is already a part of SBC Connect.

I'm going to put it on the first page of the application

Pia Dewar: ok, sounds good. it just needs to be somewhere someone can see it Before commiting any PI

before they hit a submit button on a form, let's say

mbertucci avatar Aug 19 '24 23:08 mbertucci

from PIA

Hi,

A pretty standard collection notice runs as follows:

Any personal information required is collected to support the administration of [purpose], under the authority of FOIPPA, sec [legislative cite]. Any questions about the collection of any information can be directed to [position title], at [phone number].

That’s usually the format.

Thank you,

Pia

mbertucci avatar Sep 03 '24 23:09 mbertucci

@kris-daxiom this one is good for your review

fionazhou-jsb avatar Sep 06 '24 16:09 fionazhou-jsb

Looks good to me

kris-daxiom avatar Sep 06 '24 16:09 kris-daxiom

Hey team! Please add your planning poker estimate with Zenhub @dimak1 @kris-daxiom @rstens @shaangill025

jdyck-fw avatar Sep 12 '24 20:09 jdyck-fw

PASS

image.png

Accessible for public user via https://strr-ui-dev.web.app/create-account/ and then clicking on "Information collection notice" : image.png

rstens avatar Sep 25 '24 22:09 rstens

@rstens I really appreciate the obvious pass or fail on the tickets

@shaangill025 thanks for getting this done :)

mbertucci avatar Sep 26 '24 13:09 mbertucci