In 2014, the Information and Privacy Commissioner established an Audit and Compliance Program to assess the extent to which public bodies and private sector organizations complying with the Freedom of Information and Protection of Privacy Act ("FIPPA") and the Personal Information Protection Act ("PIPA").
The Audit and Compliance Program will measure compliance with B.C.'s information and privacy laws and make recommendations to improve privacy and access practices, policies, guidelines, and legislation.
Some of the areas our Audit & Compliance program will assess include:
- Management policies and procedures;
- Collection, use, disclosure, retention;
- Protections and safeguards;
- Access processes;
- Accountability and compliance monitoring.
The OIPC has developed a program charter to assist public bodies and organizations to understand the authority, function, and key steps in an OIPC assessment.
The OIPC audit team is examining information sharing agreements of the Insurance Corporation of British Columbia.
- Over-collected and Overexposed: Surveillance and Privacy Compliance in a Medical Clinic (December 8, 2016). This is the first audit of a private sector business to determine the organization's compliance with PIPA.
- City of Vancouver Duty to Assist (June 23, 2016) This report looks at the duty to assist, which requires public bodies to make every reasonable effort to assist each applicant openly, accurately and completely, without delay, throughout the freedom of information process.
- Examination of British Columbia Health Authority Privacy Breach Management (Sept. 29, 2015) This report addresses one aspect of B.C.'s complex, multi-party health care system - the degree to which health authorities effectively manage privacy breaches when and where they happen.
- Examination of BC Government's Privacy Breach Management (Jan. 28, 2015) This report examines the degree to which the B.C. government is fulfilling its duty to respond to, and properly manage, its privacy breaches.