Surrey IT Security & Privacy Complaints - Bylaw Guide

Surrey, British Columbia residents and employees should report IT security incidents and privacy concerns to the City of Surrey and to provincial oversight bodies when required. This guide explains which city office handles complaints, the statutory framework that applies, how to file incidents or access requests, and what enforcement or remedies may follow. It is intended for people who suspect a data breach, improper collection or disclosure of personal information, or who need to make an access or correction request under provincial law.

Who handles complaints

The City of Surrey designates an internal contact for access and privacy matters through its corporate records and access function; individuals can contact the city’s access and privacy team for initial reports and records requests. See the City of Surrey access and privacy page for official contact details and guidance on municipal procedures: City of Surrey Access & Privacy^[1].

For matters that fall under provincial jurisdiction, including formal complaints about how a public body has handled personal information under the Freedom of Information and Protection of Privacy Act (FOIPPA), the Office of the Information and Privacy Commissioner for British Columbia (OIPC BC) accepts complaints and can investigate: OIPC BC complaint process^[2]. The statutory regime and remedies are set out in FOIPPA: Freedom of Information and Protection of Privacy Act (BC)^[3].

Penalties & Enforcement

Municipal responses to IT security and privacy complaints include internal corrective actions, administrative orders, and coordination with provincial oversight. Specific monetary fines for municipal privacy breaches are not set out on the cited City of Surrey page; where statutory remedies exist they derive from provincial law rather than a city bylaw. For statutory enforcement and investigatory powers, consult FOIPPA and the OIPC BC guidance cited above.^[3]

• Enforcer: City of Surrey access and privacy office for municipal handling; OIPC BC for provincial complaints and orders.
• Monetary fines: not specified on the cited City of Surrey page; FOIPPA itself does not set administrative fines for most breaches but provides investigatory and order powers — see FOIPPA for details.^[3]
• Appeals and review: OIPC orders can be judicially reviewed in the BC Supreme Court within statutory time limits set by court rules and FOIPPA provisions; specific time limits are not specified on the City of Surrey page.
• Non-monetary remedies: production or correction orders, directives to cease improper disclosures, and recommendations for systemic changes.
• Inspection and complaint pathway: report to City of Surrey access and privacy team first; if unresolved, file a complaint with OIPC BC.

Applications & Forms

The City of Surrey publishes guidance on access requests and records procedures on its access and privacy page; if a specific municipal FOI request form is required it will be available there. If no city form is published, FOIPPA access requests may be made in writing to the public body and the OIPC provides guidance on complaint submission.^[1][2]

How to report an IT security incident

1. Contact the City of Surrey access and privacy team immediately to report the incident and request instructions for containment and evidence preservation.
2. Collect details: date/time, systems affected, type of data involved, and any known disclosures.
3. Submit a formal access or correction request if you seek records or correction of personal information held by the city.
4. If unsatisfied with municipal response, submit a complaint to OIPC BC following their online complaint process.
5. Consider legal review for urgent remedies or judicial review of orders, and comply with time limits for appeals.

FAQ

Who investigates privacy breaches at Surrey?

The City of Surrey’s access and privacy office handles municipal investigations; the OIPC BC investigates complaints under FOIPPA if the matter falls within provincial jurisdiction.

How do I report an IT security incident to the City?

Report immediately to the City of Surrey access and privacy contact listed on the city’s access and privacy page and follow any containment instructions the city provides.

Can I appeal a privacy decision?

You may file a complaint with OIPC BC and, where applicable, seek judicial review of OIPC orders in the BC Supreme Court; consult the statutory provisions and OIPC guidance for time limits.

How-To

1. Identify the incident and gather facts: note dates, affected systems, and types of personal information involved.
2. Notify the City of Surrey access and privacy office following the published municipal contact procedure.
3. File an access or correction request if you need records or changes to personal information; use any city form or write to the public body.
4. If unresolved, file a formal complaint with OIPC BC using their online complaint process and provide the case history.
5. Follow OIPC directions and seek legal advice for possible judicial review if necessary.

Key Takeaways

• Report incidents first to the City of Surrey access and privacy office.
• OIPC BC handles provincial complaints under FOIPPA and can order remedies.
• Keep records of all communications and act promptly to preserve evidence.

Help and Support / Resources

• City of Surrey - Access & Privacy
• Office of the Information and Privacy Commissioner for BC
• BC Laws - legislation portal

1. [1] City of Surrey Access & Privacy
2. [2] OIPC BC - Make a complaint
3. [3] Freedom of Information and Protection of Privacy Act (BC)