OIPC Blog

A follow-up report has found the Provincial Health Services Authority (PHSA) has taken meaningful steps to incorporate recommendations aimed at strengthening the privacy and security of the Provincial Public Health Information System (System), following the Office of the Information and Privacy Commissioner’s (OIPC) December 2022 report that found the PHSA’s failure to address security and privacy vulnerabilities put British Columbians at risk.

Commissioner McEvoy presents the 2022-23 OIPC Annual Report. Read on to watch a welcome video from the Commissioner on the report.

On March 9, 2023, the Office of the Information and Privacy Commissioner for British Columbia (OIPC) hosted the OIPC Youth Forum. A group of high school students from across British Columbia joined experts from the OIPC, the BC Civil Liberties Association, MediaSmarts, and special guest speaker, Cambridge Analytica whistleblower and social researcher Christopher Wylie, for a wide-ranging discussion on the privacy issues that impact students most.

The investigation looked at a number of issues, including: whether consent to FRT was properly obtained from individuals, whether those visitors were properly notified about how their images would be collected and used, and, whether the broad use of FRT was reasonable in the circumstances.

A preliminary review of the impact of BC’s application fee for freedom of information requests reveals limited payment options, a lack of criteria among public bodies for not charging or for refunding the fee when fairness warrants, and mixed findings about the initial impact on applicants.

The Provincial Health Services Authority (PHSA) has failed to address security and privacy vulnerabilities in BC’s Provincial Public Health Information System (the System) — putting the personal health information of British Columbians at risk.

An investigation report released by Information and Privacy Commissioner Michael McEvoy says the security and privacy vulnerabilities have been known to the PHSA since 2019.

Commissioner McEvoy presents the 2021-22 OIPC Annual Report. Read on to watch a welcome video from the Commissioner on the report.

Information and Privacy Commissioner Michael McEvoy announced the launch of the OIPC Young Scholars Project today, on the International Day of Education.

The OIPC continues to provide service to the public, public bodies, and private sector. To protect the health of our employees and to do our part to slow community transmission of the COVID-19 virus, most OIPC staff have now transitioned to working remotely. This will mean that, for the time being, our Office will not receive in person visits from those we serve.

We will post updates on our website and social media channels as the situation continues to unfold.

Getting #PrivacyRight means respecting the trust that individuals place in organizations that collect, use or disclose their personal information. People should be confident that businesses will collect their personal information appropriately and in a straightforward manner and, where needed, only after they have provided meaningful consent.

This month, learn about the authority to collect, use, and disclose personal information. Explore our latest online tools, including a video, a webinar, a podcast, and one of our key guidance documents. Whether you’re an organization that collects, uses, and discloses personal information or a customer who is wondering what happens to your information, this month’s releases have the answers you need.

This month, learn about accountability and the benefits of implementing a privacy management program. We have several online tools for you to explore, including two webinars (each with printer-friendly notes), a video, and podcast. Dig a little deeper with our related guidance documents, then take our privacy assessment challenge.

The secret’s out… privacy is good business. And to help you and your organization get on board, we are launching PrivacyRight, a series of educational tools for BC organizations that will help you understand your obligations under the Personal Information Protection Act (PIPA).

You probably noticed a flurry of emails in your inbox over the past few weeks, as everything from social media apps to your email provider to your fridge rush to send you privacy policy updates. Why now, you ask? Well, it has to do with a new privacy law called the GDPR.

I am as surprised as anyone that email retention and deletion by government staff is again making news. These matters have been thoroughly canvassed in numerous reports by my office, by government and in government’s own retention schedules and policies. They also emphasize the need for independent oversight of record management including the duty to document.

This year, as the Asia Pacific Privacy Authorities (APPA) mark Privacy Awareness Week, there couldn’t be a more important time to talk about the need to protect personal information. I spoke about this very topic last week to a gathering of small business owners, communications professionals, and government employees.

How many times a day are you asked for your email, telephone number, postal code, or birth date? Probably more than you might realize. Think about when you go to the grocery store, the pharmacy, or to a clothing or electronics store. Many retailers ask for your email to connect purchase history with future promotional offers to better tailor potential discounts with your spending habits. But is this legal? Well, it all comes down to the purpose for which the information was collected.

Let’s face it – protecting data in our digital society isn’t easy. Devices intended to improve our lives also collect an astounding amount of information about you, your family, and friends. Voice assistant technology, connected devices, and apps that give you remote access to your home sound pretty convenient. But before you unlock your front door with your phone, think about this: in 2016, 2.2 billion data records were compromised and vulnerabilities were uncovered in products and services, such as baby monitors and door locks. Yikes!

Last week we released a tip sheet for public bodies managing requests for records, in conjunction with our audit report examining the access to information policies and procedures of WorkSafeBC.

Are you tempted by the potential benefits of cloud-computing? The option can be appealing, as the service often cuts costs and removes obstacles for users looking to reduce IT infrastructure and maintenance. Before you reach for the clouds, make sure you know the legal requirements that apply when processing and storing personal information outside of Canada.

I recently spoke about the Internet of Things and Big Data at a healthcare summit in Vancouver. Well, let’s be honest and call it what it really is - the Internet of Everything. From the rubber ducky in your child’s bathtub to your smart tea kettle, the array of connected devices on the market today seems almost limitless.

Updated guidance is now available to physicians on privacy and security of patient records

A few weeks ago, my office and the Office of the Privacy Commissioner of Canada (OPC-Canada) co-hosted the 48th Asia Pacific Privacy Authorities (APPA) Forum in Vancouver. From November 15-17, APPA officials from 14 member jurisdictions and invited guests shared insights and perspectives, discussed global privacy trends, exchanged experiences, and looked for opportunities for joint regulatory guidance and enforcement activities across the Asia Pacific Region.

From September 25 to October 2 we are celebrating Right to Know week to raise awareness of our right to access government records, essential to democracy and good governance.

The use of dash-cams by private sector organizations is, from any practical perspective, likely unlawful in BC.

I was invited to speak to this group because Selkirk College has been awarded a three-year federal grant to explore open data and open government in rural B.C. The organizers asked me to share my views about open data, including where datasets should be published, and what data should be considered sensitive and private.

Heute beginnt unsere Feier zur Woche des Rechts auf Wissen, die der Förderung der Informationsfreiheit weltweit gewidmet ist. Die 2002 in Bulgarien ins Leben gerufene "Right to Know"-Bewegung wird jedes Jahr am 28. September von rund 40 Ländern und 60 Nichtregierungsorganisationen gefeiert.

B.C.’s Personal Information Protection Act (“PIPA”) sets out how the province’s 380,000-plus private-sector “organizations” can collect, use, and disclose personal information. Personal information held by a federally regulated organization, such as a bank or telephone company; however, is protected by the federal Personal Information and Electronic Document Act, or “PIPEDA”.

This post is the first in a series of essays from students in Political Science 370, The Politics of Surveillance, a University of Victoria course taught by Dr. Colin Bennett. By sharing these posts on its blog, the Office of the Information and Privacy Commissioner hopes to facilitate discussions about privacy and access issues. The views expressed, of course, are those of the authors.

Jedes Jahr Anfang Mai feiern Datenschutzexperten auf der ganzen Welt die Privacy Awareness Week (PAW). Die Initiative, die nun ihr 10-jähriges Bestehen feiert, wurde 2006 von den Datenschutzbehörden des asiatisch-pazifischen Raums (APPA) ins Leben gerufen, um das Bewusstsein für zahlreiche Datenschutzfragen und die Bedeutung des Datenschutzes zu fördern und zu schärfen.

Sie sind wie ein eigener persönlicher Trainer - zu einem Bruchteil der Kosten. Die Ergebnisse einer Studie von Forschern der Universität Toronto zeigen jedoch, dass Fitness-Tracker, die beliebten tragbaren Geräte, die unsere Schritte, Kalorien, unseren Schlaf und andere Daten aufzeichnen, möglicherweise auch uns selbst überwachen.

Wir haben es alle schon erlebt: eine verdächtige E-Mail, ein belästigender Anruf oder ein Angebot, das einfach zu gut ist, um wahr zu sein. Von Schneeballsystemen bis hin zu Spammern und Betrügern verlieren Kanadier jedes Jahr Millionen von Dollar durch elektronischen Betrug.

In unserem komplexen digitalen Zeitalter verschärfen sich die Spannungen zwischen Strafverfolgungsbehörden und Technologieunternehmen weiter. Ich unterschätze nicht die Herausforderungen, die der internationale Terrorismus mit sich bringt, insbesondere nach den jüngsten Anschlägen in aller Welt. Aber ich frage mich: Was ist eine angemessene Aufsicht und Überwachung der Überwachungstätigkeiten der nationalen Sicherheits- und Strafverfolgungsbehörden?

Von Martin Abrams Im Dezember 2015 gab der Europäische Datenschutzbeauftragte Giovanni Buttarelli eine Stellungnahme ab, in der er vorschlug, den Datenschutz für das Zeitalter von Big Data neu zu erfinden, und zwar nicht, um Kompromisse bei den Grundsätzen einzugehen, sondern um sicherzustellen, dass Big Data zum Nutzen der Menschen eingesetzt wird.

From dog licences and parking tickets to property taxes and building permits, B.C.’s regional governments and municipalities routinely collect, store, and share large amounts of personal information about those they serve.

Für die digitale Wirtschaft braucht man keinen Pass... kein spezielles Visum. Doch es gibt ein Problem: Unterschiedliche Rechtssysteme und kulturelle Normen in Bezug auf die Privatsphäre machen den grenzüberschreitenden Informationsfluss zu einem komplizierten Unterfangen.

"Bring Your Own Device" (BYOD) wird in vielen Unternehmen der Privatwirtschaft immer beliebter. Es kann jedoch eine Herausforderung sein, den Schutz von Unternehmensdaten mit den Rechten von Kunden und Mitarbeitern auf Privatsphäre in Einklang zu bringen, was Richtlinien, Schulungen und technische Lösungen erfordert. Hier sind einige Tipps, die Sie berücksichtigen sollten.

Von sprechenden Puppen bis hin zu Miniaturversionen von Mamas und Papas Handys, Tablets und Smartwatches - die Regale der Geschäfte sind in dieser Saison voll mit den neuesten Versionen von internetfähigem Spielzeug. Mit dem Fortschritt der digitalen Technologien werden weitere vernetzte Spielzeuge auf den Markt kommen. Hier sind einige Tipps zum Schutz der Privatsphäre Ihrer Familie.

Wir alle erwarten von öffentlichen Einrichtungen und Unternehmen, dass sie ihre IT-Netzwerke gegen Bedrohungen von außen schützen - aber was ist mit denen, die innerhalb Ihres Arbeitsplatzes auftreten können? Software-Tools können einen gewissen Schutz bieten, aber sie können auch zur unbeabsichtigten Erfassung der persönlichen Daten Ihrer Mitarbeiter führen.

Letzte Woche war mein Büro stolz darauf, Gastgeber einer wichtigen Konferenz in Vancouver mit dem Titel Privacy and Access 20/20: The Future of Privacy zu sein. Die Konferenzsitzungen regten zum Nachdenken an und waren zeitgemäß und vorausschauend.

An einem verregneten Freitag, dem 13. in Vancouver haben die Beauftragte für Information und Datenschutz Elizabeth Denham und die Beauftragte für Kinder und Jugend Mary Ellen Turpel-Lafond ihren gemeinsamen Bericht über Cybermobbing auf der Konferenz Privacy & Access 20/20: Future of Privacy veröffentlicht.

Es ist nicht immer möglich, die gesamte Arbeit in acht Stunden zu erledigen. Manchmal ist es unvermeidlich, Arbeit mit nach Hause zu nehmen. Aber immer dann, wenn außerhalb des Büros auf persönliche Informationen zugegriffen wird, besteht ein erhöhtes Risiko, dass diese verloren gehen oder gefährdet werden. Öffentliche Einrichtungen und private Organisationen müssen Papier- und elektronische Unterlagen sicher aufbewahren, wie es das Gesetz über Informationsfreiheit und Schutz der Privatsphäre (Freedom of Information and Protection of Privacy Act - FIPPA) und das Gesetz zum Schutz persönlicher Daten (Personal Information Protection Act - PIPA) vorschreiben.

Seit dem Inkrafttreten der kanadischen Anti-Spam-Gesetzgebung (CASL) am 1. Juli 2014 sind unsere E-Mail-Postfächer viel einfacher zu verwalten. Aber Spam kann immer noch seinen Weg auf unsere Computer finden. Diese unerwünschten E-Mails sind nicht nur lästig, sondern können auch bösartige Spyware in unseren Posteingang schleusen und unsere Privatsphäre gefährden. Zum Glück gibt es einige einfache Maßnahmen, die Sie ergreifen können, um das Risiko zu minimieren.

Haben Sie den gestrigen Twitter-Chat mit dem Kommissar verpasst? Hier finden Sie das vollständige Skript der Fragen und Antworten.

On Nov. 12 and 13, the OIPC will host “Privacy and Access 20/20: The Future of Privacy" with our partner, Reboot Communications. The conference will bring stakeholders from the public, private and non-profit sectors together at the Coast Coal Harbour Hotel for some thought-provoking, content from experts in industry, government, academic institutions and civil society. Here are some thoughts on the topic from Commissioner Elizabeth Denham.

The Information and Privacy Commissioner receives hundreds of complaints and appeals from British Columbians each year.

These numbers have increased significantly in recent years. And we aren’t alone: privacy and access to information commissioners in Canada and beyond are experiencing big increases in case volumes that are challenging them to deliver timely service to the public.

Every year I look forward to Right to Know week, because it gives us a chance to celebrate and acknowledge the value of access to information rights. As an avid book-lover and dedicated book-club member, it seemed like a good opportunity to share some of my top picks for books that could find a home in the "access to information" section of your bookshelf.

Ziel der Woche des Rechts auf Wissen ist es, das Bewusstsein für unser Recht auf Zugang zu staatlichen Informationen zu schärfen. Right to Know" fördert auch die Informationsfreiheit als wesentliches Element der Demokratie und der guten Regierungsführung. Hier sind einige weitere Kurzinformationen zur Woche des Rechts auf Wissen:

This month, learn about accountability and the benefits of implementing a privacy management program. We have several online tools for you to explore, including two webinars (each with printer-friendly notes), a video, and podcast. Dig a little deeper with our related guidance documents, then take our privacy assessment challenge.