Contact us Follow @BCInfoPrivacy LinkedIn RSS
Advanced Search

Investigation and Audit Reports

View Sectional Index

Investigation, audit, and compliance reports

The Information and Privacy Commissioner has the authority to investigate or audit the programs, policies or information systems of public bodies and private organizations in order to assess compliance with BC's access and privacy laws, and also to comment on new developments.

The Commissioner may publish a detailed report that sets out the particulars of that investigation, audit or compliance review, including any findings and recommendations.

Special Reports

From time to time, the Commissioner issues public reports on specific topics in access and privacy. These reports include timeliness reports on the government's efforts to respond to access requests in a timely manner or recommendations, research and analysis of emerging issues in the access and privacy field.

Year
select
Type
select
Document Type Date Title
Summary
Special Report Jan 31, 2024 Special Report: Review of Government's performance in responding to access requests The right to access public body records without unreasonable delay is protected by law and is critic... more
The right to access public body records without unreasonable delay is protected by law and is critical to enabling an informed and well functioning democratic society. The provincial Government receives thousands of requests for access to records each year and, as such, the timeliness of Government in responding to access requests is important. This report marks the ninth review from the Office of the Information and Privacy Commissioner (OIPC) on Government’s timeliness, and covers the three-year period of April 1, 2020 to March 31, 2023. Where possible, the OIPC also examined historical data on Government’s performance over the past decade.
Special Report Sep 13, 2023 Follow-up report: Left untreated: Security gaps in BC's public health database As digital innovation continues to transform health care provided in Canada and abroad, British Colu... more
As digital innovation continues to transform health care provided in Canada and abroad, British Columbians find increasing amounts of their sensitive personal information being collected and stored within digital systems. From personal health numbers to records relating to individuals’ mental health status, British Columbia’s Provincial Public Health Information System stores large amounts of sensitive information about those of us accessing healthcare and communicable disease services.
Special Report Apr 26, 2023 The digital dilemma: Reflections on the OIPC Youth Forum On March 9, 2023, the Office of the Information and Privacy Commissioner for British Columbia (OIPC)... more
On March 9, 2023, the Office of the Information and Privacy Commissioner for British Columbia (OIPC) hosted the OIPC Youth Forum. A group of high school students from across British Columbia joined experts from the OIPC, the BC Civil Liberties Association, MediaSmarts, and special guest speaker, Cambridge Analytica whistleblower and social researcher Christopher Wylie, for a wide-ranging discussion on the privacy issues that impact students most.
Investigation Report Apr 20, 2023 Canadian Tire Associate Dealers’ use of facial recognition technology The Office of the Information and Privacy Commissioner for British Columbia (OIPC) investigated the ... more
The Office of the Information and Privacy Commissioner for British Columbia (OIPC) investigated the use of facial recognition technology (FRT) by four Canadian Tire stores (the stores) located in British Columbia.
Investigation Report Jan 19, 2023 Access application fee six-month review The Freedom of Information and Protection of Privacy Act (FIPPA) embodies the fundamental principle—... more
The Freedom of Information and Protection of Privacy Act (FIPPA) embodies the fundamental principle—which has quasi-constitutional status—that access to government information is critically important for a healthy, well-functioning democracy. To that end, FIPPA expressly states that one of its purposes is “to make public bodies more accountable to the public…by…giving the public a right of access to records”. A right of any kind is always qualified, and FIPPA has for the almost 30 years of its existence balanced access with other public interest considerations, including by permitting the imposition of fees for the processing of requests that take more than three hours.
Investigation Report Dec 15, 2022 Left untreated: Security gaps in BC's public health database The Provincial Public Health Information System, or the System, as it is referred to in this report,... more
The Provincial Public Health Information System, or the System, as it is referred to in this report, contains personal information about almost all of us – from personal health numbers to immunization records. If you have received medical care in BC for a pregnancy, a mental health issue, or for a sexually transmitted infection, you will find that sensitive personal information recorded in the System. And every day, hundreds of healthcare workers and policymakers across BC access this System, as they must.
Compliance Report Jun 7, 2022 Follow-up review of liquor and cannabis retailers When you make an in-store or online purchase, chances are you don’t think about how the personal inf... more
When you make an in-store or online purchase, chances are you don’t think about how the personal information associated with your transaction is protected. In part, this is because we trust businesses to handle and protect our personal information with the same care they handle their valuable inventory and monies collected from customers.
Investigation Report Jun 1, 2022 Report of Findings: Joint investigation of TDL Group Corp. (Tim Hortons) Joint Investigation by the Office of the Privacy Commissioner of Canada, the Commission d’accès à l’... more
Joint Investigation by the Office of the Privacy Commissioner of Canada, the Commission d’accès à l’information du Québec, the Office of the Information and Privacy Commissioner of Alberta, and the Office of the Information and Privacy Commissioner for British Columbia into The TDL Group Corp.’s (the operator and franchisor of Tim Hortons in Canada) compliance with Canada’s Personal Information Protection and Electronic Documents Act, Quebec’s Act respecting the Protection of Personal Information, Alberta’s Personal Information Protection Act, and British Columbia’s Personal Information Protection Act.
Special Report Dec 15, 2021 The impact of COVID-19 on access to information Access to information is vital to ensuring the transparency and accountability of government, even m... more
Access to information is vital to ensuring the transparency and accountability of government, even more so in times of crisis. The decisions made by public bodies during the pandemic impact all of us, and, subject to certain exceptions, there is a right of access to the records relating to those decisions.
Compliance Report Jun 22, 2021 Review of private liquor and cannabis retailers Private sector liquor and cannabis retailers are tasked with collecting our personal information. An... more
Private sector liquor and cannabis retailers are tasked with collecting our personal information. And for good reason. They need to verify age by checking a driver’s license, they capture video using surveillance systems to ensure security, they use our financial information for payment, and they collect employee information for HR and payroll purposes. Retailers’ authority to collect this kind of information is found in BC’s Personal Information Protection Act (PIPA).
Special Report Jun 17, 2021 Getting Ahead of the Curve: Meeting the challenges to privacy and fairness arising from the use of artificial intelligence in the public sector With the proliferation of instantaneous and personalized services increasingly being delivered to pe... more
With the proliferation of instantaneous and personalized services increasingly being delivered to people in many areas in the private sector, the public is increasingly expecting the same approach when receiving government services. Artificial intelligence (AI) is touted as an effective, efficient and cost-saving solution to these growing expectations. However, ethical and legal concerns are being raised as governments in Canada and abroad are experimenting with AI technologies in decision-making under inadequate regulation and, at times, in a less than transparent manner.
Investigation Report Feb 3, 2021 Report of findings: Joint investigation of Clearview AI, Inc. Joint investigation of Clearview AI, Inc. by the Office of the Privacy Commissioner of Canada, the C... more
Joint investigation of Clearview AI, Inc. by the Office of the Privacy Commissioner of Canada, the Commission d’accès à l’information du Québec, the Information and Privacy Commissioner for British Columbia, and the Information Privacy Commissioner of Alberta
Investigation Report Oct 29, 2020 Report of Findings: Joint investigation of The Cadillac Fairview Corporation Limited by the Privacy Commissioner of Canada, the Information and Privacy Commissioner of Alberta, and the Information and Privacy Commissioner for British Columbia The Office of the Privacy Commissioner of Canada (“OPC”), Office of the Information and Privacy Comm... more
The Office of the Privacy Commissioner of Canada (“OPC”), Office of the Information and Privacy Commissioner of Alberta (“OIPC AB”) and the Office of the Information and Privacy Commissioner for British Columbia (“OIPC BC”), collectively referred to as “the Offices” commenced a joint investigation1,2 to examine whether The Cadillac Fairview Corporation Limited (“CFCL”) was collecting and using personal information of visitors to its Canadian malls, without valid consent, via: i. Anonymous Video Analytics (“AVA”) technology installed in “wayfinding” directories; and ii. mobile device geolocation tracking technologies.
Special Report Sep 2, 2020 Now is the time: A report card on government's access to information timeliness Government’s information is the public’s information. More than a glib phrase, this principle was un... more
Government’s information is the public’s information. More than a glib phrase, this principle was unanimously enshrined by BC’s legislature in the Freedom of Information and Protection of Privacy Act (FIPPA) more than 25 years ago. FIPPA gives each of us the right of access to a public body’s information within a prescribed time frame, subject to carefully prescribed exceptions.
Investigation Report Jun 11, 2020 Section 71: Categories of records available without a request It is often said that information is the oxygen of democracy. To that end, we desperately need a hyp... more
It is often said that information is the oxygen of democracy. To that end, we desperately need a hyperbaric chamber that will boost our access to information systems in a way that improves the accountability of public bodies.
Investigation Report Nov 26, 2019 AggregateIQ Data Services Ltd. Joint Investigation by the Office of the Information and Privacy Commissioner for British Columbia a... more
Joint Investigation by the Office of the Information and Privacy Commissioner for British Columbia and the Office of the Privacy Commissioner of Canada into AggregateIQ Data Services Ltd.’s (“AIQ”) compliance with the Personal Information Protection Act (“PIPA”) and the Personal Information Protection and Electronic Documents Act (“PIPEDA”) in respect of certain collections, uses, and disclosures of personal information on behalf of other organizations in order to provide targeted advertising, data processing, and database management services in political campaigns. Specifically, this report focuses on whether AIQ met its legal obligations relating to consent and safeguarding of personal information.
Compliance Report Sep 25, 2019 Compliance Review of Medical Clinics This compliance review, conducted under s. 36 of the Personal Information Protection (PIPA), focused... more
This compliance review, conducted under s. 36 of the Personal Information Protection (PIPA), focused on 22 BC medical clinics with five or more licensed physicians. The review assessed the clinics’ privacy management programs, privacy policies, and the collection and safeguarding of personal information. The OIPC selected medical clinics because they handle a significant amount of sensitive personal information, and this group comprises a large number of OIPC complaint and breach files each year.
Investigation Report Apr 25, 2019 Report of Findings: Joint investigation of Facebook, Inc. by the Privacy Commissioner of Canada and the Information and Privacy Commissioner for British Columbia Joint Investigation by the Office of the Privacy Commissioner of Canada and the Office of the Inform... more
Joint Investigation by the Office of the Privacy Commissioner of Canada and the Office of the Information and Privacy Commissioner for British Columbia into Facebook, Inc.’s compliance with the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and the Personal Information Protection Act (British Columbia) (“PIPA”)
Investigation Report Feb 6, 2019 Full Disclosure: Political parties, campaign data, and voter consent This investigation commenced in the wake of several complaints registered with my office about how p... more
This investigation commenced in the wake of several complaints registered with my office about how political parties treat their personal information.
Audit Report Nov 22, 2018 City of White Rock: Duty to assist The duty to assist citizens with requests to access records is an essential component of BC’s Freedo... more
The duty to assist citizens with requests to access records is an essential component of BC’s Freedom of Information and Protection of Privacy Act (FIPPA). It is important that public bodies embrace this responsibility by responding openly, accurately and completely, and without delay to all requests.
Investigation Report Mar 22, 2018 Always, sometimes, or never? Personal information & tenant screening Some 1.5 million people live in rental housing in British Columbia, representing about 30% of all ho... more
Some 1.5 million people live in rental housing in British Columbia, representing about 30% of all households. Vacancy rates are near zero and anyone looking for a place to rent in BC knows the challenge of finding accommodation.
Audit Report Jan 17, 2018 WorkSafeBC: Management of access and privacy requests and complaints WorkSafeBC collects highly sensitive personal information in many ways, including through employee i... more
WorkSafeBC collects highly sensitive personal information in many ways, including through employee insurance claims, reports of unsafe working conditions, or during an incident investigation. In the case of workplace injuries that require medical attention, the incident must be reported to WorkSafeBC. Employees cannot opt out and so must trust the agency to appropriately handle their personal information.
Investigation Report Nov 8, 2017 Use of employee surveillance by a BC chicken catching organization In June 2017, a covert video depicting disturbing images of animal abuse at a chicken farm was relea... more
In June 2017, a covert video depicting disturbing images of animal abuse at a chicken farm was released to the media. Animal rights groups and British Columbians alike immediately condemned the actions of some employees of the Lower Mainland “chicken catching” company. Acting on the advice of a crisis management consultant, the company decided to require their crews to wear surveillance video cameras as they worked.
Special Report Sep 20, 2017 Timing is Everything: Report Card on Government's Access to Information Responses The Freedom of Information and Protection of Privacy Act (FIPPA) came into force in 1993 to make pub... more
The Freedom of Information and Protection of Privacy Act (FIPPA) came into force in 1993 to make public bodies more accountable to the public and to protect personal privacy. My mandate is to enforce compliance with FIPPA and one way I accomplish this is by reporting on government’s performance in responding to access to information requests. This report examines in detail the performance of all ministries and compares and analyzes the results.
Audit Report Sep 13, 2017 Insurance Corporation of British Columbia Information Sharing Agreements This report examines how ICBC shares the personal information of millions of British Columbians.
Audit Report Dec 8, 2016 Over-collected and Overexposed: Surveillance and Privacy Compliance in a Medical Clinic This is the first audit of a private sector business to determine the organization's compliance with... more
This is the first audit of a private sector business to determine the organization's compliance with PIPA.
Investigation Report Oct 18, 2016 Mobile Device Management in B.C. Government Acting Information and Privacy Commissioner Drew McArthur recommends that the B.C. government improv... more
Acting Information and Privacy Commissioner Drew McArthur recommends that the B.C. government improve its policies and practices regarding mobile device use by employees.
Investigation Report Jun 29, 2016 Clearly in the public interest: The disclosure of information related to water quality in Spallumcheen This investigation report was issued in response to a complaint from the University of Victoria‘s En... more
This investigation report was issued in response to a complaint from the University of Victoria‘s Environmental Law Centre (ELC). The complaint alleged that the Ministry of Environment had failed to meet its obligation under the Freedom of Information and Protection of Privacy Act (FIPPA) in relation to access to information requests made by the ELC, and that the Ministry had failed to disclose information in the public interest, as required by FIPPA.
Audit Report Jun 23, 2016 City of Vancouver Duty to Assist This report looks at the duty to assist, which requires public bodies to make every reasonable effor... more
This report looks at the duty to assist, which requires public bodies to make every reasonable effort to assist each applicant openly, accurately and completely, without delay, throughout the freedom of information process.
Investigation Report Jan 28, 2016 Ministry of Education This report details the circumstances surrounding the loss of a portable hard drive by the Ministry ... more
This report details the circumstances surrounding the loss of a portable hard drive by the Ministry of Education containing the personal information of 3.4 million BC and Yukon students and teachers.
Special Report Nov 13, 2015 Cyberbullying: Empowering children and youth to be safe online and responsible digital citizens Cyberbullying involves the use of digital technologies and services including social media, texts, a... more
Cyberbullying involves the use of digital technologies and services including social media, texts, and instant messaging to repeatedly harass and intimidate others. The issue of how best to reduce and penalize cyberbullying has not been resolved by any jurisdiction to date.
Investigation Report Oct 22, 2015 Access Denied: Record Retention and Disposal Practices of the Government of British Columbia Access to information rights can only exist when public bodies create the conditions for those right... more
Access to information rights can only exist when public bodies create the conditions for those rights to be exercised. Government must promote a culture of access, from executive leadership to front-line employees. If they fail to meet this obligation, the access to information process is rendered ineffective.
Audit Report Sep 30, 2015 Examination of British Columbia Health Authority Privacy Breach Management This report addresses one aspect of BC's complex, multi-party health care system - the degree to whi... more
This report addresses one aspect of BC's complex, multi-party health care system - the degree to which health authorities effectively manage privacy breaches when and where they happen.
Investigation Report Jul 2, 2015 Review of the Mount Polley mine tailings pond failure and public interest disclosure by public bodies The Mount Polley mine tailings pond dam failure on August 4, 2014, was a serious environmental disas... more
The Mount Polley mine tailings pond dam failure on August 4, 2014, was a serious environmental disaster. In the wake of the tailings pond breach, government initiated three separate investigations to determine what went wrong, including an Independent Expert Engineering Investigation and Review Panel, whose final report on the mine tailings pond breach was published on January 30, 2015.
Investigation Report Mar 30, 2015 Use of Employee Monitoring Software by the District of Saanich In the context of information technology and information management, public bodies have two related ... more
In the context of information technology and information management, public bodies have two related and important responsibilities: to maintain a high level of security over its data and networks, and to respect the personal privacy of employees and citizens.
Audit Report Jan 28, 2015 An Examination of BC Government's Privacy Breach Management This report examines the degree to which the BC government is fulfilling its duty to respond to, and... more
This report examines the degree to which the BC government is fulfilling its duty to respond to, and properly manage, its privacy breaches.
Special Report Sep 23, 2014 A Step Backwards: Report Card on Government's Access to Information Responses April 1, 2013- March 31, 2014 This special report addresses three issues. The first is an examination of the timeliness of govern... more
This special report addresses three issues. The first is an examination of the timeliness of government responses to access to information requests under the Freedom of Information and Protection of Privacy Act. Second, this report revisits the issue of “no responsive records” replies to general access to information requests. Third, this report examines government’s issuance of fee estimates in response to access requests.
Special Report Jul 22, 2014 A Failure to Archive: Recommendations to Modernize Government Information Management Archiving is a public good. Records about key actions and decisions of government must be preserved... more
Archiving is a public good. Records about key actions and decisions of government must be preserved in a lasting historical record for future generations. Without a comprehensive public archive, access to information and the ‘right to know’ is significantly and severely impaired.
Special Report Apr 30, 2014 A Prescription for Legislative Reform: Improving Privacy Protection in BC's Health Sector The purpose of this special report is encourage an informed dialogue among the public, health practi... more
The purpose of this special report is encourage an informed dialogue among the public, health practitioners, researchers and government about the use of personal information in B.C.’s health care system, today and into the future.
Investigation Report Apr 15, 2014 Use of Police Information Checks in British Columbia This report examines the increasing use of employment-related record checks, specifically what are k... more
This report examines the increasing use of employment-related record checks, specifically what are known as police information checks.
Special Report Feb 14, 2014 Report of the Health Data Research Forum On December 9, 2013, the Office of the Information and Privacy Commissioner for British Columbia and... more
On December 9, 2013, the Office of the Information and Privacy Commissioner for British Columbia and the B.C. Ministry of Health convened a meeting of 38 representatives from the health research community and its stakeholders in British Columbia. The attendees were invited to come together to discuss and seek solutions on timely access to, and appropriate use of, health data under the stewardship of the MoH and health authorities for research, evaluation, planning and quality improvement while maintaining academic independence and enhancing privacy protections and security safeguards.
Investigation Report Dec 2, 2013 Public Body Disclosure of information under Section 25 of the Freedom of Information and Protection of Privacy Act Section 25 of the Freedom of Information and Protection of Privacy Act (“FIPPA”) contains two ground... more
Section 25 of the Freedom of Information and Protection of Privacy Act (“FIPPA”) contains two grounds upon which public bodies are obligated to provide the public with timely information. One is where there is a significant risk of harm to the environment or to health or safety of the public and the other is where this information is, for any other reason, clearly in the public interest. These provisions override every other provision of FIPPA.
Investigation Report Aug 1, 2013 Sharing of Personal Information as Part of the Draft Multicultural Strategic Outreach Plan The Commissioner initiated this investigation to determine whether there was sharing of personal inf... more
The Commissioner initiated this investigation to determine whether there was sharing of personal information between the Government of British Columbia and the BC Liberal Party as part of the Outreach Plan and, if there was, whether this sharing was authorized under the Freedom of Information and Protection of Privacy Act (“FIPPA”) and the Personal Information Protection Act (“PIPA”).
Investigation Report Jul 25, 2013 Evaluating the Government of British Columbia's Open Government Initiative This report evaluates the Government of British Columbia’s open government initiative and whether it... more
This report evaluates the Government of British Columbia’s open government initiative and whether it promotes transparency and accountability in practice. I make eighteen recommendations to strengthen BC’s open government initiative and ensure its sustainability over the long term.
Investigation Report Jun 26, 2013 Ministry of Health This investigation examined three breaches of personal health data for research purposes that happen... more
This investigation examined three breaches of personal health data for research purposes that happened because the Ministry failed to translate privacy and security policies into meaningful business practices.
Investigation Report Mar 4, 2013 Increase in No Responsive Records to General Access to Information Requests: Government of British Columbia This report investigates the growth of “no responsive records” replies by the Government of British ... more
This report investigates the growth of “no responsive records” replies by the Government of British Columbia in response to the general access to information requests of citizens. It also reports on five specific instances of “no responsive records” replies to requests made to government relating to the September 2012 resignation of the Premier’s Chief of Staff.
Investigation Report Nov 15, 2012 Use of Automated Licence Plate Recognition technology by the Victoria Police Department This report examines the use of Automated Licence Plate Recognition (ALPR) technology by the Victori... more
This report examines the use of Automated Licence Plate Recognition (ALPR) technology by the Victoria Police Department. The report makes four recommendations.
Special Report Aug 2, 2012 Report of the Health Research Roundtable The purpose of this paper is to serve as a record of the roundtable discussion on access to data for... more
The purpose of this paper is to serve as a record of the roundtable discussion on access to data for health research and to identify next steps.
Investigation Report Jul 25, 2012 Use Of Employment-Related Criminal Record Checks: Government Of British Columbia This investigation report examines whether the Government of British Columbia is conducting employme... more
This investigation report examines whether the Government of British Columbia is conducting employment record checks in compliance with FIPPA. The report also includes best practices for employment-based record checks, which will be of use to government as well as other public bodies.
Investigation Report Mar 29, 2012 University of Victoria On January 9, 2012 the University of Victoria notified the OIPC of a break-in that had occurred on c... more
On January 9, 2012 the University of Victoria notified the OIPC of a break-in that had occurred on campus. Among the items stolen was a USB key containing the personal information of current and former UVic employees. The Commissioner initiated an investigation in order to determine whether the University met its obligation to protect personal information as per section 30 of FIPPA.
Investigation Report Feb 16, 2012 Investigation Into The Use Of Facial Recognition Technology By The Insurance Corporation Of British Columbia This investigation report examines the privacy issues associated with the use of facial recognition ... more
This investigation report examines the privacy issues associated with the use of facial recognition technology by the Insurance Corporation of British Columbia (“ICBC”).
Special Report Jan 23, 2012 Follow-up to Timeliness Report for Fiscal Year 2010/11 No summary available.
Investigation Report Dec 19, 2011 British Columbia Hydro And Power Authority Investigation into the privacy and security of BC Hydro's smart meters.
Special Report Sep 22, 2011 Report Card on the Timeliness of Government’s Access to Information Responses No summary available.
Investigation Report May 16, 2011 Investigation Into The Simultaneous Disclosure Practice Of BC Ferries In response to a complaint about the practice of BC Ferry Services Inc. to publicly post responses t... more
In response to a complaint about the practice of BC Ferry Services Inc. to publicly post responses to access to information requests, either before or at the same time as they are provided to the applicant, the Information and Privacy Commissioner for British Columbia conducted an investigation. The investigation examined both the practice of simultaneous disclosure as well as the general practice of proactive disclosure. On the key issue of simultaneous disclosure, the Commissioner recommended a minimum delay of 24 hours between the applicant’s receipt of the response and the time the response is publicly posted. There should be a further delay upon request by the applicant on reasonable grounds.
Special Report Apr 12, 2011 Six-month Check-up: Review of Government’s Timeliness in Responding to Media and Political Parties’ Requests This report is a six-month review of the strategies and outcomes of government’s efforts to improve ... more
This report is a six-month review of the strategies and outcomes of government’s efforts to improve response times to media and political party applicants, following-up the Timeliness Report issued in August 2010.
Investigation Report Feb 15, 2011 Investigation Into A Privacy Breach Of Customers' Personal Information By The British Columbia Lottery Corporation The OIPC investigated a privacy breach of personal information of the BC Lottery Corporation's PlayN... more
The OIPC investigated a privacy breach of personal information of the BC Lottery Corporation's PlayNow.com website, which occurred on July 15, 2010. Given the security risks of an online gaming website, The Commissioner also conducted a second, broader investigation into the general security of the online platform to ensure personal information was adequately protected
Special Report Aug 5, 2010 It's About Time Report Card On The Timeliness Of Government’s Access To Information Responses This is the second report on the performance of ministries in meeting their obligation under the Fre... more
This is the second report on the performance of ministries in meeting their obligation under the Freedom of Information and Protection of Privacy Act (“FIPPA”) to respond to access requests without delay.
Investigation Report Mar 5, 2010 Review Of The Electronic Health Information System At Vancouver Coastal Health Authority Known As The Primary Access Regional Information System (“Paris”) The electronic health record system at Vancouver Coastal Health Authority (“VCH”) known as the Prima... more
The electronic health record system at Vancouver Coastal Health Authority (“VCH”) known as the Primary Access Regional Information System (“PARIS”) was introduced in 2001 for its community-based programs. It is accessed by staff and contractors involved in the delivery of a wide range of health services outside of acute care hospitals. The personal information contained in PARIS is highly sensitive. It includes diagnoses as well as the case notes of physicians, nurses and counsellors about the treatment they provide to their clients. The purpose of this investigation is to evaluate VCH’s compliance with the requirements of FIPPA in its collection, use and disclosure of personal information in PARIS.
Investigation Report Feb 8, 2010 Ministry Of Housing and Social Development, Ministry Of Children And Family Development On April 7, 2009 an employee of the Ministry of Children and Family Development (“MCFD”) was arreste... more
On April 7, 2009 an employee of the Ministry of Children and Family Development (“MCFD”) was arrested by the RCMP on suspicion of fraudulently obtaining identification. During the course of the search of the employee’s home, RCMP officers discovered that the employee had over 400 pages of government documents containing sensitive personal information about more than 1,400 clients of the Ministry of Housing and Social Development and MCFD. This report results from the OIPC’s investigation into the government’s response to the police discovery of sensitive personal information.
Investigation Report Oct 8, 2009 Investigation Into Disclosure Of Jurors' Personal Information By The Insurance Corporation Of British Columbia In April 2009, ICBC advised a trial court judge that an ICBC claims adjuster had provided personal i... more
In April 2009, ICBC advised a trial court judge that an ICBC claims adjuster had provided personal information about the trial's jurors to the external defence counsel retained by ICBC for the trial. ICBC conducted its own internal investigation of all the jury trials that could be identified since 2000 and determined that there were five other similar incidents of jury checking. The OIPC's investigation reviewed ICBC policies and practices. While ICBC had policies in place to prohibit jury checking, those policies had not succeeded in preventing these occurrences. ICBC should focus on more specific training for claims adjusters and better communication and awareness of ICBC's privacy policies for external defence counsel.
Special Report Feb 12, 2009 Timeliness of Government’s Access To Information Responses This report aims to shine light on problems within the provincial government in meeting the legal ob... more
This report aims to shine light on problems within the provincial government in meeting the legal obligations imposed by the Freedom of Information and Protection of Privacy Act to respond to access requests in a timely fashion.
Investigation Report Nov 4, 2008 Ministry Of Children & Family Development A reporter with the Victoria Times-Colonist newspaper requested records from the Ministry of Childre... more
A reporter with the Victoria Times-Colonist newspaper requested records from the Ministry of Children and Family Development regarding the Ministry’s Sexual Abuse Intervention Program (SAIP). The Ministry provided records, including a copy of a report about the SAIP program, which the Ministry had partially severed under discretionary sections of FIPPA. The applicant later obtained an unsevered version of the report through other means and complained to this office about the Ministry’s decisions in severing under FIPPA. This report relates to the SAIP Report itself, not its appendices, and examines only issues related to s. 13 of FIPPA.
Investigation Report May 7, 2008 Ministry of Health Four computer tapes containing personal information of residents of British Columbia and New Brunswi... more
Four computer tapes containing personal information of residents of British Columbia and New Brunswick who received medical services outside their home province was couriered from New Brunswick to Health Insurance BC, a contractor for the Ministry of Health in British Columbia. They never arrived at HIBC. The information was on magnetic tapes and was not protected by encryption. This method of transferring personal information did not meet the security measures required under s. 30 of the Freedom of Information and Protection of Privacy Act. The Ministry’s policies and practices resulted in failure to ensure the tape loss was detected in a timely way. The Ministry also failed to notify affected individuals and the OIPC in a timely way. After the loss was discovered, the Ministry took appropriate action to mitigate risk to the affected individuals. After the incident, the Ministry ceased exchanging unencrypted personal information of this kind with other jurisdictions. New Ministry procedures now monitor more closely such exchanges of personal information and the Ministry continues to work towards an even more secure method of data transfer.
Investigation Report Jan 22, 2008 Ministry Of Environment, Ministry Of Forests And Range The University of Victoria Environmental Law Clinic, on behalf of a group of eight environmental org... more
The University of Victoria Environmental Law Clinic, on behalf of a group of eight environmental organizations, brought a complaint against three ministries alleging that there was a system-wide pattern of acting to frustrate environmental groups seeking records under the Freedom of Information and Protection Act (“FIPPA”). The groups alleged that there were routine delays in responding to access requests, excessive censoring of records, excessive and unreasonable fees and frequent and unjustified denials of fee waivers. Any one of these allegations, if proven, would be a violation of the s. 6 FIPPA duty to assist applicants. A preliminary investigation determined that while the complaint against the Ministry of Forests was not substantiated, there was some basis for the allegation of systemic problems with requests made to the Ministry of Environment. The parties met and developed a mutually acceptable action plan to resolve the complainants concerns.
Investigation Report Jun 20, 2007 Ministry Of Small Business & Revenue & Eds Advanced Solutions Inc. An employee of EDS, a Ministry service provider, was caught improperly browsing through a Ministry c... more
An employee of EDS, a Ministry service provider, was caught improperly browsing through a Ministry computer system for personal information of friends and acquaintances. This had gone undetected because of insufficient technical security measures. The inadequate security measures constituted a breach of s. 30 of FIPPA. Further, by taking more than nine months to notify affected individuals, the Ministry and EDS breached their s. 30 obligations. The Ministry and EDS have since taken significant steps to improve security and to develop employee awareness of, and compliance with, privacy law.
Special Report Aug 30, 2006 Local Governments and The Growth Of Surveillance No summary available.
Investigation Report Jun 7, 2006 Investigation Into Security Of Personal Information Held By Vancouver Coastal Health Authority’s Employee And Family Assistance Program The Employee and Family Assistance Program (“EFAP”) is a confidential employee-counselling service o... more
The Employee and Family Assistance Program (“EFAP”) is a confidential employee-counselling service operated as a component of the Vancouver Coastal Health Authority (“VCHA”). It is staffed by VCHA employees and is responsible to VCHA. EFAP is a program of the VCHA and is not a separate entity. As a health authority established under the Health Authorities Act, VCHA is a “health care body” and therefore a “public body” covered by the Freedom of Information and Protection of Privacy Act (“FIPPA”). EFAP’s actions are therefore those of the VCHA for FIPPA purposes.
Investigation Report Mar 31, 2006 Sale Of Provincial Government Computer Tapes Containing Personal Information Examples abound these days of privacy breaches involving the unauthorized disclosure or acquisition ... more
Examples abound these days of privacy breaches involving the unauthorized disclosure or acquisition of personal information because of compromised storage, handling or disposal of computer devices or electronic data media. This is so even though security safeguards are available and even though governments and businesses know that they must protect the security, confidentiality and integrity of the personal information they hold. This case illustrates the all too common failure of both public and private sector organizations to ensure that safeguards are identified and diligently implemented throughout organizations.
Special Report Oct 29, 2004 Privacy and the USA Patriot Act: Implications for British Columbia Public Sector Outsourcing No summary available
Investigation Report Sep 30, 2002 Investigation Of A Patient Survey By The Children’s And Women’s Health Centre Of British Columbia In 2000, the Children’s and Women’s Health Centre of British Columbia (“Health Centre”) carried out ... more
In 2000, the Children’s and Women’s Health Centre of British Columbia (“Health Centre”) carried out a survey of parents of pediatric patients and their families to obtain their views on services the Health Centre provides. The Health Centre is a public body under the Freedom of Information and Protection of Privacy Act (“Act”) and must, therefore, comply with the privacy provisions in Part 3 of the Act. The Office of the Information and Privacy Commissioner (“OIPC”) has the authority under s. 42 to conduct investigations to ensure compliance with the Act. The OIPC decided to investigate the survey to ensure that it complied with Part 3. Our investigation looked at collection of personal information under s. 26 of the Act, use of personal information under s. 32 and disclosure of personal information under s. 33 of the Act.
Investigation Report Oct 5, 2001 Investigation Into BC Nurses’ Union Complaint About Telus-VGH LastWord Contract This investigation report addresses a complaint made by the B.C. Nurses’ Union regarding a package ... more
This investigation report addresses a complaint made by the B.C. Nurses’ Union regarding a package of contracts between Telus and Vancouver Hospital and Health Sciences Centre (“Vancouver Hospital”). The complaint focused on concerns about whether the contracts, or procedures under them, comply with Vancouver Hospital’s obligations regarding the privacy of patients’ personal information under Part 3 of FIPPA.
Investigation Report Sep 18, 2001 Investigation Into Canadian Youth, Sexual Health & HIV/Aids Study 2001 This document sets out the findings of fact, and resulting recommendations, of the Information and P... more
This document sets out the findings of fact, and resulting recommendations, of the Information and Privacy Commissioner for British Columbia (“Commissioner”), regarding the Canadian Youth, Sexual Health & HIV/AIDS Study 2001 (“study”) and its compliance with the privacy provisions of the Freedom of Information and Protection of Privacy Act (“Act”).
Investigation Report Oct 24, 2000 Investigation Into Use of Alumni Personal Information By Universities This document deals with concerns raised about British Columbia universities' involvement in marketi... more
This document deals with concerns raised about British Columbia universities' involvement in marketing products or services to students or alumni. It addresses these issues and includes recommendations to the Information and Privacy Commissioner for universities and other public bodies to improve their privacy protection practices where personal information is collected, used or disclosed for marketing purposes.
Investigation Report Mar 25, 1999 Report of an Investigation by the Office of the Information and Privacy Commissioner into privacy complaints concerning the Provincial Learning Assessment Program of the Ministry of Education In mid-November 1998, a number of stories appeared in the print media regarding the Ministry of Educ... more
In mid-November 1998, a number of stories appeared in the print media regarding the Ministry of Education’s (the Ministry) July 1998 disclosure to the Ministry for Children and Families (MCF) of 46 of the 140,000 Provincial Learning Assessment Program tests that had been written in May 1998. The Provincial Learning Assessment Program tests are standardized tests that have been administered annually by the Ministry for over twenty years to assess the effectiveness of provincial curriculum and programs.
Investigation Report Jan 5, 1999 An investigation into the disclosure of personal information concerning discipline matters by the British Columbia College of Teachers The Office of the Information and Privacy Commissioner (the Office) investigated the British Columbi... more
The Office of the Information and Privacy Commissioner (the Office) investigated the British Columbia College of Teachers’ disclosure of personal disciplinary information to verify that its policies and practices comply with section 33 of the Freedom of Information and Protection of Privacy Act (the Act).
Investigation Report Mar 31, 1998 Video surveillance by public bodies: a discussion This Investigation Report is the result of site visits to public bodies throughout the Province, inc... more
This Investigation Report is the result of site visits to public bodies throughout the Province, including the Vancouver Public Library, the headquarters of the Insurance Corporation of British Columbia, and several correctional institutions, police departments, and hospitals. All of these public bodies use video surveillance systems.
Investigation Report Mar 31, 1998 An investigation concerning the disclosure of personal information through public property registries In September 1996, the City of Victoria announced it was becoming the first municipality in Canada t... more
In September 1996, the City of Victoria announced it was becoming the first municipality in Canada to provide property assessment information to the public through the Internet. The new service would allow the public to search the database by property owner's name, address and Roll number. The Office of the Information and Privacy Commissioner received a number of complaints from citizens concerned about their privacy. The Commissioner's report focuses on the privacy issues surrounding the publication of personal information in property databases. It examines the wider assessment system and most specifically, the BC Assessment Authority, which assumes the lead role in the property assessment system.
Investigation Report Jun 16, 1997 Report on an investigation by the Office of the Information and Privacy Commissioner into a complaint regarding a disclosure of Personal information by the Vancouver Police Department The Office of the Information and Privacy Commissioner (the Office) received a complaint from a woma... more
The Office of the Information and Privacy Commissioner (the Office) received a complaint from a woman that the Vancouver Police Department had violated her privacy by disclosing to her landlord, in response to his freedom of information request, records containing details of her 911 calls to the police for help.
Investigation Report Mar 18, 1997 Complaints Against the Insurance Corporation of British Columbia Concerning the Customer Appeal Program Survey and the Customer Satisfaction Survey This Investigation Report is the result of the investigation of two privacy complaints against the I... more
This Investigation Report is the result of the investigation of two privacy complaints against the Insurance Corporation of British Columbia (ICBC), one regarding the ICBC "Customer Appeal Program" survey, and one regarding the "Customer Satisfaction" survey, both conducted by Campbell Goodell Traynor of Vancouver. The two complainants objected to the disclosure of their personal information by ICBC to a contracted survey research company.
Investigation Report Mar 3, 1997 Report on an investigation by the Office of the Information and Privacy Commissioner into Privacy Complaints Concerning the Career and Personal Planning (CAPP) Curriculum of the Ministry of Education, Skills and Training The Office of the Information and Privacy Commissioner received a number of complaints from parents ... more
The Office of the Information and Privacy Commissioner received a number of complaints from parents about the "Career and Personal Planning" (CAPP) curriculum created by the Ministry of Education, Skills and Training. The parents' concerns focused on some of the curriculum's "Suggested Activities" which involve the students collecting and recording personal information about themselves, their families, and friends. The parents felt that these activities could cause an unreasonable invasion of their privacy and that of their children. The Office carried out an investigation of the potential privacy issues.
Investigation Report Nov 6, 1996 Delay in Responding To General Requests By The (Former) Ministry Of Social Services On September 28, 1995, in response to a complaint filed by a reporter for the Vancouver Sun, the Off... more
On September 28, 1995, in response to a complaint filed by a reporter for the Vancouver Sun, the Office of the Information and Privacy Commissioner (our Office) opened an investigation into alleged delays by the (former) Ministry of Social Services (the Ministry) in responding to requests for general information.
Investigation Report Mar 31, 1996 An Investigation Into The Practices Of The Workers Compensation Board Of British Columbia With Respect To Disclosing Personal Information About Injured Workers To Employers The Office of the Information and Privacy Commissioner has received several complaints regarding the... more
The Office of the Information and Privacy Commissioner has received several complaints regarding the Workers Compensation Board of British Columbia (WCB)'s policy of disclosing a worker's claim file to an employer for the purposes of an appeal. Over the past two years, as a result of such complaints, the Office of the Information and Privacy Commissioner has conducted an investigation into WCB's practice of disclosing the contents of a claim file to an employer when requested for the purpose of an appeal.
Investigation Report Mar 31, 1995 Cars, People, And Privacy: Access To Personal Information Through The Motor Vehicle Data Base The Office of the Information and Privacy Commissioner anticipates that the publication of this repo... more
The Office of the Information and Privacy Commissioner anticipates that the publication of this report will lead to greater public awareness about the existence and uses of the Motor Vehicle Database. There are many user groups of the database and while most uses are legally authorized and necessary for the functioning of the motor vehicle registration and insurance system, a very real possibility exists for misuse of the personal information in the system.
Investigation Report Mar 22, 1995 A complaint by KF Media Inc. against the Vancouver Police Department concerning the television series "To Serve And Protect" In December 1994 the Office of the Information and Privacy Commissioner received a complaint from KF... more
In December 1994 the Office of the Information and Privacy Commissioner received a complaint from KF Media Inc. of Vancouver, B.C. (the complainant) about a decision by the Vancouver Police Department to block out the faces of persons interviewed by police on the television program "To Serve and Protect."
Investigation Report May 5, 1994 Release Of Personal Information By The Forensic Psychiatric Services Commission Of The Ministry Of Health And The Ministry Responsible For Seniors On 29 March 1994, a complainant faxed a letter to the Office of the Information and Privacy Commissi... more
On 29 March 1994, a complainant faxed a letter to the Office of the Information and Privacy Commissioner to complain that he had received information about his victim when he received his patient files from the Adult Forensic Psychiatric Out-Patient Services (the clinic) of the Forensic Psychiatric Services Commission (the Commission) of the Ministry of Health and the Ministry Responsible for Seniors (the Ministry). He requested an investigation by the Information and Privacy Commissioner to determine if this release of third party information was in violation of FIPPA.
Investigation Report Apr 29, 1994 Insurance Corporation Of British Columbia On April 8, 1994, the producer of the British Columbia Television (BCTV) "Weekend NewsHour" called t... more
On April 8, 1994, the producer of the British Columbia Television (BCTV) "Weekend NewsHour" called the Insurance Corporation of British Columbia's (ICBC) Public Information section claiming to have received a number of ICBC claims files from an unidentified source. The source, described as a worker in the film industry, indicated that the files were being used as props for office scenes in a movie.
Investigation Report Apr 27, 1994 Investigation Into A Complaint That The Public Service Employee Relations Commission Released Personal Information To Mr. Jack Weisgerber, MLA (s. 42 of the Freedom of Information and Protection of Privacy Act) The complainant, Jack Weisgerber, MLA, alleged that, in response to a routine request for records, t... more
The complainant, Jack Weisgerber, MLA, alleged that, in response to a routine request for records, the Ministry of Finance and Corporate Relations improperly disclosed personal information.