Contact us Follow @BCInfoPrivacy LinkedIn RSS
Advanced Search

Guidance Documents

Guidance -Document - 2The Office of the Information and Privacy Commissioner (OIPC) publishes guidance documents to inform citizens and promote compliance with BC's access and privacy laws.

Please note that these documents are provided for information only and are not considered legal advice or other advice by the OIPC. Responsibility for compliance with the law rests with each organization and public body.

 

Year
select
Topic
select
Date Title Topic
Summary
Nov 20, 2023 Tips for requesting records Access to Information If you want to request from a public body or private organization in BC, the first step is to make y... more
If you want to request from a public body or private organization in BC, the first step is to make your request in writing.
Oct 10, 2023 10 tips for public bodies managing requests for records Best Practices The Freedom of Information and Protection of Privacy Act (FIPPA) regulates the information and priva... more
The Freedom of Information and Protection of Privacy Act (FIPPA) regulates the information and privacy practices of public bodies including BC government, local governments, crown corporations, and local police forces, etc.
Jan 31, 2023 Privacy breaches: tools and resources for the private sector Breaches Use this document to take action when a privacy breach has occurred. These key steps are applicable ... more
Use this document to take action when a privacy breach has occurred. These key steps are applicable to private organizations under the Personal Information Protection Act (PIPA).
Jan 31, 2023 Accountable Privacy Management in BC's Public Sector Security This document provides step-by-step guidance for British Columbia public bodies on how to implement ... more
This document provides step-by-step guidance for British Columbia public bodies on how to implement effective privacy management programs.
Jan 31, 2023 Privacy breach checklist for public bodies Breaches Use this form to evaluate your public body’s response to a privacy breach.
Jan 31, 2023 Privacy breach checklist for private organizations Breaches Use this form to evaluate your organization's response to a privacy breach.
Jan 31, 2023 Privacy breaches: tools and resources for public bodies Breaches Use this document to take action when a privacy breach has occurred. These key steps apply to public... more
Use this document to take action when a privacy breach has occurred. These key steps apply to public bodies under the Freedom of Information and Protection of Privacy Act (FIPPA) and have been updated to include information about the legislation’s mandatory breach notification requirements.
Aug 30, 2022 Political Campaign Activity Guidance Privacy This guidance is designed to provide best practices for political organizations – including politica... more
This guidance is designed to provide best practices for political organizations – including political parties, riding associations, candidates, campaign staff, and volunteers – and their handling of personal information as part of the campaign process. BC’s Personal Information Protection Act (PIPA) applies to the collection, use, and disclosure of “personal information” by political parties in British Columbia.
Mar 30, 2022 Political Campaign Activity Code of Practice Best Practices This code seeks to establish voluntary ground rules for a level playing field between electoral camp... more
This code seeks to establish voluntary ground rules for a level playing field between electoral campaigns, and to balance the role of political parties within British Columbia’s electoral process with the protection of individual privacy. The Supreme Court of Canada has recognized privacy as a basic prerequisite to the flourishing of a free and healthy democracy. The Court has also affirmed the important role of political parties in ensuring that the ideas and opinions of their members and supporters are effectively represented in the electoral process. We all benefit when necessary political activity is conducted fairly and transparently.
Mar 4, 2022 Reasonable security measures for personal information disclosures outside Canada Security In November 2021, the data residency provisions of the Freedom of Information and Protection of Priv... more
In November 2021, the data residency provisions of the Freedom of Information and Protection of Privacy Act (FIPPA) were amended to remove the prohibition (with certain exceptions) on disclosure of personal information outside of Canada. The new legislative framework permits the disclosure of personal information outside of Canada in accordance with B.C. Reg. 294/2021.1 And critically, public bodies’ obligations under s. 30 of FIPPA to implement reasonable security measures continue to apply to any disclosure of personal information outside Canada. Therefore, a careful assessment under s. 30 is necessary before any disclosure of personal information outside of Canada.
Jan 25, 2022 Privacy Guidelines for Strata Corporations and Strata Agents Privacy BC’s Personal Information Protection Act (PIPA) applies to the collection, use and disclosure of “pe... more
BC’s Personal Information Protection Act (PIPA) applies to the collection, use and disclosure of “personal information” by strata corporations (stratas). The Office of the Information and Privacy Commissioner (OIPC) oversees stratas’ compliance with PIPA and these guidelines are intended to assist them.
Jan 4, 2022 PIPA and workplace drug and alcohol searches: a guide for organizations Privacy This document aims to help organizations subject to BC’s Personal Information Protection Act (PIPA) ... more
This document aims to help organizations subject to BC’s Personal Information Protection Act (PIPA) understand what conditions must be present before they can consider conducting random searches for drugs and alcohol. This guide applies to employers who search their own employees as well as employers that use contractors. It also applies to unionized and non-unionized workplaces. This document does not deal with workplace drug or alcohol testing through breath or other samples, nor does it deal with searches or testing after a workplace accident, where an employer or organization might have reasonable cause to suspect an individual is impaired.
Nov 21, 2021 Guide to OIPC Processes (PIPA) Policies and Procedures This Guide addresses the most common procedures that the Office of the Information and Privacy Commi... more
This Guide addresses the most common procedures that the Office of the Information and Privacy Commissioner (OIPC) uses under the Personal Information Protection Act (PIPA). For all complaints and requests for review, the OIPC’s overriding policy is to encourage the parties to resolve the issues by settlement. OIPC staff are authorized to attempt mediation of all matters before they are referred to a more formal process.
Sep 13, 2021 Privacy and the BC vaccine card: FAQ Privacy The Office of the Information and Privacy Commissioner (OIPC) provides independent oversight and enf... more
The Office of the Information and Privacy Commissioner (OIPC) provides independent oversight and enforcement of BC's access and privacy laws, including the Freedom of Information and Protection of Privacy Act (FIPPA) and the Personal Information Protection Act (PIPA). This document explains how the BC Vaccine Card (Card) and the Public Health Orders (Orders) work together with these laws. The Orders require individuals seeking to enter certain higher-risk social and recreational events to show their proof of vaccination against COVID-19. To facilitate this, the government is giving each vaccinated individual their proof of vaccination in the form of their own unique Quick Response (QR) code. Think of it like a driver’s license, or any other piece of government-issued ID, and protect it accordingly.
Aug 5, 2021 Protecting personal information: Cannabis transactions Policies and Procedures On October 17, 2018, cannabis became legal in Canada. The Personal Information Protection Act (PIPA)... more
On October 17, 2018, cannabis became legal in Canada. The Personal Information Protection Act (PIPA) applies to any private organization that collects, uses, and discloses the personal information of individuals in BC.
May 7, 2021 Guide for organizations collecting personal information online Best Practices There are limits to what personal information organizations can collect from the internet. Organizat... more
There are limits to what personal information organizations can collect from the internet. Organizations sometimes believe that it’s “fair game” to search and collect whatever personal information they want to from online sources. However, BC’s Personal Information Protection Act (PIPA), which regulates the collection, use and disclosure of personal information does set some limits. With some notable exceptions, organizations should first get an individual’s consent before collecting and using their information and this includes from online sources.1 Even with consent, organizations still cannot collect or use personal information for an unreasonable purpose.
Mar 3, 2021 Common or integrated programs or activities Best Practices This document aims to help readers understand what constitutes a “common or integrated program or ac... more
This document aims to help readers understand what constitutes a “common or integrated program or activity” (CIPA) under BC’s Freedom of Information and Protection of Privacy Act (FIPPA), and the obligations associated with them.
Oct 30, 2020 Securing personal information: A self-assessment for public bodies and organizations Security How well is your organization or public body protecting personal information? The personal informati... more
How well is your organization or public body protecting personal information? The personal information security requirements under British Columbia and Alberta’s Personal Information Protection Acts and Freedom of Information and Protection of Privacy Acts and Canada’s Personal Information Protection and Electronic Documents Act require organizations and public bodies to take reasonable steps to safeguard the personal information in their custody or control. Risks that you must guard against include unauthorized access, collection, use, disclosure, copying, modification, disposal or destruction.
Aug 18, 2020 Instructions for Written Inquiries Best Practices These instructions will help you get ready to participate in a written inquiry by the Office of the ... more
These instructions will help you get ready to participate in a written inquiry by the Office of the Information and Privacy Commissioner (OIPC).
Jul 31, 2020 Collecting personal information at food and drink establishments, gatherings, and events during COVID-19 Best Practices The Public Health Officer (PHO) has made two orders requiring the collection of personal information... more
The Public Health Officer (PHO) has made two orders requiring the collection of personal information at restaurants, bars, gatherings and events.
Jun 15, 2020 Privacy tips for seniors: Protect your personal information Privacy Launched in collaboration with the Office of the Seniors Advocate for British Columbia, this brochur... more
Launched in collaboration with the Office of the Seniors Advocate for British Columbia, this brochure offers seniors tips for protecting their privacy.
Apr 8, 2020 FIPPA and online learning during the COVID-19 pandemic Best Practices This document provides recommended guidance for educators to help them choose online learning tools ... more
This document provides recommended guidance for educators to help them choose online learning tools that comply with the requirements of BC’s Freedom of Information and Protection of Privacy Act (FIPPA). It includes information about recent, temporary changes to FIPPA in response to the COVID-19 crisis that allow for the use of tools that store information outside of Canada.
Mar 14, 2020 Tips for public bodies and organizations setting up remote workspaces Best Practices Many public bodies and organizations are now setting up employees to work remotely in the wake of th... more
Many public bodies and organizations are now setting up employees to work remotely in the wake of the COVID-19 outbreak. Care must be taken when doing this because it often means personal information leaves the worksite. Below are some tips for how to keep personal information safe when working away from the office.
Feb 18, 2020 Guide to OIPC Processes (FIPPA) Policies and Procedures This Guide addresses the most common procedures that the Office of the Information and Privacy Commi... more
This Guide addresses the most common procedures that the Office of the Information and Privacy Commissioner (OIPC) uses under the Freedom of Information and Protection of Privacy Act (FIPPA). For all complaints and requests for review, the OIPC’s overriding policy is to encourage the parties to resolve the issues by settlement. OIPC staff are authorized to attempt mediation of all matters before they are referred to a more formal process.
Jan 28, 2020 Privacy Impact Assessment (PIA) Template for Organizations Privacy Privacy impact assessments (PIAs) help you understand the implications your planned initiatives will... more
Privacy impact assessments (PIAs) help you understand the implications your planned initiatives will have on people's privacy and personal information. This template guides you through the process of developing a PIA.
Jan 28, 2020 Privacy impact assessments for the private sector Privacy Privacy impact assessments (PIAs) allow organizations to be proactive when it comes to ensuring that... more
Privacy impact assessments (PIAs) allow organizations to be proactive when it comes to ensuring that the initiatives they have planned comply with PIPA. The Office of the Information and Privacy Commissioner of British Columbia (OIPC)’s Private Sector PIA template aims to assist organizations in making the most of this important tool, both as a tool in the earliest stages of development through to ensuring compliance throughout an initiative’s lifespan. This guidance document provides added depth to the sample language and instruction offered in the template.
Oct 29, 2019 Responding to PIPA privacy complaints Best Practices This document offers suggestions for organizations to refer to when investigating a privacy complain... more
This document offers suggestions for organizations to refer to when investigating a privacy complaint made to them under the Personal Information Protection Act (PIPA).
Sep 18, 2019 Disclosure of personal information of individuals in crisis Privacy In emergency situations, privacy laws in BC authorize public bodies or private organizations to resp... more
In emergency situations, privacy laws in BC authorize public bodies or private organizations to responsibly disclose an individual’s personal information, including information about their mental, emotional, or other health conditions, to third parties who may be able to help in a crisis. Privacy legislation in BC accommodates the disclosure of personal information in the event it could prevent a tragedy. BC’s Freedom of Information and Protection of Privacy Act (FIPPA) sets out how public bodies can collect, use, and disclose personal information. BC’s Personal Information Protection Act (PIPA) sets out how private sector organizations can collect, use, and disclose personal information. This guidance document informs public bodies and private sector organizations about the circumstances under which they can disclose personal information of an individual to a third party without the individual’s consent in emergency situations.
Sep 4, 2019 Private sector landlords and tenants Best Practices These guidelines are meant to assist landlords and the public in understanding what the rules in BC ... more
These guidelines are meant to assist landlords and the public in understanding what the rules in BC are about what personal information landlords may collect from anyone seeking to enter into a tenancy agreement, including individuals who will be living in the unit, such as family members and roommates.
Jun 4, 2019 Privacy proofing your retail business: Frequently asked questions Privacy More than ever before, retailers have to be prepared to deal with customers who ask questions about ... more
More than ever before, retailers have to be prepared to deal with customers who ask questions about the type and amount of personal information retailers collect, what they intend to do with it, and how they will protect it from misuse. This document answers frequently asked questions about retailers and PIPA.
Mar 7, 2019 Developing a privacy policy under PIPA Policies and Procedures The Personal Information Protection Act (PIPA) requires organizations to develop and follow policies... more
The Personal Information Protection Act (PIPA) requires organizations to develop and follow policies and practices to meet their obligations under PIPA, and to make these documents available on request.
Mar 7, 2019 Privacy management program self-assessment Policies and Procedures The Office of the Information and Privacy Commissioner (OIPC) wants to help your organization meet y... more
The Office of the Information and Privacy Commissioner (OIPC) wants to help your organization meet your legal obligations and the expectations of your clients and customers for the privacy and security of their personal information.
Dec 6, 2018 Section 25: The duty to warn and disclose Access to Information Privacy Act (FIPPA), which requires public bodies to proactively disclose information: • about a ris... more
Privacy Act (FIPPA), which requires public bodies to proactively disclose information: • about a risk of significant harm; or • that is clearly in the public interest.
May 2, 2018 Obtaining meaningful consent Access to Information Meaningful consent is an essential element of Canadian private sector privacy legislation. Under pri... more
Meaningful consent is an essential element of Canadian private sector privacy legislation. Under privacy laws, organizations are generally required to obtain meaningful consent for the collection, use and disclosure of personal information. However, advances in technology and the use of lengthy, legalistic privacy policies have too often served to make the control – and personal autonomy – that should be enabled by consent nothing more than illusory. Consent should remain central, but it is necessary to breathe life into the ways in which it is obtained.
Mar 19, 2018 Competitive Advantage: Compliance with PIPA and the GDPR Policies and Procedures Effective May 25, 2018, some organizations subject to PIPA must also comply with the European Union ... more
Effective May 25, 2018, some organizations subject to PIPA must also comply with the European Union (EU) General Data Protection Regulation (GDPR).2 The GDPR applies to organizations that have an established presence in the EU, offer goods and services to individuals in the EU, or monitor the behaviour of individuals in the EU. Organizations that do not comply with the GDPR face significant fines.
Jan 12, 2018 Access to data for health research Health This guidance document outlines the legal provisions that apply to the disclosure of personal inform... more
This guidance document outlines the legal provisions that apply to the disclosure of personal information of British Columbians for the purpose of health research. It does not address policy requirements by public bodies or organizations. Privacy laws permit the disclosure of personal information for research purposes, sometimes without consent. When authorized by law, this enables research that is in the public interest while ensuring adequate privacy protection.
Dec 4, 2017 Direct-to-consumer genetic testing and privacy Health Joint guidance with Office of the Privacy Commissioner of Canada and Office of the Information and P... more
Joint guidance with Office of the Privacy Commissioner of Canada and Office of the Information and Privacy Commissioner of Alberta. As direct-to-consumer genetic tests become increasingly available, particularly over the Internet, it is important to understand their privacy risks. This document explains some of the key privacy risks associated with these tests, informs individuals of their rights and encourages them to ask themselves a series of questions before buying one online.
Nov 28, 2017 BC physician privacy toolkit Health Health information is one of the most sensitive forms of personal information. Physicians in private... more
Health information is one of the most sensitive forms of personal information. Physicians in private practice must follow the rules for personal information outlined in the Personal Information Protection Act (PIPA). The BC Physician Privacy Toolkit will help physicians implement strong data management practices.
Nov 8, 2017 Employee Privacy Rights Surveillance This guidance document discusses the privacy impacts of employee monitoring programs. Employees have... more
This guidance document discusses the privacy impacts of employee monitoring programs. Employees have a right to privacy in the workplace, which Canadian courts have upheld and must be respected by public and private organizations.
Oct 25, 2017 Guide to Using Overt Video Surveillance Surveillance This guide is for public bodies and organizations that are interested in using video surveillance in... more
This guide is for public bodies and organizations that are interested in using video surveillance in compliance with BC’s Freedom of Information and Protection of Privacy Act (FIPPA) and the Personal Information Protection Act (PIPA). It recommends privacy protective measures that should be considered prior to installation of video surveillance systems.
Sep 13, 2017 Guidance Document: Information Sharing Agreements Policies and Procedures This guide is for public bodies and organizations that are interested in sharing personal informatio... more
This guide is for public bodies and organizations that are interested in sharing personal information. It describes information sharing and explains the role and value of information sharing agreements (ISAs) to ensure compliance with BC’s Freedom of Information and Protection of Privacy Act (FIPPA) and the Personal Information Protection Act (PIPA). This guide also recommends provisions that should be included in an ISA.
May 11, 2017 Guidelines for social media background checks Technology A “social media background check” can mean many things. It can be as simple as checking out a Facebo... more
A “social media background check” can mean many things. It can be as simple as checking out a Facebook profile or as complicated as hiring someone to search for every bit of social media about an individual. When organizations and public bodies search for information about an individual, the collection, use, and disclosure of that personal information is subject to the privacy provisions of FIPPA and PIPA. These laws apply whether the individual is applying for paid or unpaid employment, a volunteer position, or if they are applying to run as a candidate in an election.
Oct 18, 2016 Mobile Devices: Tips for Security & Privacy Security Smartphones and tablets have become the most personal of computers we’ve ever used. They have social... more
Smartphones and tablets have become the most personal of computers we’ve ever used. They have social media content, location-tagged photos and streams of text messages. This kind of personal information didn’t exist on our laptops and desktop computers. And because we carry our mobile devices everywhere, the information on them is at greater risk of loss and theft. Here are 15 tips to help you protect your devices.
Jul 1, 2016 Time extension guidelines for public bodies Policies and Procedures This guidebook will help ensure your time extension application includes all the relevant informatio... more
This guidebook will help ensure your time extension application includes all the relevant information the OIPC needs to process and review your request.
Aug 13, 2015 Is a Bring Your Own Device (BYOD) Program the Right Choice for Your Organization? Technology Bring Your Own Device or BYOD as it is commonly known, is a popular arrangement for many private sec... more
Bring Your Own Device or BYOD as it is commonly known, is a popular arrangement for many private sector organizations in Canada. With BYOD, however, there is an increased blurring of the lines between professional and personal lives, with employee concerns that their privacy is at risk, not to mention issues associated with consumers’ personal information.
Aug 13, 2015 Contemplating a Bring Your Own Device program? Consider these tips Technology Contemplating a Bring Your Own Device (BYOD) program? Consider these tips
Jun 25, 2015 IT Security and Employee Privacy: Tips and Guidance Security This guidance document gives an overview of the issues employers should consider before implementing... more
This guidance document gives an overview of the issues employers should consider before implementing IT security tools that collect employee personal information.
Feb 18, 2015 Guidance for the use of body-worn cameras by law enforcement authorities Surveillance This guidance document aims to identify some of the privacy considerations law enforcement authoriti... more
This guidance document aims to identify some of the privacy considerations law enforcement authorities should take into account when deciding whether to outfit law enforcement officers with body-worn cameras. Also described is the privacy framework that should be part of any law enforcement body-worn camera program in order to ensure compliance with Canada’s personal information protection statutes.
Jan 9, 2015 Protecting Personal Information Away from the Office Security Whenever personal information is being used outside of the office there is an increased risk that it... more
Whenever personal information is being used outside of the office there is an increased risk that it will be lost or compromised. Public bodies and private organizations must keep paper and electronic records safe and secure as required by the Freedom of Information and Protection of Privacy Act (FIPPA) and the Personal Information Protection Act (PIPA).
Dec 5, 2014 Identity theft resources for consumers and businesses Other Every year, millions of dollars are lost as identity theft threatens the financial security of thous... more
Every year, millions of dollars are lost as identity theft threatens the financial security of thousands of Canadians. Identity theft is also a privacy matter – personal information can be lost or compromised. With identity theft on the rise, it is more important than ever for Canadians to take action to protect their personal information.
Nov 10, 2014 Checking References: Guidance for Public Bodies Best Practices Hiring employees who are a good fit for a job is an essential component of the operations of any pub... more
Hiring employees who are a good fit for a job is an essential component of the operations of any public body. Knowing how an applicant has performed in a previous workplace is an important part of the hiring process and checking references is a practice that gives the prospective employer some idea of how the applicant might perform in the future.
May 8, 2014 Guidelines for Online Consent Technology Guidance from the BC, Alberta and Federal Privacy Commissioner regarding meaningful consent in an on... more
Guidance from the BC, Alberta and Federal Privacy Commissioner regarding meaningful consent in an online context. Organizations should have a clear, descriptive and accessible privacy policy and, as circumstances warrant, dynamic privacy explanations, in the course of the user experience.
Jan 22, 2014 Public Sector Surveillance Guidelines Surveillance The purpose of this guidance document is to provide information on how the Freedom of Information an... more
The purpose of this guidance document is to provide information on how the Freedom of Information and Protection of Privacy Act (“FIPPA”) applies to the use of video and audio surveillance systems by public bodies.
Aug 13, 2013 Practical Suggestions for your Organization's Website's Privacy Policy Best Practices This guidance document is intended to set out the basics of what an organization should consider whe... more
This guidance document is intended to set out the basics of what an organization should consider when developing a website privacy policy.
Mar 18, 2013 Use of Personal Email Accounts for Public Business Best Practices This document explains the implications under the Freedom of Information and Protection of Privacy A... more
This document explains the implications under the Freedom of Information and Protection of Privacy Act (“FIPPA”) for use of personal email accounts for work purposes by employees of public bodies.
Oct 24, 2012 Good privacy practices for developing mobile apps Technology This guidance outlines the privacy considerations when designing and developing mobile apps.
Jul 2, 2012 Early notice and PIA procedures for public bodies Policies and Procedures Public bodies planning a "data-linking initiative" or "common or integrated program or activity" mus... more
Public bodies planning a "data-linking initiative" or "common or integrated program or activity" must submit a PIA to the Commissioner's office and must also give early notice to the Commissioner.
Jun 14, 2012 Cloud computing for private organizations (small and medium sized enterprises) Technology This guidance document is intended to help SMEs understand what their privacy responsibilities are a... more
This guidance document is intended to help SMEs understand what their privacy responsibilities are and to offer some suggestions to address privacy considerations in the cloud.
Apr 17, 2012 Getting accountability right with a privacy management program Privacy Guidelines for private sector organizations to build a privacy management program step-by-step.
Apr 17, 2012 Privacy management program: At-a-glance Privacy A two-page overview of the key building-blocks of a privacy management program for the private secto... more
A two-page overview of the key building-blocks of a privacy management program for the private sector.
Apr 10, 2012 A Guide to PIPA for businesses and organizations Policies and Procedures This guidance document will help you understand B.C.'s legal framework for access and privacy in the... more
This guidance document will help you understand B.C.'s legal framework for access and privacy in the private sector. Includes case examples, tips and a glossary of key terms.
Jul 4, 2011 Guidelines on the Electronic Publication of Decisions of Administrative Tribunals Other The Internet is an efficient, inexpensive and effective tool to communicate tribunal decisions to th... more
The Internet is an efficient, inexpensive and effective tool to communicate tribunal decisions to the public. However, tribunal members should write decisions to reflect the fact that the Internet provides access to tribunals’ decisions to unlimited persons for unlimited uses. In many cases, a tribunal can comply with FIPPA and accomplish its goals with respect to openness, accountability and transparency through the publication of decisions that do not include the names of parties or witnesses or other personally identifiable information.
Jan 1, 2010 Access and Privacy Issues: A Guide for Tribunals Other This Guide has been jointly prepared by the Office of the Information and Privacy Commissioner (OIPC... more
This Guide has been jointly prepared by the Office of the Information and Privacy Commissioner (OIPC) for British Columbia and the BC Ministry of Attorney General’s Administrative Justice Office (AJO) to address tribunal access and privacy issues.
Apr 6, 2009 Policy on consultations with the OIPC Policies and Procedures The Office of the Information and Privacy Commissioner is often asked by public bodies and private o... more
The Office of the Information and Privacy Commissioner is often asked by public bodies and private organizations to comment on various matters, including proposed policies, legislation, projects, programs, systems and other matters, or compliance issues. This policy statement confirms the basis on which we do this and the nature of any comments we make, whether verbal or written.
Oct 6, 2008 Emergency disclosure of personal information by universities, colleges and other educational institutions Privacy In emergency situations, privacy laws in Ontario and British Columbia do not prohibit universities, ... more
In emergency situations, privacy laws in Ontario and British Columbia do not prohibit universities, colleges or other educational institutions from responsibly disclosing a student’s personal information, including information about their mental, emotional or other health conditions, to parents or others who may be able to help in a crisis. There is no question that the decision to disclose a student’s personal information without consent is extremely difficult and requires a reasoned judgment call. The decision rests, on a case-by-case basis, with whoever is responsible, be that a doctor, student counsellor, residence advisor or the head of an institution. The decision must be made very carefully and sensitively, but privacy laws do not stand in the way of an educational institution’s ability to make this decision, where appropriate.
Mar 3, 2008 Guidelines for overt video surveillance in the private sector Surveillance To help organizations achieve compliance with private sector privacy legislation, we have developed ... more
To help organizations achieve compliance with private sector privacy legislation, we have developed these guidelines, which set out the principles for evaluating the use of video surveillance and for ensuring that its impact on privacy is minimized. These guidelines apply to overt video surveillance of the public by private sector organizations in publicly accessible areas. These guidelines do not apply to covert video surveillance, such as that conducted by private investigators on behalf of insurance companies, nor do they apply to the surveillance of employees.
Jun 7, 2004 Tips for organizations responding to privacy complaints (PIPA) Best Practices This guide offers suggestions for organizations when investigating a privacy complaint made under PI... more
This guide offers suggestions for organizations when investigating a privacy complaint made under PIPA.
Jul 22, 2003 Guidance for conducting adequate search investigations (FIPPA) Access to Information This document offers suggestions for public bodies to use in investigating complaints that a search ... more
This document offers suggestions for public bodies to use in investigating complaints that a search conducted in response to an access request made under FIPPA was not adequate.
May 8, 2003 Guidelines for data services contracts Technology These guidelines deal with contracting out arrangements that involve “personal information” as defin... more
These guidelines deal with contracting out arrangements that involve “personal information” as defined in the Freedom of Information and Protection of Privacy Act (FIPPA). A public body cannot, by contracting out, relieve itself of its privacy obligations under Part 3 of the Act.