Audit & Compliance

View Sectional Index

In 2014, the Information and Privacy Commissioner established an Audit and Compliance Program to assess the extent to which public bodies and private sector organizations complying with the Freedom of Information and Protection of Privacy Act (FIPPA) and the Personal Information Protection Act (PIPA).

News release: Commissioner to review BC's licensed private sector liquor and cannabis retailers

Overview

The Audit and Compliance Program measures compliance with BC's information and privacy laws and make recommendations to improve privacy and access practices, policies, guidelines, and legislation.

Some of the areas assessed by Audit & Compliance include:

Management policies and procedures;
Collection, use, disclosure, retention;
Protections and safeguards;
Access processes;
Accountability and compliance monitoring.

Program Charter

The OIPC has developed a program charter to assist public bodies and organizations to understand the authority, function, and key steps in an OIPC assessment.

Audit and Compliance Program Charter (PDF)

Year

select

Date	Title	Summary
Nov 22, 2018	City of White Rock: Duty to assist	The duty to assist citizens with requests to access records is an essential component of BC’s Freedo... more The duty to assist citizens with requests to access records is an essential component of BC’s Freedom of Information and Protection of Privacy Act (FIPPA). It is important that public bodies embrace this responsibility by responding openly, accurately and completely, and without delay to all requests.
Jan 17, 2018	WorkSafeBC: Management of access and privacy requests and complaints	WorkSafeBC collects highly sensitive personal information in many ways, including through employee i... more WorkSafeBC collects highly sensitive personal information in many ways, including through employee insurance claims, reports of unsafe working conditions, or during an incident investigation. In the case of workplace injuries that require medical attention, the incident must be reported to WorkSafeBC. Employees cannot opt out and so must trust the agency to appropriately handle their personal information.
Sep 13, 2017	Insurance Corporation of British Columbia Information Sharing Agreements	This report examines how ICBC shares the personal information of millions of British Columbians.
Dec 8, 2016	Over-collected and Overexposed: Surveillance and Privacy Compliance in a Medical Clinic	This is the first audit of a private sector business to determine the organization's compliance with... more This is the first audit of a private sector business to determine the organization's compliance with PIPA.
Jun 23, 2016	City of Vancouver Duty to Assist	This report looks at the duty to assist, which requires public bodies to make every reasonable effor... more This report looks at the duty to assist, which requires public bodies to make every reasonable effort to assist each applicant openly, accurately and completely, without delay, throughout the freedom of information process.
Sep 30, 2015	Examination of British Columbia Health Authority Privacy Breach Management	This report addresses one aspect of BC's complex, multi-party health care system - the degree to whi... more This report addresses one aspect of BC's complex, multi-party health care system - the degree to which health authorities effectively manage privacy breaches when and where they happen.
Jan 28, 2015	An Examination of BC Government's Privacy Breach Management	This report examines the degree to which the BC government is fulfilling its duty to respond to, and... more This report examines the degree to which the BC government is fulfilling its duty to respond to, and properly manage, its privacy breaches.

Report a Privacy Breach How to Make a Complaint How to Request a Review How to Make an Access Request Request Spoken Language Interpretation Services