Celebrating 30 years of BC's Freedom of Information and Protection of Privacy Act

On October 4, 1993, BC’s Freedom of Information and Protection of Privacy Act came into force. The legislation received unanimous support when it was passed in the BC Legislature the year prior – testament to the need for a law that protected British Columbians’ personal information and that gave them access to government information – their information.

On this 30th Anniversary of FIPPA, BC’s Information and Privacy Commissioner Michael McEvoy reflects on the passing of FIPPA, the 30 years of its evolution, and where the legislation needs to go from here.

Follow-up Report 23-04: Left untreated: Security gaps in BC's public health database

A follow-up report has found the Provincial Health Services Authority (PHSA) has taken meaningful steps to incorporate recommendations aimed at strengthening the privacy and security of the Provincial Public Health Information System (System), following the Office of the Information and Privacy Commissioner’s (OIPC) December 2022 report that found the PHSA’s failure to address security and privacy vulnerabilities put British Columbians at risk.

Special Report 23-03: The digital dilemma: Reflections on the OIPC Youth Forum

On March 9, 2023, the Office of the Information and Privacy Commissioner for British Columbia (OIPC) hosted the OIPC Youth Forum. A group of high school students from across British Columbia joined experts from the OIPC, the BC Civil Liberties Association, MediaSmarts, and special guest speaker, Cambridge Analytica whistleblower and social researcher Christopher Wylie, for a wide-ranging discussion on the privacy issues that impact students most.

Investigation Report 22-02 Left untreated: Security gaps in BC's public health database

The Provincial Health Services Authority (PHSA) has failed to address security and privacy vulnerabilities in BC’s Provincial Public Health Information System (the System) — putting the personal health information of British Columbians at risk.

An investigation report released by Information and Privacy Commissioner Michael McEvoy says the security and privacy vulnerabilities have been known to the PHSA since 2019.

COVID-19 and the OIPC

The OIPC continues to provide service to the public, public bodies, and private sector. To protect the health of our employees and to do our part to slow community transmission of the COVID-19 virus, most OIPC staff have now transitioned to working remotely. This will mean that, for the time being, our Office will not receive in person visits from those we serve.

We will post updates on our website and social media channels as the situation continues to unfold.

April's PrivacyRight tools are here!

This month, learn about the authority to collect, use, and disclose personal information. Explore our latest online tools, including a video, a webinar, a podcast, and one of our key guidance documents. Whether you’re an organization that collects, uses, and discloses personal information or a customer who is wondering what happens to your information, this month’s releases have the answers you need.

Check out our latest PrivacyRight tools

This month, learn about accountability and the benefits of implementing a privacy management program. We have several online tools for you to explore, including two webinars (each with printer-friendly notes), a video, and podcast. Dig a little deeper with our related guidance documents, then take our privacy assessment challenge.

The secret's out... privacy is good business

The secret’s out… privacy is good business. And to help you and your organization get on board, we are launching PrivacyRight, a series of educational tools for BC organizations that will help you understand your obligations under the Personal Information Protection Act (PIPA).

Does the GDPR apply to your BC-based organization?

You probably noticed a flurry of emails in your inbox over the past few weeks, as everything from social media apps to your email provider to your fridge rush to send you privacy policy updates. Why now, you ask? Well, it has to do with a new privacy law called the GDPR.

Government record management systems need independent oversight

I am as surprised as anyone that email retention and deletion by government staff is again making news. These matters have been thoroughly canvassed in numerous reports by my office, by government and in government’s own retention schedules and policies. They also emphasize the need for independent oversight of record management including the duty to document.

Privacy Awareness Week 2018: Why privacy is good for business

This year, as the Asia Pacific Privacy Authorities (APPA) mark Privacy Awareness Week, there couldn’t be a more important time to talk about the need to protect personal information. I spoke about this very topic last week to a gathering of small business owners, communications professionals, and government employees.

Secondary use of your personal information

How many times a day are you asked for your email, telephone number, postal code, or birth date? Probably more than you might realize. Think about when you go to the grocery store, the pharmacy, or to a clothing or electronics store. Many retailers ask for your email to connect purchase history with future promotional offers to better tailor potential discounts with your spending habits. But is this legal? Well, it all comes down to the purpose for which the information was collected.

Data Privacy Day 2018 - Respecting privacy, safeguarding data and enabling trust

Let’s face it – protecting data in our digital society isn’t easy. Devices intended to improve our lives also collect an astounding amount of information about you, your family, and friends. Voice assistant technology, connected devices, and apps that give you remote access to your home sound pretty convenient. But before you unlock your front door with your phone, think about this: in 2016, 2.2 billion data records were compromised and vulnerabilities were uncovered in products and services, such as baby monitors and door locks. Yikes!

In the clouds and beyond! Navigating access and storage outside of Canada

Are you tempted by the potential benefits of cloud-computing? The option can be appealing, as the service often cuts costs and removes obstacles for users looking to reduce IT infrastructure and maintenance. Before you reach for the clouds, make sure you know the legal requirements that apply when processing and storing personal information outside of Canada.

Big Data and the Internet of Everything

I recently spoke about the Internet of Things and Big Data at a healthcare summit in Vancouver. Well, let’s be honest and call it what it really is - the Internet of Everything. From the rubber ducky in your child’s bathtub to your smart tea kettle, the array of connected devices on the market today seems almost limitless.

Delegates and observers meet in Vancouver for APPA 48 Forum

A few weeks ago, my office and the Office of the Privacy Commissioner of Canada (OPC-Canada) co-hosted the 48th Asia Pacific Privacy Authorities (APPA) Forum in Vancouver. From November 15-17, APPA officials from 14 member jurisdictions and invited guests shared insights and perspectives, discussed global privacy trends, exchanged experiences, and looked for opportunities for joint regulatory guidance and enforcement activities across the Asia Pacific Region.

Reaching out about Open Government

I was invited to speak to this group because Selkirk College has been awarded a three-year federal grant to explore open data and open government in rural B.C. The organizers asked me to share my views about open data, including where datasets should be published, and what data should be considered sensitive and private.

Privacy Commissioner of Canada calls for submissions on consent and privacy

B.C.’s Personal Information Protection Act (“PIPA”) sets out how the province’s 380,000-plus private-sector “organizations” can collect, use, and disclose personal information. Personal information held by a federally regulated organization, such as a bank or telephone company; however, is protected by the federal Personal Information and Electronic Document Act, or “PIPEDA”.

Swiping away privacy?

This post is the first in a series of essays from students in Political Science 370, The Politics of Surveillance, a University of Victoria course taught by Dr. Colin Bennett. By sharing these posts on its blog, the Office of the Information and Privacy Commissioner hopes to facilitate discussions about privacy and access issues. The views expressed, of course, are those of the authors.

La Settimana di sensibilizzazione sulla privacy 2016 compie 10 anni

Ogni anno, all'inizio di maggio, i professionisti della privacy di tutto il mondo celebrano la Privacy Awareness Week (PAW). L'iniziativa, che festeggia il suo decimo anniversario, è stata avviata dalle Autorità per la privacy dell'Asia e del Pacifico (APPA) nel 2006 per promuovere e sensibilizzare l'opinione pubblica su numerose questioni relative alla privacy e sull'importanza della protezione delle informazioni.

Un nuovo studio si chiede: "Chi sta seguendo chi?".

È come avere un personal trainer personale, a un costo minore. Ma i risultati di uno studio condotto dai ricercatori dell'Università di Toronto rivelano che i fitness tracker, i popolari dispositivi indossabili che tengono traccia dei nostri passi, delle calorie, del sonno e di altri dati, potrebbero anche tracciare noi stessi.

Perché dovremmo preoccuparci della battaglia di Apple contro l'FBI

Nella nostra complessa era digitale, le tensioni tra le forze dell'ordine e le aziende tecnologiche continuano ad acuirsi. Non sottovaluto le sfide poste dal terrorismo internazionale, soprattutto dopo i recenti attacchi in tutto il mondo. Ma mi chiedo: qual è il controllo e la supervisione adeguati delle attività di sorveglianza delle agenzie di sicurezza nazionale e delle forze dell'ordine?

Costruire le radici della protezione dei dati e della privacy

Di Martin Abrams Nel dicembre 2015, il supervisore europeo della protezione dei dati Giovanni Buttarelli ha emesso un parere che suggeriva la necessità di reinventare la protezione dei dati per l'era dei big data, non per scendere a compromessi sui principi, ma piuttosto per garantire che i big data vengano utilizzati per servire le persone.

Colmare le lacune

L'economia digitale non richiede passaporti... né visti speciali. Ma c'è un problema: sistemi legali diversi e norme culturali sulla privacy rendono il flusso di informazioni attraverso i confini un'impresa complicata.

Un programma BYOD fa al caso vostro?

Il "Bring Your Own Device" o BYOD sta diventando sempre più popolare per molte organizzazioni del settore privato. Ma bilanciare la protezione delle informazioni aziendali con i diritti alla privacy dei clienti e dei dipendenti può essere un esercizio impegnativo, che richiede politiche, formazione e soluzioni tecniche. Ecco alcuni suggerimenti da prendere in considerazione.

Giocare con la privacy

Dalle bambole parlanti alle versioni in miniatura dei telefoni cellulari, dei tablet e degli orologi intelligenti di mamma e papà, questa stagione gli scaffali dei negozi sono pieni delle ultime versioni di giocattoli connessi a Internet. Con il progredire delle tecnologie digitali, altri giocattoli connessi arriveranno sul mercato. Ecco alcuni consigli per proteggere la privacy della vostra famiglia.

Cinque modi fondamentali per proteggere il luogo di lavoro e la privacy dei dipendenti

Tutti ci aspettiamo che gli enti pubblici e le aziende proteggano le loro reti informatiche dalle minacce esterne, ma che dire di quelle che possono verificarsi all'interno del luogo di lavoro? Gli strumenti software possono fornire una certa protezione, ma possono anche portare alla raccolta involontaria di informazioni personali dei dipendenti.

Costruire ponti

La scorsa settimana il mio ufficio è stato orgoglioso di ospitare a Vancouver un'importante conferenza intitolata Privacy e accesso 20/20: il futuro della privacy. Le sessioni della conferenza sono state stimolanti, tempestive e preveggenti.

Suggerimenti e trucchi fuori dall'ufficio

Non è sempre possibile portare a termine tutto il lavoro in otto ore. A volte è inevitabile portare il lavoro a casa. Tuttavia, ogni volta che si accede a informazioni personali al di fuori dell'ufficio, aumenta il rischio che queste vengano perse o compromesse. Gli enti pubblici e le organizzazioni private devono tenere al sicuro i documenti cartacei ed elettronici, come previsto dal Freedom of Information and Protection of Privacy Act ("FIPPA") e dal Personal Information Protection Act ("PIPA").

Suggerimenti e trucchi antispam

Quando il 1° luglio 2014 è entrata in vigore la legislazione canadese anti-spam (CASL), le nostre caselle di posta elettronica sono diventate molto più facili da gestire. Ma lo spam può ancora arrivare sui computer. Più che fastidiose, queste e-mail indesiderate possono lanciare spyware dannosi nelle nostre caselle di posta e compromettere la nostra privacy. Fortunatamente, esistono alcune semplici azioni da intraprendere per ridurre al minimo il rischio.

Upcoming conference to probe future of privacy

On Nov. 12 and 13, the OIPC will host “Privacy and Access 20/20: The Future of Privacy" with our partner, Reboot Communications. The conference will bring stakeholders from the public, private and non-profit sectors together at the Coast Coal Harbour Hotel for some thought-provoking, content from experts in industry, government, academic institutions and civil society. Here are some thoughts on the topic from Commissioner Elizabeth Denham.

Addressing growing caseloads

The Information and Privacy Commissioner receives hundreds of complaints and appeals from British Columbians each year.

These numbers have increased significantly in recent years. And we aren’t alone: privacy and access to information commissioners in Canada and beyond are experiencing big increases in case volumes that are challenging them to deliver timely service to the public.

Your Right to Know: 8 books for your shelf

Every year I look forward to Right to Know week, because it gives us a chance to celebrate and acknowledge the value of access to information rights. As an avid book-lover and dedicated book-club member, it seemed like a good opportunity to share some of my top picks for books that could find a home in the "access to information" section of your bookshelf.

La settimana del diritto di sapere è arrivata

Lo scopo della Settimana del diritto di sapere è quello di sensibilizzare l'opinione pubblica sui propri diritti di accesso alle informazioni governative. La Settimana del diritto di sapere promuove inoltre la libertà di informazione come elemento essenziale della democrazia e del buon governo. Ecco altre informazioni rapide sulla Settimana del diritto di sapere:

Check out our latest PrivacyRight products!

This month, learn about accountability and the benefits of implementing a privacy management program. We have several online tools for you to explore, including two webinars (each with printer-friendly notes), a video, and podcast. Dig a little deeper with our related guidance documents, then take our privacy assessment challenge.