FIPA HOME
News Library Links About Help
FIPA is a non-profit society dedicated to advancing freedom of information and privacy rights in Canada...

Your FOI and Privacy Rights

How can we help you?

Help Topics Here
Donate
Contact Us
News Updates
Become a Member
Privacy Policy

Follow us on Twitter

This website was developed through generous grants from

the Law Foundation of British Columbia

Notary Foundation

and

the Notary Foundation of British Columbia

Notary Foundation

CLICK HERE FOR A LIST OF FIPA'S MAJOR FUNDERS.


BC Freedom of Information and Privacy Association (FIPA) is a registered sponsor under the Election Act


Governments and Your Privacy Rights

Some links on this page take you outside of our web site. To return, please use your web browser's back button.

Different Laws for BC Government and Federal Government

There is a privacy law that applies to British Columbia government entities the Freedom of Information and Protection of Privacy Act (BC) (FOIPPA) and a different privacy law that applies to entities of the Canadian federal government the Privacy Act (Canada).

Because they are quite different, they are discussed separately; the Federal Privacy Rights are here

The Freedom of Information and Protection of Privacy Act (BC) FOIPPA

The purpose of FOIPPA is to make the British Columbia government more accountable to the public and to protect personal privacy. It gives the public a right of access to records that are in the control of the BC government and prevents the unauthorized collection, use or disclosure of personal information by public bodies. It also gives individuals a right to access and to request correction to their personal information, subject to limited exceptions. 

FOIPPA covers every BC government entity that is a public body. You have a right to access information under FOIPPA if the entity is listed in the Act as a public body. Before you make a request for access you should check Schedule 2 and Schedule 3 of FOIPPA to find out whether the organization is a public body and therefore covered by the Act. 

Rights and Duties Under FOIPPA

What is a Public Body?

The term public body means

(a) a ministry of the government of British Columbia, (b) an agency, board, commission, corporation, office or other body designated in, or added by regulation to, Schedule 2, or (c) a local public body but does not include (d) the office of a person who is a member or officer of the Legislative Assembly, or (e) the Court of Appeal, Supreme Court or Provincial Court. 

The term "local public body" means

  • a local government body - which means a municipality; a regional district; an improvement district as defined in the Local Government Act; a local area as defined in the Local Services Act; a greater board as defined in the Community Charter or any incorporated board that provides similar services and is incorporated by letters patent; a board of variance established under section 899 of the Local Government Act or section 572 of the Vancouver Charter; the trust council, the executive committee, a local trust committee and the trust fund board, as these are defined in the Islands Trust Act; the Okanagan Basin Water Board; a water users' community as defined in the Water Act; the Okanagan-Kootenay Sterile Insect Release Board; a municipal police board established under section 23 of the Police Act; a library board as defined in the Library Act; any board, committee, commission, panel, agency or corporation that is created or owned by a body referred to in paragraphs (a) to (m) and all the members or officers of which are appointed or chosen by or under the authority of that body; a board of trustees established under section 37 of the Cremation, Interment and Funeral Services Act; the South Coast British Columbia Transportation Authority, or the Park Board referred to in section 485 of the Vancouver Charter.

  • a health care body - which means a hospital as defined in section 1 of the Hospital Act; a Provincial auxiliary hospital established under the Hospital (Auxiliary) Act; a regional hospital district and a regional hospital district board under the Hospital District Act; a Provincial mental health facility as defined in the Mental Health Act, or a regional health board designated under section 4 (1) of the Health Authorities Act.

  • a social services body - which means Community Living British Columbia established under the Community Living Authority Act.

  • an educational body - which means a university as defined in the University Act; Royal Roads University; an institution as defined in the College and Institute Act; the Thompson Rivers University; the Open Learning Agency established under the Open Learning Agency Act; a board as defined in the School Act, or a francophone education authority as defined in the School Act, or

  • a governing body of a profession or occupation, if the governing body is designated in, or added by regulation to, Schedule 3;

What are Your Rights Under the Freedom of Information and Protection of Privacy Act (BC)?

Under FOIPPA you have the right to:

  • request access to records held by public bodies, including records containing your personal information;

  • request the correction of your personal information in records held by public bodies;

  • ensure that your personal information is collected, used, disclosed and kept secure by public bodies according to specific standards that protect the privacy of your personal information; and

  • ask the Office of the Information and Privacy Commissioner of BC to review or investigate decisions by public bodies about privacy or access to records. 

What are BC Public Bodies Allowed to Do With Your Personal Information?

Consent is not required under FOIPPA. Public bodies are allowed to collect, use and disclose personal information without consent. However, FOIPPA does put some limits on what purposes a public body is allowed to collect and use your personal information for, and on how and where it can be disclosed.

In addition, public bodies must maintain the accuracy of personal information, keep it secure, limit how and the reasons why it is disclosed outside Canada and inside Canada. A public body must also retain personal information for at least a year if it has been used to make a decision that directly affects the individual.

When Can a BC Public Body Collect Your Personal Information?

Under FOIPPA, personal information may be collected by or for a public body only if:

  • a law specifically says that the personal information may be collected; or

  • it is collected for law enforcement purposes; or

  • the personal information relates directly to an operating program or activity of the public body and the personal information is necessary for the operating program or activity. 

Although these are broad categories they do have limits. The BC Information and Privacy Commissioner has decided that when asking whether personal information is necessary for an operating program or activity, public bodies should be held to a fairly rigorous standard of necessity, taking into consideration the sensitivity and amount of the personal information collected, the purpose for the collection and the objective of FOIPPA to protect privacy.  It is not enough that the information would be helpful. And if the purpose can be accomplished another way, the public body should take that other way. 

How is a BC Public Body Allowed to Use and Disclose Your Personal Information?

Your personal information may be used or disclosed for the purpose for which it was obtained or compiled, or for a purpose that is consistent with that purpose. In section 34 of FOIPPA, "for a consistent purpose" means that the purpose has a reasonable and direct connection to the original purpose and it is necessary for performing the duties or carrying out a program of the public body.

Examples of consistent purposes

  • Example 1:  
    A university is allowed to use student and alumni information for large mail-outs of information about university-related programs, and products and services that are benefits for alumni. It is not allowed to disclose the student and alumni information to outside commercial organizations for marketing purposes, because the outside marketing purposes are not consistent with the purposes the personal information was originally collected for.

  • Example 2:  
    A health centre collects the name, address, age, gender, admission and discharge date, discharge status and patient number for the delivery of health care to the patient. It later discloses that information to a contractor to conduct a patient satisfaction survey to be used for quality assurance purposes. Surveying patient concerns is reasonably and directly connected with the original purpose for the collection (to deliver health care), and is necessary for performing the duties of the health centre, (to deliver health care), and therefore the disclosure was for a consistent purpose.   

Permitted Purposes and Consent

Personal information may also be used or disclosed for certain purposes permitted in FOIPPA. These permitted purposes are extremely broad and include purposes related to the payment to be made to a public body, licensing and regulatory purposes, law enforcement purposes or for any purpose authorized by law.

Under PIPA and PIPEDA, there is an overarching requirement that the collection, use and disclosure must be for purposes that are reasonable and appropriate in the circumstances. There is no such requirement in FOIPPA. In fact, because FOIPPA states that personal information may be used or disclosed if a law of BC or Canada authorizes or requires the use or disclosure, the government can do just about anything with your personal information once they have collected it. All the government has to do is pass a law to give it the necessary authority. If the law is consistent with the requirements of the Charter of Rights and Freedoms, FOIPPA permits the use or disclosure to be carried out.

And a public body may use or disclose your personal information for any other purpose, if the public body gets your consent.

Your Personal Information Must be Protected and Kept Secure

Your personal information must be kept secure. A public body is required to protect personal information in its custody and under its control by making reasonable security arrangements against unauthorized use, access, collection, disclosure or disposal of the information.

FOIPPA does not specify a technical standard, in part because technical standards change very quickly. The Information and Privacy Commissioner has interpreted the law and determined that the following standards apply:

  • Individuals who do not have a need to know the information to carry out their job function should not access the information.

Even if an employee can see the information in a system or a file, he should not be looking at it unless there is a legitimate job-related reason to do so.

  • It is a breach of an individuals right to privacy and a breach of the law for an employee of a public body or of a service provider to a public body to see or use personal information when doing so is not necessary to his or her job function.

A government body and its service providers will breach the law if they fail to ensure that their employees follow the law.

  • Security measures must consider paper and electronic storage formats, emerging risks, and the inevitability of human error. Government bodies and their service providers must know about how their systems work, and about any new technological threats to the privacy and security of information. They also have to recognize that everybody makes mistakes and should build redundancies into the security systems, such as using encryption on all portable devices.

  • Personal information may be stored or accessed outside Canada only in very limited circumstances.

 


Design by Coverall Crew Hosted with Love by Retrix Hosting
fipa@fipa.bc.ca    #103 - 1093 West Broadway, Vancouver, BC, V6H 1E2,  Tel: 604.739.9788