Almost all BC organizations in the private sector fall under the ambit of the Personal Information Protection Act. For example, PIPA covers but is not limited to corporations, partnerships, individuals involved in a commercial activity (e.g., business that is not incorporated), charities, societies, and not-for-profits.
Under PIPA, private sector organizations have two main responsibilities, which are (1) general compliance, policies, and practices (Part 2 of PIPA); and (2) employee personal information.
First, under general compliance, policies, and practices, organizations are responsible for person information under its control and must also:
Second, private sector organizations must not only handle and comply with PIPA regarding customer/client information, but also specifically their own employee’s personal information. PIPA defines employee personal information to be employee records that help establish, manage, or terminate an employment relationship. Some examples may include job applications, performance evaluations, and letters of resignation or termination. An organization must notify their employees in advance when there is collection, use, or disclosure of employee personal information.
For more information about your responsibilities as an employer, please visit BC FIPA’s Get Help pages.
Updated 2024.09. 20
These pages were last updated and reviewed in the summer of 2024.
The information on these pages only contains general information and guidance; none of the information constitutes legal advice. If you have a specific issue that you believe is a legal problem, the best practice is to consult a lawyer.
The information is non-partisan, dynamic and ever changing. It is the result of FIPA’s research and public education programs.
If you note something that needs to be added, corrected, or removed, please contact us by email: fipa AT fipa.bc.ca.