Guidance Documents

Guidance -Document - 2The Office of the Information and Privacy Commissioner ("OIPC") publishes guidance documents to inform citizens and promote compliance with B.C.'s access and privacy laws.

Please note that these documents are provided for information only and are not considered to be legal advice or other advice by the OIPC. Responsibility for compliance with the law rests with each organization and public body.

We are currently in the process of reviewing our existing guidance materials. Updated materials will be posted on an ongoing basis. If you are looking for an existing OIPC guidance document that is not listed here, please contact us.

Year
select
Topic
select
Date Title Topic
Summary
Oct 18, 2016 Mobile Devices: Tips for Security & Privacy Security Smartphones and tablets have become the most personal of computers we’ve ever used. They have social... more
Smartphones and tablets have become the most personal of computers we’ve ever used. They have social media content, location-tagged photos and streams of text messages. This kind of personal information didn’t exist on our laptops and desktop computers. And because we carry our mobile devices everywhere, the information on them is at greater risk of loss and theft. Here are 15 tips to help you protect your devices.
Jul 1, 2016 Time extension guidelines for public bodies Policies and Procedures This guidebook will help ensure your time extension application includes all the relevant informatio... more
This guidebook will help ensure your time extension application includes all the relevant information the OIPC needs to process and review your request.
Aug 13, 2015 Is a Bring Your Own Device (BYOD) Program the Right Choice for Your Organization? Technology Bring Your Own Device or BYOD as it is commonly known, is a popular arrangement for many private sec... more
Bring Your Own Device or BYOD as it is commonly known, is a popular arrangement for many private sector organizations in Canada. With BYOD, however, there is an increased blurring of the lines between professional and personal lives, with employee concerns that their privacy is at risk, not to mention issues associated with consumers’ personal information.
Aug 13, 2015 Contemplating a Bring Your Own Device program? Consider these tips Technology Contemplating a Bring Your Own Device (BYOD) program? Consider these tips
Jun 25, 2015 IT Security and Employee Privacy: Tips and Guidance Security This guidance document gives an overview of the issues employers should consider before implementing... more
This guidance document gives an overview of the issues employers should consider before implementing IT security tools that collect employee personal information.
Jun 22, 2015 Privacy guidelines for strata corporations and strata agents Privacy In British Columbia, strata corporations and strata agents acting on their behalf must adhere to the... more
In British Columbia, strata corporations and strata agents acting on their behalf must adhere to the privacy rules contained in PIPA. These guidelines are intended to assist strata corporations and strata agents in discharging their duties under the Strata Property Act in a manner that respects the privacy of owners and promotes transparency in the operation of strata corporations.
Jun 22, 2015 PIPA and Strata Corporations: Frequently Asked Questions Privacy This FAQ is intended to accompany the Privacy Guidelines for Strata Corporations and Strata Agents (... more
This FAQ is intended to accompany the Privacy Guidelines for Strata Corporations and Strata Agents (https://www.oipc.bc.ca/guidance-documents/1455) to assist strata corporations and strata agents in discharging their duties under the Strata Property Act (“SPA”) in a manner that respects the privacy of owners and tenants under the BC Personal Information Protection Act (“PIPA”).
Mar 9, 2015 Guide to the Freedom of Information and Protection of Privacy Act (FIPPA) for individuals Policies and Procedures Background information and answers to the public's most frequently asked questions about B.C.'s publ... more
Background information and answers to the public's most frequently asked questions about B.C.'s public sector access and privacy law.
Feb 18, 2015 Guidance for the use of body-worn cameras by law enforcement authorities Surveillance This guidance document aims to identify some of the privacy considerations law enforcement authoriti... more
This guidance document aims to identify some of the privacy considerations law enforcement authorities should take into account when deciding whether to outfit law enforcement officers with body-worn cameras. Also described is the privacy framework that should be part of any law enforcement body-worn camera program in order to ensure compliance with Canada’s personal information protection statutes.
Jan 15, 2015 Instructions for Written Inquiries Best Practices These instructions will help you get ready to participate in a written inquiry by the Office of the ... more
These instructions will help you get ready to participate in a written inquiry by the Office of the Information and Privacy Commissioner (“OIPC”).
Jan 9, 2015 Protecting Personal Information Away from the Office Security Whenever personal information is being used outside of the office there is an increased risk that it... more
Whenever personal information is being used outside of the office there is an increased risk that it will be lost or compromised. Public bodies and private organizations must keep paper and electronic records safe and secure as required by the Freedom of Information and Protection of Privacy Act (FIPPA) and the Personal Information Protection Act (PIPA).
Dec 5, 2014 Identity theft resources for consumers and businesses Other Every year, millions of dollars are lost as identify theft threatens the financial security of thous... more
Every year, millions of dollars are lost as identify theft threatens the financial security of thousands of Canadians. Identity theft is also a privacy matter – personal information can be lost or compromised. With identity theft on the rise, it is more important than ever for Canadians to take action to protect their personal information.
Nov 10, 2014 Checking References: Guidance for Public Bodies Best Practices Hiring employees who are a good fit for a job is an essential component of the operations of any pub... more
Hiring employees who are a good fit for a job is an essential component of the operations of any public body. Knowing how an applicant has performed in a previous workplace is an important part of the hiring process and checking references is a practice that gives the prospective employer some idea of how the applicant might perform in the future.
May 8, 2014 Guidelines for Online Consent Technology Guidance from the BC, Alberta and Federal Privacy Commissioner regarding meaningful consent in an on... more
Guidance from the BC, Alberta and Federal Privacy Commissioner regarding meaningful consent in an online context. Organizations should have a clear, descriptive and accessible privacy policy and, as circumstances warrant, dynamic privacy explanations, in the course of the user experience.
Jan 22, 2014 Guide to OIPC Processes (FIPPA) Policies and Procedures This Guide addresses the most common procedures that the Office of the Information and Privacy Commi... more
This Guide addresses the most common procedures that the Office of the Information and Privacy Commissioner (“OIPC”) uses under the Freedom of Information and Protection of Privacy Act (“FIPPA”). For all complaints and requests for review, the OIPC’s overriding policy is to encourage the parties to resolve the issues by settlement. OIPC staff are authorized to attempt mediation of all matters before they are referred to a more formal process.
Jan 22, 2014 Guide to OIPC Processes (PIPA) Policies and Procedures This Guide addresses the most common procedures that the Office of the Information and Privacy Commi... more
This Guide addresses the most common procedures that the Office of the Information and Privacy Commissioner (“OIPC”) uses under the Personal Information Protection Act (“PIPA”). For all complaints and requests for review, the OIPC’s overriding policy is to encourage the parties to resolve the issues by settlement. OIPC staff are authorized to attempt mediation of all matters before they are referred to a more formal process.
Jan 22, 2014 Public Sector Surveillance Guidelines Best Practices The purpose of this guidance document is to provide information on how the Freedom of Information a... more
The purpose of this guidance document is to provide information on how the Freedom of Information and Protection of Privacy Act (“FIPPA”) applies to the use of video and audio surveillance systems by public bodies.
Aug 13, 2013 Practical Suggestions for your Organization's Website's Privacy Policy Best Practices This guidance document is intended to set out the basics of what an organization should consider whe... more
This guidance document is intended to set out the basics of what an organization should consider when developing a website privacy policy.
Jun 26, 2013 Accountable Privacy Management in BC's Public Sector Best Practices This document provides step-by-step guidance for British Columbia public bodies on how to implement ... more
This document provides step-by-step guidance for British Columbia public bodies on how to implement effective privacy management programs.
May 8, 2013 Privacy Emergency Kit Best Practices Sharing personal information during an emergency -- information and guidance from the B.C. Informati... more
Sharing personal information during an emergency -- information and guidance from the B.C. Information and Privacy Commissioner and the Privacy Commissioner of Canada.
Mar 18, 2013 Use of Personal Email Accounts for Public Business Best Practices This document explains the implications under the Freedom of Information and Protection of Privacy A... more
This document explains the implications under the Freedom of Information and Protection of Privacy Act (“FIPPA”) for use of personal email accounts for work purposes by employees of public bodies.
Oct 24, 2012 Good privacy practices for developing mobile apps Technology This guidance outlines the privacy considerations when designing and developing mobile apps.
Jul 2, 2012 Early notice and PIA procedures for public bodies Policies and Procedures Public bodies planning a "data-linking initiative" or "common or integrated program or activity" mus... more
Public bodies planning a "data-linking initiative" or "common or integrated program or activity" must submit a PIA to the Commissioner's office and must also give early notice to the Commissioner.
Jun 14, 2012 Cloud computing for private organizations (small and medium sized enterprises) Technology This guidance document is intended to help SMEs understand what their privacy responsibilities are a... more
This guidance document is intended to help SMEs understand what their privacy responsibilities are and to offer some suggestions to address privacy considerations in the cloud.
Apr 17, 2012 Getting accountability right with a privacy management program Privacy Guidelines for private sector organizations to build a privacy management program step-by-step.
Apr 17, 2012 Privacy management program: At-a-glance Privacy A two-page overview of the key building-blocks of a privacy management program for the private secto... more
A two-page overview of the key building-blocks of a privacy management program for the private sector.
Apr 10, 2012 A Guide to PIPA for businesses and organizations Policies and Procedures This guidance document will help you understand B.C.'s legal framework for access and privacy in the... more
This guidance document will help you understand B.C.'s legal framework for access and privacy in the private sector. Includes case examples, tips and a glossary of key terms.
Apr 10, 2012 Security Self-Assessment Tool Security This document will help you assess your organization's security measures and offers guidance on mini... more
This document will help you assess your organization's security measures and offers guidance on minimum security requirements in 17 different categories.
Apr 2, 2012 Privacy Breaches: Tools and Resources Breaches Privacy breach guidance for the public and private sector. Includes: key steps in responding to priv... more
Privacy breach guidance for the public and private sector. Includes: key steps in responding to privacy breaches; privacy breach management policy template; privacy breach checklist; breach notification assessment tool.
Feb 23, 2012 Cloud computing for public bodies Technology This document outlines how FIPPA applies to cloud computing, including the requirement that data be ... more
This document outlines how FIPPA applies to cloud computing, including the requirement that data be stored and accessed only in Canada.
Oct 3, 2011 Guidelines for social media background checks Technology A “social media background check” can mean many things. It can be as simple as checking out a Facebo... more
A “social media background check” can mean many things. It can be as simple as checking out a Facebook profile or as complicated as hiring someone to search for every bit of social media about an individual. When organizations and public bodies search for information about an individual, the collection, use, and disclosure of that personal information is subject to the privacy provisions of FIPPA and PIPA. These laws apply whether the individual is applying for paid or unpaid employment, a volunteer position, or if they are applying to run as a candidate in an election.
Jul 4, 2011 Guidelines on the Electronic Publication of Decisions of Administrative Tribunals Other The Internet is an efficient, inexpensive and effective tool to communicate tribunal decisions to th... more
The Internet is an efficient, inexpensive and effective tool to communicate tribunal decisions to the public. However, tribunal members should write decisions to reflect the fact that the Internet provides access to tribunals’ decisions to unlimited persons for unlimited uses. In many cases, a tribunal can comply with FIPPA and accomplish its goals with respect to openness, accountability and transparency through the publication of decisions that do not include the names of parties or witnesses or other personally identifiable information.
Oct 14, 2010 Privacy guidelines for landlords and tenants: Frequently asked questions Privacy Landlords and property managers acting on their behalf must adhere to the privacy rules contained in... more
Landlords and property managers acting on their behalf must adhere to the privacy rules contained in the Personal Information Protection Act. These guidelines are intended to assist landlords and property managers in discharging their duties in a manner that respects the privacy of tenants and promotes transparency in the operation of landlord and tenant relationships.
Jan 1, 2010 Access and Privacy Issues: A Guide for Tribunals Other This Guide has been jointly prepared by the Office of the Information and Privacy Commissioner (OIPC... more
This Guide has been jointly prepared by the Office of the Information and Privacy Commissioner (OIPC) for British Columbia and the BC Ministry of Attorney General’s Administrative Justice Office (AJO) to address tribunal access and privacy issues.
Jun 15, 2009 BC physician privacy toolkit Health Health information is one of the most sensitive forms of personal information. Physicians in private... more
Health information is one of the most sensitive forms of personal information. Physicians in private practice must follow the rules for personal information outlined in the Personal Information Protection Act (PIPA). The BC Physician Privacy Toolkit will help physicians implement strong data management practices.
Apr 6, 2009 Policy on consultations with the OIPC Policies and Procedures The Office of the Information and Privacy Commissioner is often asked by public bodies and private o... more
The Office of the Information and Privacy Commissioner is often asked by public bodies and private organizations to comment on various matters, including proposed policies, legislation, projects, programs, systems and other matters, or compliance issues. This policy statement confirms the basis on which we do this and the nature of any comments we make, whether verbal or written.
Oct 6, 2008 Emergency disclosure of personal information by universities, colleges and other educational institutions Privacy In emergency situations, privacy laws in Ontario and British Columbia do not prohibit universities, ... more
In emergency situations, privacy laws in Ontario and British Columbia do not prohibit universities, colleges or other educational institutions from responsibly disclosing a student’s personal information, including information about their mental, emotional or other health conditions, to parents or others who may be able to help in a crisis. There is no question that the decision to disclose a student’s personal information without consent is extremely difficult and requires a reasoned judgment call. The decision rests, on a case-by-case basis, with whoever is responsible, be that a doctor, student counsellor, residence advisor or the head of an institution. The decision must be made very carefully and sensitively, but privacy laws do not stand in the way of an educational institution’s ability to make this decision, where appropriate.
Mar 3, 2008 Guidelines for overt video surveillance in the private sector Surveillance To help organizations achieve compliance with private sector privacy legislation, we have developed ... more
To help organizations achieve compliance with private sector privacy legislation, we have developed these guidelines, which set out the principles for evaluating the use of video surveillance and for ensuring that its impact on privacy is minimized. These guidelines apply to overt video surveillance of the public by private sector organizations in publicly accessible areas. These guidelines do not apply to covert video surveillance, such as that conducted by private investigators on behalf of insurance companies, nor do they apply to the surveillance of employees.
Sep 19, 2007 Photo ID guidance for the private sector Best Practices The collection of personal information must be limited to examination of identification only and mus... more
The collection of personal information must be limited to examination of identification only and must not involve recording of personal information from the identification offered, including driver’s licence numbers or addresses. Organizations must only compare the name and photo on the identification with the name on the credit card.
Mar 5, 2007 Privacy proofing your retail business: Frequently asked questions Privacy More than ever before, retailers have to be prepared to deal with customers who ask questions about ... more
More than ever before, retailers have to be prepared to deal with customers who ask questions about the type and amount of personal information retailers collect, what they intend to do with it, and how they will protect it from misuse. This document answers frequently asked questions about retailers and PIPA.
Mar 5, 2007 Collection of Driver's licence numbers under PIPA: A guide for retailers Best Practices This guide is intended to help retailers navigate the privacy issues and risks related to driver’s l... more
This guide is intended to help retailers navigate the privacy issues and risks related to driver’s licences and to encourage them to carefully consider whether they need any information from customer driver’s licences at all.
Jun 1, 2006 Physicians & Security of Personal Information Health The Information and Privacy Commissioner for British Columbia is concerned about recent privacy brea... more
The Information and Privacy Commissioner for British Columbia is concerned about recent privacy breaches involving personal health information and the adequacy of security measures being used to protect patient records. This is a reminder that private sector organizations, including physicians in private practice, are required by BC’s Personal Information Protection Act (PIPA) to take reasonable security measures to protect personal information from risks such as unauthorized collection, use or disclosure. PIPA sets out the consequences for violations of these requirements.
Apr 3, 2006 PIPA and the hiring process: Frequently asked questions Best Practices This document gives answers to the most frequently asked questions by employers about PIPA and the ... more
This document gives answers to the most frequently asked questions by employers about PIPA and the hiring process. .
Apr 4, 2005 Use of Social Insurance Numbers by private sector organizations Best Practices Private sector organizations covered by the Personal Information Protection Act (PIPA) are subject t... more
Private sector organizations covered by the Personal Information Protection Act (PIPA) are subject to rules governing their collection, use and disclosure of personal information. A Social Insurance Number (SIN) is personal information under PIPA and therefore its collection, use and disclosure are subject to PIPA. This document describes PIPA’s requirements in more detail as they relate to voluntary supply of SINs.
Feb 7, 2005 Faxing and emailing personal information Security A good rule of thumb is that you should only fax or email personal information that you would feel c... more
A good rule of thumb is that you should only fax or email personal information that you would feel comfortable discussing over the telephone if it were your own personal information. You should not fax or email sensitive personal information such as health information or financial information unless it is absolutely necessary to send it at once and faxing or emailing is the only timely way to do so.
Jun 7, 2004 Tips for organizations responding to privacy complaints (PIPA) Best Practices This guide offers suggestions for organizations when investigating a privacy complaint made under PI... more
This guide offers suggestions for organizations when investigating a privacy complaint made under PIPA.
May 20, 2004 Guidelines for creating a privacy policy (PIPA) Best Practices Privacy policies may take many forms, depending on the size of the organization, the quantity and ty... more
Privacy policies may take many forms, depending on the size of the organization, the quantity and type of personal information it collects, uses or discloses, and the nature of those activities. This guide is organized to highlight the elements required in a privacy policy. Your organization may also choose to use headings of a similar nature in order to assist individuals in understanding your privacy policy.
Jul 22, 2003 Guidance for conducting adequate search investigations (FIPPA) Access to Information This document offers suggestions for public bodies to use in investigating complaints that a search ... more
This document offers suggestions for public bodies to use in investigating complaints that a search conducted in response to an access request made under FIPPA was not adequate.
May 8, 2003 Guidelines for data services contracts Technology These guidelines deal with contracting out arrangements that involve “personal information” as defin... more
These guidelines deal with contracting out arrangements that involve “personal information” as defined in the Freedom of Information and Protection of Privacy Act (FIPPA). A public body cannot, by contracting out, relieve itself of its privacy obligations under Part 3 of the Act.
Oct 10, 2001 Guidelines for audits of automated personal information systems Technology This document contains guidelines for public bodies to refer to in designing, and auditing the perfo... more
This document contains guidelines for public bodies to refer to in designing, and auditing the performance of any automated system that contains, processes, transmits or otherwise deals with personal information.