Amendments to BC FOIPPA – Privacy Impact Assessments Required in Some Circumstances

Davis LLP Privacy Bulletin

March 02, 2012

British Columbia FOIPPA was amended in the Fall of 2011 and it is now mandatory for public bodies (including many educational institutions, local government bodies, certain agencies, boards, crown corporations and professional regulatory bodies) to complete a privacy impact assessment, and submit it to the Office of the Information and Privacy Commissioner for review, if the public body intends to engage in a “common or integrated program or activity” (for example, a designated project between a public body and a private sector organization involving the use of personal information) or a “data-linking initiative” (for example, an initiative involving personal information from separate databases being combined for a new purpose).

A Privacy Impact Assessment typically involves a multi-disciplinary team reviewing, considering and documenting the potential implications of a proposed activity or project on the organization's collection, use and/or disclosure of personal information, and planning in advance to ensure that the organization's FOIPPA obligations will be met and that privacy rights and interests are adequately considered and accommodated throughout the activity or project.