*If you have a complaint about the disclosure of your personal information or others', please email info@oipc.bc.ca or go here for more information on how to make a privacy or access complaint.
This webform is only for representatives of organizations and public bodies.
Guidance for Representatives of Organizations and Public Bodies
Privacy breaches can take many forms – from someone mistakenly sending an email containing sensitive personal information to the wrong person to a hacker stealing and exploiting someone’s information for profit. All breaches involve either the theft or loss of people’s personal information or a collection, use or disclosure of that information that contravenes BC’s privacy laws, the Personal Information Protection Act (PIPA) or part 3 of the Freedom of Information and Protection of Privacy Act (FIPPA).
A breach can cause significant harm, including identity theft, risk of physical harm, humiliation and damage to personal or professional reputations, and loss of business or employment opportunities.
The OIPC offers guidance to organizations and public bodies to assist them in making key decisions after a privacy breach occurs.
Public bodies that experience privacy breaches that could reasonably be expected to result in significant harm to affected individuals are required to notify both the individuals affected and the Commissioner.
The Commissioner continues to call on government to amend the Personal Information Protection Act to require organizations to report breaches to the OIPC and to individuals facing the risk of significant harm from a breach. In the meantime, we strongly recommend that breaches be reported to our office as a best practice. Managing privacy breaches properly is an important step towards alleviating harms – and preventing future breaches of personal information.
Where can I learn more about managing privacy breaches?
Privacy breaches: tools and resources for public bodies explains the mandatory breach notification requirements for public bodies and outlines steps to take once a breach has occurred. The guidance also includes a privacy breach checklist, notification tool, and policy template. Privacy Breaches: Tools and Resources for private sector organizations offers best practices for organizations responding to privacy breaches.
The OIPC PrivacyRight series helps small businesses and organizations in BC understand their obligations under the PIPA through webinars, videos, and podcasts. Webinar 8 deals specifically with Managing Privacy Breaches.
Securing Personal Information: A Self-Assessment Tool for Public Bodies and Organizations is like a privacy check-up for public bodies and organizations. The comprehensive checklist provides an assessment of the safeguards they may or may not have in place for protecting the personal information they collect, use, and disclose.