Guidance Documents

Image of smartphone with app logosThe Office of the Information and Privacy Commissioner (OIPC) publishes guidance documents to inform people living in BC and promote compliance with the province's access and privacy laws.

Please note that these documents are provided for information only and are not considered legal advice or other advice by the OIPC. Responsibility for compliance with the law rests with each organization and public body.

Our most frequently accessed guidance documents are featured at the top of this table.

To view joint resolutions issued by the Federal, Provincial, Territorial Information and Privacy Commissioners, visit the Collaboration page: https://www.oipc.bc.ca/news-events/collaboration/

Summary
Jan 31, 2023 Accountable Privacy Management in BC's Public Sector Security
This document provides step-by-step guidance for British Columbia public bodies on how to implement effective privacy management programs.This document provides step-by-step guidance for British Columbia public bodies on how to implement effective privacy management programs.
Oct 30, 2020 Securing personal information: A self-assessment for public bodies and organizations Security
How well is your organization or public body protecting personal information? The personal information security requirements under British Columbia and Alberta’s Personal Information Protection Acts and Freedom of Information and Protection of Privacy Acts and Canada’s Personal Information Protection and Electronic Documents Act require organizations and public bodies to take reasonable steps to safeguard the personal information in their custody or control. Risks that you must guard against include unauthorized access, collection, use, disclosure, copying, modification, disposal or destruction. How well is your organization or public body protecting personal information? The personal information security requirements under British Columbia and Alberta’s Personal Information Protection Acts and Freedom of Information and Protection of Privacy Acts and Canada’s Personal Information Protection and Electronic Documents Act require organizations and public bodies to take reasonable steps to safeguard the personal information in their custody or control. Risks that you must guard against include unauthorized access, collection, use, disclosure, copying, modification, disposal or destruction.
Mar 4, 2022 Reasonable security measures for personal information disclosures outside Canada Security
In November 2021, the data residency provisions of the Freedom of Information and Protection of Privacy Act (FIPPA) were amended to remove the prohibition (with certain exceptions) on disclosure of personal information outside of Canada. The new legislative framework permits the disclosure of personal information outside of Canada in accordance with B.C. Reg. 294/2021.1 And critically, public bodies’ obligations under s. 30 of FIPPA to implement reasonable security measures continue to apply to any disclosure of personal information outside Canada. Therefore, a careful assessment under s. 30 is necessary before any disclosure of personal information outside of Canada.In November 2021, the data residency provisions of the Freedom of Information and Protection of Privacy Act (FIPPA) were amended to remove the prohibition (with certain exceptions) on disclosure of personal information outside of Canada. The new legislative framework permits the disclosure of personal information outside of Canada in accordance with B.C. Reg. 294/2021.1 And critically, public bodies’ obligations under s. 30 of FIPPA to implement reasonable security measures continue to apply to any disclosure of personal information outside Canada. Therefore, a careful assessment under s. 30 is necessary before any disclosure of personal information outside of Canada.
Oct 18, 2016 Mobile Devices: Tips for Security & Privacy Security
Smartphones and tablets have become the most personal of computers we’ve ever used. They have social media content, location-tagged photos and streams of text messages. This kind of personal information didn’t exist on our laptops and desktop computers. And because we carry our mobile devices everywhere, the information on them is at greater risk of loss and theft. Here are 15 tips to help you protect your devices. Smartphones and tablets have become the most personal of computers we’ve ever used. They have social media content, location-tagged photos and streams of text messages. This kind of personal information didn’t exist on our laptops and desktop computers. And because we carry our mobile devices everywhere, the information on them is at greater risk of loss and theft. Here are 15 tips to help you protect your devices.
Jun 25, 2015 IT Security and Employee Privacy: Tips and Guidance Security
This guidance document gives an overview of the issues employers should consider before implementing IT security tools that collect employee personal information. This guidance document gives an overview of the issues employers should consider before implementing IT security tools that collect employee personal information.
Jan 9, 2015 Protecting Personal Information Away from the Office Security
Whenever personal information is being used outside of the office there is an increased risk that it will be lost or compromised. Public bodies and private organizations must keep paper and electronic records safe and secure as required by the Freedom of Information and Protection of Privacy Act (FIPPA) and the Personal Information Protection Act (PIPA).Whenever personal information is being used outside of the office there is an increased risk that it will be lost or compromised. Public bodies and private organizations must keep paper and electronic records safe and secure as required by the Freedom of Information and Protection of Privacy Act (FIPPA) and the Personal Information Protection Act (PIPA).