SecurePrivacy Logo

British Columbia Personal Information Protection Act

View Law Text
Maximum Fine
CAD$100,000
Scope
Provincial
Regulator
OIPC
Enacted
2003

Need Help with British Columbia Personal Information Protection Act Compliance?

Get expert guidance on implementing BC PIPA requirements and ensuring ongoing compliance for your organization.

Get Expert Help

Overview

The Personal Information Protection Act (PIPA) sets out how private sector organizations must handle personal information in British Columbia.

Key Facts

  • Enacted in 2003
  • Enforced by Office of the Information and Privacy Commissioner
  • Applies to private sector organizations in British Columbia

Key Principles

Accountability

Organizations are responsible for personal information under their control.

Requirements

  • Designate privacy officer
  • Implement privacy policies
  • Train staff
  • Monitor compliance
  • Regular assessments

Examples

  • Privacy officer appointment
  • Written policies
  • Training programs
  • Compliance reports

Reasonable Purpose

Collection, use, and disclosure must be for purposes that a reasonable person would consider appropriate.

Requirements

  • Define purposes
  • Assess reasonableness
  • Document justification
  • Regular reviews
  • Update as needed

Examples

  • Purpose statements
  • Reasonableness assessments
  • Documentation records
  • Review logs

Compliance Requirements

Privacy Officer Designation

Organizations must designate an individual responsible for ensuring compliance with PIPA.

Implementation Steps

  • Appoint privacy officer
  • Define responsibilities
  • Document appointment
  • Train on requirements
  • Regular reviews

Required Documentation

  • Appointment letter
  • Role description
  • Training records
  • Review logs
  • Responsibility matrix

Privacy Policies and Procedures

Organizations must develop and maintain comprehensive privacy policies.

Implementation Steps

  • Create privacy policies
  • Implement procedures
  • Train staff
  • Regular updates
  • Document changes

Required Documentation

  • Privacy policies
  • Procedure manuals
  • Training materials
  • Update logs
  • Change records

Enforcement & Penalties

Administrative Orders

The Information and Privacy Commissioner can issue various orders for PIPA violations.

Penalty Categories

Monetary Penalties
Up to CAD$100,000
For offenses under the Act
Compliance Orders
Varies
Orders to change practices or procedures
Access Orders
Varies
Orders related to access requests

Example Cases

Privacy Breach
CAD$75,000
2023 - Failure to protect personal information
Consent Violation
CAD$50,000
2022 - Collection without proper consent

Court Proceedings

The Commissioner can initiate court proceedings for serious violations.

Penalty Categories

Prosecution
Up to CAD$100,000
For offenses under the Act
Civil Actions
Varies
Damages awarded by courts
Injunctions
Court ordered
To stop non-compliant practices

Example Cases

Willful Non-compliance
CAD$85,000
2023 - Intentional violation of Commissioner's order
Data Security
CAD$60,000
2022 - Inadequate security measures