New privacy compliance requirements coming under B.C.’s FIPPA legislation

Commencing February 1, 2023, British Columbia’s public sector privacy statute – the Freedom of Information and Protection of Privacy Act – will require public bodies to have a privacy management program and to comply with privacy breach notification obligations. Accordingly, public bodies should now prepare for compliance with those new requirements.

British Columbia’s Freedom of Information and Protection of Privacy Act (FIPPA) regulates how provincial public bodies in British Columbia (e.g., provincial government ministries and agencies, municipalities, crown corporations, post-secondary institutions, school boards, health authorities and self-governing bodies of professions) collect, use, disclose and retain personal information. FIPPA also provides access rights to certain records and personal information held by public bodies in British Columbia and establishes a regime of independent review and oversight.

In November 2021, the Government of British Columbia enacted Bill 22, Freedom of Information and Protection of Privacy Amendment Act, 2021 (Bill 22) to make significant amendments to FIPPA, including new requirements for privacy management programs and privacy breach notification obligations that come into force on a date set by regulation. See BLG bulletin Changes to B.C.’s public sector privacy legislation.

In November 2022, the Government of British Columbia approved Order in Council No. 638, which provides that the requirements for privacy management programs and privacy breach notification obligations will come into force on February 1, 2023.

Read our bulletin on this topic.

This content has been updated on December 14, 2022 at 15 h 06 min.