The purpose of the Freedom of Information and Protection of Privacy Act (FOIPPA) is to promote public sector accountability and to protect personal privacy. To comply with FOIPPA, public bodies must prevent the unauthorized collection, use and disclosure of personal information.
- Personal information is “recorded information about an identifiable individual other than contact information” (FOIPPA). For example: name, age, marital status, photographs, biometrics or opinions are all personal information.
- Personal information may be identifiable through the 'mosaic effect'. The mosaic effect is a concept that illustrates how elements of information may be non-identifiable on their own but when combined could become personally identifiable. For example, a male in his 20s who lives in Vancouver and drives a black Honda would not be identifiable. However, a male in his 60s who lives in Smithers and drives a yellow Lamborghini would be identifiable.
When you have control or custody over personal information, ensure that you:
- Have authority to collect personal information based on section 26 of FOIPPA and that it is used and disclosed in accordance with FOIPPA.
- Are complying with FOIPPA by completing a Privacy Impact Assessment.
- Establish reasonable security of personal information and safeguard personal information in a way that is proportionate to the sensitivity of the information.
- Do not store or access personal information outside of Canada (section 30.1 of FOIPPA).
- All government contractors and service providers who collect or create personal information must complete the Privacy and Information Sharing: Awareness Training for Contractors and Service Providers course through OpenSchool BC.
- Information incidents occur when unwanted or unexpected events threaten privacy or information security. They can be accidental or deliberate and include the theft, loss, alteration or destruction of information.
- For all information incidents, suspected or actual, report the incident immediately. Contact your Contract Manager or Supervisor and report the incident to 250 387-7000, select option 3.
- Business contact information is not personal information. Business contact information includes the name, position name or title, business telephone number, business address, business email or business fax number of the individual.