The Information and Privacy Commissioner enforces two pieces of legislation: the Freedom of Information and Protection of Privacy Act (FIPPA) and the Personal Information Protection Act (PIPA).
The Privacy Act covers disputes between private citizens and is outside of the Commissioner's jurisdiction.
Freedom of Information and Protection of Privacy Act (Public Sector)
The Freedom of Information and Protection of Privacy Act sets out the access and privacy rights of individuals as they relate to the public sector.
FIPPA establishes an individual's right to access records, including access to a person's own "personal information" as well as records in the custody or control of a "public body" -- see Schedule 2 and Schedule 3 for a list of public bodies that are covered by FIPPA.
There are certain exceptions to accessing records - for example, a public body cannot disclose information that would be harmful to law enforcement, personal privacy or public safety. Policy advice and legal advice are also excluded. These exceptions are explained out in sections 12 to 22.
In addition to establishing an individual's right to access records, FIPPA also sets out the terms under which a public body can collect, use and disclose "personal information" of individuals. Public bodies are accountable for their information practices; FIPPA requires that they take reasonable steps to protect the privacy of personal information they hold.
Personal Information Protection Act (Private Sector)
British Columbia's Personal Information Protection Act came into effect in January 2004. The legislation applies to any private sector organization (such as a business or corporation, union, political party, and not-for-profit) that collects, uses, and discloses the personal information of individuals in BC.
PIPA also applies to any organization located within BC that collects, uses, or discloses personal information of any individual inside or outside of BC.
Under PIPA, individuals have the right to access their own personal information. The law also states the rules by which organizations can collect, use and disclose personal information from customers, clients and/or employees. PIPA requires organizations to protect and secure personal information against unauthorized use or disclosure.
E-Health (Personal Health Information Access and Protection of Privacy) Act
Every six years, FIPPA and PIPA are reviewed by a Special Committee of the Legislature. The Committee asks the public and interest groups for written and oral submissions that describe how the law is working and whether changes are needed. At the end of the process, the Committee issues a public report that sets out recommendations going forward. For more information, visit the Legislative Assembly website.