Special Report 24-01: Review of Government's performance in responding to access requests

The right to access public body records without unreasonable delay is protected by law and is critical to enabling an informed and well functioning democratic society. The provincial Government receives thousands of requests for access to records each year and, as such, the timeliness of Government in responding to access requests is important.

This report marks the ninth review from the Office of the Information and Privacy Commissioner (OIPC) on Government’s timeliness, and covers the three-year period of April 1, 2020 to March 31, 2023. Where possible, the OIPC also examined historical data on Government’s performance over the past decade.

Celebrating 30 years of BC's Freedom of Information and Protection of Privacy Act

On October 4, 1993, BC’s Freedom of Information and Protection of Privacy Act came into force. The legislation received unanimous support when it was passed in the BC Legislature the year prior – testament to the need for a law that protected British Columbians’ personal information and that gave them access to government information – their information.

On this 30th Anniversary of FIPPA, BC’s Information and Privacy Commissioner Michael McEvoy reflects on the passing of FIPPA, the 30 years of its evolution, and where the legislation needs to go from here.

Follow-up Report 23-04: Left untreated: Security gaps in BC's public health database

A follow-up report has found the Provincial Health Services Authority (PHSA) has taken meaningful steps to incorporate recommendations aimed at strengthening the privacy and security of the Provincial Public Health Information System (System), following the Office of the Information and Privacy Commissioner’s (OIPC) December 2022 report that found the PHSA’s failure to address security and privacy vulnerabilities put British Columbians at risk.

Special Report 23-03: The digital dilemma: Reflections on the OIPC Youth Forum

On March 9, 2023, the Office of the Information and Privacy Commissioner for British Columbia (OIPC) hosted the OIPC Youth Forum. A group of high school students from across British Columbia joined experts from the OIPC, the BC Civil Liberties Association, MediaSmarts, and special guest speaker, Cambridge Analytica whistleblower and social researcher Christopher Wylie, for a wide-ranging discussion on the privacy issues that impact students most.

Investigation Report 22-02 Left untreated: Security gaps in BC's public health database

The Provincial Health Services Authority (PHSA) has failed to address security and privacy vulnerabilities in BC’s Provincial Public Health Information System (the System) — putting the personal health information of British Columbians at risk.

An investigation report released by Information and Privacy Commissioner Michael McEvoy says the security and privacy vulnerabilities have been known to the PHSA since 2019.

COVID-19 and the OIPC

The OIPC continues to provide service to the public, public bodies, and private sector. To protect the health of our employees and to do our part to slow community transmission of the COVID-19 virus, most OIPC staff have now transitioned to working remotely. This will mean that, for the time being, our Office will not receive in person visits from those we serve.

We will post updates on our website and social media channels as the situation continues to unfold.

Understanding Notification and Consent: #PrivacyRight tools for May

Getting #PrivacyRight means respecting the trust that individuals place in organizations that collect, use or disclose their personal information. People should be confident that businesses will collect their personal information appropriately and in a straightforward manner and, where needed, only after they have provided meaningful consent.

April's PrivacyRight tools are here!

This month, learn about the authority to collect, use, and disclose personal information. Explore our latest online tools, including a video, a webinar, a podcast, and one of our key guidance documents. Whether you’re an organization that collects, uses, and discloses personal information or a customer who is wondering what happens to your information, this month’s releases have the answers you need.

Check out our latest PrivacyRight tools

This month, learn about accountability and the benefits of implementing a privacy management program. We have several online tools for you to explore, including two webinars (each with printer-friendly notes), a video, and podcast. Dig a little deeper with our related guidance documents, then take our privacy assessment challenge.

The secret's out... privacy is good business

The secret’s out… privacy is good business. And to help you and your organization get on board, we are launching PrivacyRight, a series of educational tools for BC organizations that will help you understand your obligations under the Personal Information Protection Act (PIPA).

Does the GDPR apply to your BC-based organization?

You probably noticed a flurry of emails in your inbox over the past few weeks, as everything from social media apps to your email provider to your fridge rush to send you privacy policy updates. Why now, you ask? Well, it has to do with a new privacy law called the GDPR.

Government record management systems need independent oversight

I am as surprised as anyone that email retention and deletion by government staff is again making news. These matters have been thoroughly canvassed in numerous reports by my office, by government and in government’s own retention schedules and policies. They also emphasize the need for independent oversight of record management including the duty to document.

Privacy Awareness Week 2018: Why privacy is good for business

This year, as the Asia Pacific Privacy Authorities (APPA) mark Privacy Awareness Week, there couldn’t be a more important time to talk about the need to protect personal information. I spoke about this very topic last week to a gathering of small business owners, communications professionals, and government employees.

Secondary use of your personal information

How many times a day are you asked for your email, telephone number, postal code, or birth date? Probably more than you might realize. Think about when you go to the grocery store, the pharmacy, or to a clothing or electronics store. Many retailers ask for your email to connect purchase history with future promotional offers to better tailor potential discounts with your spending habits. But is this legal? Well, it all comes down to the purpose for which the information was collected.

Data Privacy Day 2018 - Respecting privacy, safeguarding data and enabling trust

Let’s face it – protecting data in our digital society isn’t easy. Devices intended to improve our lives also collect an astounding amount of information about you, your family, and friends. Voice assistant technology, connected devices, and apps that give you remote access to your home sound pretty convenient. But before you unlock your front door with your phone, think about this: in 2016, 2.2 billion data records were compromised and vulnerabilities were uncovered in products and services, such as baby monitors and door locks. Yikes!

In the clouds and beyond! Navigating access and storage outside of Canada

Are you tempted by the potential benefits of cloud-computing? The option can be appealing, as the service often cuts costs and removes obstacles for users looking to reduce IT infrastructure and maintenance. Before you reach for the clouds, make sure you know the legal requirements that apply when processing and storing personal information outside of Canada.

Big Data and the Internet of Everything

I recently spoke about the Internet of Things and Big Data at a healthcare summit in Vancouver. Well, let’s be honest and call it what it really is - the Internet of Everything. From the rubber ducky in your child’s bathtub to your smart tea kettle, the array of connected devices on the market today seems almost limitless.

Delegates and observers meet in Vancouver for APPA 48 Forum

A few weeks ago, my office and the Office of the Privacy Commissioner of Canada (OPC-Canada) co-hosted the 48th Asia Pacific Privacy Authorities (APPA) Forum in Vancouver. From November 15-17, APPA officials from 14 member jurisdictions and invited guests shared insights and perspectives, discussed global privacy trends, exchanged experiences, and looked for opportunities for joint regulatory guidance and enforcement activities across the Asia Pacific Region.

Right to Know week - Sept 25- Oct 2

From September 25 to October 2 we are celebrating Right to Know week to raise awareness of our right to access government records, essential to democracy and good governance.

Reaching out about Open Government

I was invited to speak to this group because Selkirk College has been awarded a three-year federal grant to explore open data and open government in rural B.C. The organizers asked me to share my views about open data, including where datasets should be published, and what data should be considered sensitive and private.

September 26 – Oct 2 is Right to Know Week!

Today kicks off our celebration of Right to Know Week, dedicated to the promotion of freedom of information worldwide. Originating in Bulgaria in 2002, the right to know movement is celebrated by approximately 40 countries and 60 non-governmental organizations on September 28 every year.

Privacy Awareness Week 2016 celebrates 10 years

Each year in the beginning of May, privacy professionals around the world celebrate Privacy Awareness Week (PAW). Now celebrating its 10th anniversary, the initiative was started by the Asia Pacific Privacy Authorities (APPA) back in 2006 to promote and raise awareness for numerous privacy issues and the importance of protecting information.

New study asks, "Who's tracking whom?"

They’re like having your own personal trainer – at a fraction of the cost. But findings from a study by researchers at the University of Toronto reveal that fitness trackers, the popular wearable devices that track our steps, calories, sleep, and other data, may also be tracking us.

Tips and tricks for Fraud Prevention Month

We’ve all experienced it: a suspicious email, a nuisance call, or offer that’s just too good to be true. From pyramid schemes to spammers and scammers, Canadians lose millions of dollars every year to electronic fraud.

Why we should care about Apple’s battle with the FBI

In our complex digital age, tensions between law enforcement agencies and tech companies continue to tighten. I do not underestimate the challenges posed by international terrorism, particularly after recent attacks around the world. But I wonder: what is proper oversight and supervision of the surveillance activities of national security and law enforcement agencies?

Building upon the roots of data protection and privacy

By Martin Abrams

In December 2015, European Data Protection Supervisor Giovanni Buttarelli issued an opinion that suggested we need to re-invent data protection for the era of big data, not to compromise on principles, but rather to assure big data is used to serve people.

Minding the gaps

The digital economy requires no passport… no special visa. But there’s a problem: different legal systems and cultural norms about privacy make the flow of information across borders a complicated undertaking.

Is a BYOD program right for you?

“Bring Your Own Device” or BYOD is becoming increasingly popular for many private sector organizations. But balancing the protection of corporate information with customer and employee privacy rights can be a challenging exercise, involving policy, training, and technical solutions. Here are some tips to consider.

Toying with privacy

From talking dolls to miniature versions of Mom and Dad’s cell phones, tablets, and smart watches, store shelves are piled high this season with the latest versions of internet connected toys. As digital technologies advance, more connected toys will come onto the marketplace. Here are some tips to protect your family's privacy.

Five key ways to protect your workplace - and employees' privacy

We all expect public bodies and businesses to secure their IT networks against outside threats—but what about those that can occur inside your workplace? Software tools can provide some protection, but they can also lead to the unintended collection of your employees’ personal information.

Building Bridges

Last week, my office was proud to host an important conference in Vancouver called Privacy and Access 20/20: The Future of Privacy. The conference sessions were thought-provoking, timely and prescient.

Out of office tips and tricks

It’s not always possible to get all your work done in eight hours. Sometimes taking work home is unavoidable. But whenever personal information is accessed outside of the office there is an increased risk that it could be lost or compromised. Public bodies and private organizations must keep paper and electronic records safe and secure as required by the Freedom of Information and Protection of Privacy Act (“FIPPA”) and the Personal Information Protection Act (“PIPA”).

Anti-spam tips and tricks

When Canada’s anti-spam legislation (CASL) came into effect on July 1, 2014, our email inboxes became a lot easier to manage. But spam can still find its way onto computers. More than merely annoying, these unwanted emails can launch malicious spyware into our inboxes and compromise our privacy. Fortunately, there are some simple actions you can take to help minimize the risk.

Right to Know Week is here

The purpose of Right to Know Week is to raise awareness of our rights to access government information. Right to Know also promotes freedom of information as an essential element to both democracy and good governance. Here are some other Fast Facts about Right to Know Week:

Check out our latest PrivacyRight products!

This month, learn about accountability and the benefits of implementing a privacy management program. We have several online tools for you to explore, including two webinars (each with printer-friendly notes), a video, and podcast. Dig a little deeper with our related guidance documents, then take our privacy assessment challenge.