The Information and Privacy Commissioner enforces two pieces of legislation: the Freedom of Information and Protection of Privacy Act ("FIPPA") and the Personal Information Protection Act ("PIPA").
The Privacy Act covers disputes between private citizens and is outside of the Commissioner's jurisdiction.
Freedom of Information and Protection of Privacy Act (Public Sector)
The Freedom of Information and Protection of Privacy Act sets out the access and privacy rights of individuals as they relate to the public sector.
FIPPA establishes an individual's right to access records - this includes access to a person's own "personal information" as well as records in the custody or control of a "public body" -- see Schedule 2 and Schedule 3 for a list of public bodies that are covered by FIPPA.
There are certain exceptions to accessing records- for example, a public body cannot disclose information that is deemed to be harmful to law enforcement, personal privacy or public safety. Policy advice and legal advice are also excluded. These exceptions are spelled out in sections 12 to 22.
In addition to establishing an individual's right to access records, FIPPA also sets out the terms under which a public body can collect, use and disclose the "personal information" of individuals. Public bodies are held accountable for their information practices -- FIPPA requires that they take reasonable steps to protect the privacy of personal information they hold.
Personal Information Protection Act (Private Sector)
The Personal Information Protection Act came into effect in January 2004, and sets out how private sector "organizations" can collect, use and disclose personal information. There are more than 300,000 organizations in B.C. covered by PIPA, including businesses and corporations, unions, political parties, and not-for-profits doing business in B.C.
Under PIPA, individuals have the right to access their own personal information. The law also sets out the rules by which organizations can collect, use and disclose personal information from customers, clients and/or employees. PIPA requires organizations to protect and secure personal information against unauthorized use or disclosure.
E-Health (Personal Health Information Access and Protection of Privacy) Act
Every six years, FIPPA and PIPA are reviewed by a Special Committee of the Legislature. The Committee asks the public and interest groups for written and oral submissions that describe how the law is working and whether changes are needed. At the end of the process, the Committee issues a public report that sets out recommendations going forward. For more information, visit the Legislative Assembly website.