BC Freedom of Information and Privacy Association
Your Data Your Rights
I am part of a private sector organization. What are my responsibilities regarding access to information/privacy?
Almost all BC organizations in the private sector fall under the ambit of the Personal Information Protection Act. For example, PIPA covers but is not limited to corporations, partnerships, individuals involved in a commercial activity (e.g., business that is not incorporated), charities, societies, and not-for-profits.
Under PIPA, private sector organizations have two main responsibilities, which are (1) general compliance, policies, and practices (Part 2 of PIPA); and (2) employee personal information.
First, under general compliance, policies, and practices, organizations are responsible for person information under its control and must also:
- Consider what a reasonable person would consider appropriate in the circumstances
- Designate one or more individuals to be to be responsible for ensuring compliance with PIPA (also known as privacy officers)
- These individuals may delegate the duty to another individual
- The position title and contact information for those responsible for ensuring compliance with PIPA, including their delegates, must be publicly available
- Develop and follow policies and practices that are necessary for the organization to comply with PIPA
- Develop a process to respond to complaints that stem from PIPA
- Make information available upon request regarding the organizations policies, practices, and complaint process
Second, private sector organizations must not only handle and comply with PIPA regarding customer/client information, but also specifically their own employee’s personal information. PIPA defines employee personal information to be employee records that help establish, manage, or terminate an employment relationship. Some examples may include job applications, performance evaluations, and letters of resignation or termination. An organization must notify their employees in advance when there is collection, use, or disclosure of employee personal information.
For more information about your responsibilities as an employer, please visit BC FIPA’s Get Help pages.
Updated 2024.09. 20
These pages were last updated and reviewed in the summer of 2024.
The information on these pages only contains general information and guidance; none of the information constitutes legal advice. If you have a specific issue that you believe is a legal problem, the best practice is to consult a lawyer.
The information is non-partisan, dynamic and ever changing. It is the result of FIPA’s research and public education programs.
If you note something that needs to be added, corrected, or removed, please contact us by email: fipa AT fipa.bc.ca.
