Audit & Compliance

View Sectional Index

In 2014, the Information and Privacy Commissioner established an Audit and Compliance Program to assess the extent to which public bodies and private sector organizations complying with the Freedom of Information and Protection of Privacy Act (FIPPA) and the Personal Information Protection Act (PIPA).

Overview

The Audit and Compliance Program measures compliance with BC's information and privacy laws and make recommendations to improve privacy and access practices, policies, guidelines, and legislation.

Some of the areas assessed by Audit & Compliance include:

  • Management policies and procedures;
  • Collection, use, disclosure, retention;
  • Protections and safeguards;
  • Access processes;
  • Accountability and compliance monitoring. 

Program Charter

The OIPC has developed a program charter to assist public bodies and organizations to understand the authority, function, and key steps in an OIPC assessment.

Year
select
Date Title
Summary
Jan 17, 2018 WorkSafeBC: Management of access and privacy requests and complaints WorkSafeBC collects highly sensitive personal information in many ways, including through employee i... more
WorkSafeBC collects highly sensitive personal information in many ways, including through employee insurance claims, reports of unsafe working conditions, or during an incident investigation. In the case of workplace injuries that require medical attention, the incident must be reported to WorkSafeBC. Employees cannot opt out and so must trust the agency to appropriately handle their personal information.
Sep 13, 2017 Insurance Corporation of British Columbia Information Sharing Agreements This report examines how ICBC shares the personal information of millions of British Columbians.
Dec 8, 2016 Over-collected and Overexposed: Surveillance and Privacy Compliance in a Medical Clinic This is the first audit of a private sector business to determine the organization's compliance with... more
This is the first audit of a private sector business to determine the organization's compliance with PIPA.
Jun 23, 2016 City of Vancouver Duty to Assist This report looks at the duty to assist, which requires public bodies to make every reasonable effor... more
This report looks at the duty to assist, which requires public bodies to make every reasonable effort to assist each applicant openly, accurately and completely, without delay, throughout the freedom of information process.
Sep 30, 2015 Examination of British Columbia Health Authority Privacy Breach Management This report addresses one aspect of BC's complex, multi-party health care system - the degree to whi... more
This report addresses one aspect of BC's complex, multi-party health care system - the degree to which health authorities effectively manage privacy breaches when and where they happen.
Jan 28, 2015 An Examination of BC Government's Privacy Breach Management This report examines the degree to which the BC government is fulfilling its duty to respond to, and... more
This report examines the degree to which the BC government is fulfilling its duty to respond to, and properly manage, its privacy breaches.