Once a request is submitted, the information holder usually has 30 days to respond to the request; however, it is common for the information holder to extend the response deadline by an additional 30 days. Information holders can extend the response deadline if it is approved by the Privacy Commissioner, if the requestor has not […]

In 2008, BC’s E-Health (Personal Health Information Access and Protection of Privacy) Act (e-Health Act) was enacted to support the development of the e-Health system.  Under the e-Health Act, the Minister can designate any health database in the public system as a health information bank (HIB) and require it to be filled with information from […]

Reasons for refusal depend on the information you are requesting and from whom. If an information holder refuses your request partially or fully, the information holder must explain the refusal to you.   List of some reasons a request could be refused:  The disclosure would compromise an investigation or law enforcement operation  The disclosure would risk […]

The Manitoba Ombudsman, in reference to suggestions made by the Office of the Information and Privacy Commissioner of Alberta, has developed a guidance sheet on how to respond to privacy breaches which will be relevant for any jurisdiction.   Summary of the key steps:  Containing the Breach  Change passwords + two-factor verification  Contact the office in […]

The information holder should tell you if they do not have the records you requested. If they know that a different institution has them, they should transfer your request and inform you that the request has been transferred. The institution that received your request must then respond to you within 30 business days of the […]

To request 911 records, an applicant must directly contact and request from the originating emergency agency. For example, if a police department was involved, that specific police department in the relevant jurisdiction should be contacted. Please see E-Comm’s 911 website for more information.   Requests for audio recordings of 911 calls may be denied based on […]

The Office of the Information & Privacy Commissioner (OIPC) has provided guidance about privacy concerns between landlords and tenants in British Columbia. Simply put, landlords must comply with the Personal Information Protection Act (PIPA). Anyone offering rent—whether it is a secondary suite, condo, or apartment—is subject to the rules of PIPA. The rules of PIPA […]

Federal public bodies are required to publish the type of information that is under their control. Specifically, federal public bodies organize personal information into personal information banks (PIBs) that are retrievable by name, identifying number, or symbol. PIBs essentially provide a summary of the type of personal information held by government institutions.   Looking up the […]

If access to all or part of the information is refused by a private sector organization in BC, they must tell you the reasons for refusal, the section of Personal Information Protection Act (PIPA) that applies, and the contact information of an employee who can answer your questions about the refusal. They must also inform […]

The federal public body must tell you if they do not have the records you requested. If they know that another federal public body has them, they should transfer your request and let you know that it has done so. The new federal public body that received your request must then respond to you within […]

When requesting your personal information from a public body, one of the first things you should do is verify that the public body has the personal information you seek. Accessing information, even if it is your own, can sometimes be a long drawn-out process so it is important to verify they have it before starting […]

Private sector organizations can collect your personal information for legitimate and reasonable purposes; however, they must follow the personal information and privacy rules set out in the Personal Information Protection Act, which are based on the ten principles of privacy protection.  For example, the organization should identify the purpose for collecting personal information, including how […]