Privacy Training for Child & Family Service Providers

The following information relates to Privacy Training requirements for third party service providers, foster parents, and delegated aboriginal agencies (DAAs).

Government Privacy Management and Accountability Policy requires that all employees as well as all service providers, including their employees, agents, volunteers and sub-contractors, and DAAs, who have access to personal information, complete government privacy training.  This requirement is in addition to any existing privacy training that service providers may have developed in their organizations.

The training provides a brief introduction to the service provider’s roles and responsibilities in handling personal and confidential information in a secure and privacy-enhanced manner. You will learn best practices in information sharing, information management, record keeping, privacy, and information integrity.

About Personal Privacy

We work in environments where personal and sensitive information is collected, used and disclosed. We all have a duty to protect this personal information, whether it is about clients or staff. In light of recent privacy breaches and the ease with which information can be shared in an increasingly electronic world, the Province has recognized the need for us to be increasingly vigilant in our privacy practices.

Personal Information means recorded information about an identifiable individual collected or created by the contractor as a result of performing contracted services but excluding any information that would not be under the control of a public body as interpreted under the Freedom of Information and Protection of Privacy Act.

The following is a non-exhaustive list of examples of Personal Information:

  1. the individual’s name, address or telephone number;
  2. the individual’s race, national or ethnic origin, colour or religious beliefs or associations;
  3. the individual’s age, sex, sexual orientation, marital status or family status;
  4. an identifying number, symbol or other particular assigned to the individual;
  5. the individual’s fingerprints, blood type or inheritable characteristics;
  6. information about the individual’s health care history, including a physical or mental disability;
  7. information about the individual’s educational, financial, criminal or employment history;
  8. anyone else’s opinions about the individual; and,
  9. the individual’s personal views or opinions, except if they are about someone else.

Personal Information could be received either verbally or written. 

How to Enroll in Training

The training can be completed individually or as a group.  It is recommended that training be completed individually as a self-directed on-line course however special arrangements can be made to have a group complete the training. The course is module-based and takes approximately one hour to complete.

Certification of Completeness:

Individuals independently completing the course on-line will be able to generate a certificate upon successful completion of the course. This is important documentation as it may be requested to verify your course completion.

If group training was arranged the representative for the service provider will be provided a fillable PDF template and will be responsible for filling in the template and providing a certificate of completion to all attendees in the group.


All service providers or DAAs are required to create and maintain a log which will include:

  • the names of all contractors and their employees, agents, volunteers and sub- contractors who may collect, create, or access Personal Information.
  • the status of the contractors and their employees, agents, volunteers and sub- contractors completion of the privacy training including the date of completion.

These reports must be made available upon request. Audits will be conducted to ensure compliance.