This toolkit is designed to help your organization learn about privacy compliance and provide practical information about the Personal Information Protection Act (PIPA).

Background

The Personal Information Protection Act (PIPA) came into effect on January 1, 2004. It governs the collection, use and disclosure of personal information by organizations like non-profit providers working with BC Housing, in a manner that recognizes both the right of individuals to protect their personal information and the need of organizations to collect, use or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances.

PIPA gives individuals the right to access and request corrections to their own personal information. In addition, PIPA requires organizations to make reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification or disposal or similar risks with respect to personal information in their custody or under their control.

Toolkit resources

Templates

Personal Information Protection Policy for Providers
This policy helps non-profit providers comply with PIPA. It can be customized to fit your business operations.

target="_blank" class="external-no-treatment"Consent to Collect or Disclose or Exchange Personal Information Form
This is a multi-purpose consent form providers can use to collect, disclose or exchange personal information concerning the individuals you serve.

Confidentiality Agreement for Contractors, Volunteers or Employees
For contractors, volunteers or employees who, in performing services or job duties for a provider, are or could be involved with personal information under PIPA.

Privacy Protection Schedule (PPS)
The PPS is an agreement between a provider and a contractor. It enables providers to comply with your obligations under PIPA regarding personal information collected or created by the contractor.

The PPS is a fillable PDF document that can be saved to your computer. When the top portion of the PPS is completed, the PPS automatically becomes a schedule to the agreement. Enter you name, as the provider, in the space for “Organization.” Do not edit the body of the PPS.

Creating a privacy management program for B.C. processes

Privacy Management Program – at a glance
A two-page overview of the key building blocks required for a private-sector privacy management program. Coauthored by the Office of the Information and Privacy Commissioner (OIPC) for B.C. and Alberta and the Privacy Commissioner of Canada.

Getting Accountability Right With a Privacy Management Program
A detailed guide intended for organizations subject to PIPA that outlines what the authors expect to see in a privacy management program. Coauthored by the OIPCs for B.C. and Alberta and the Privacy Commissioner of Canada.

Guide to OIPC Processes (PIPA)
The guide addresses the most common procedures that the OIPC for B.C. uses under PIPA.

Instructions for written inquiries under PIPA
This describes the OIPC for B.C.’s process for reviewing an organization’s decision about whether to grant an individual access to his or her personal information and for investigation of a complaint about an organization.

Guidelines & best practices

A Guide to PIPA for Businesses and Organizations

The OIPC for B.C. developed this detailed guide for businesses and other organizations to help you understand PIPA, especially the areas of PIPA you are most likely to run across when operating a business or organization.

Guide to PIPA

A handout format of the key PIPA areas, issued by the Office of the Chief Information Officer for the Province of B.C.

Guidelines for Overt Video Surveillance in the Private Sector

These guidelines apply to overt video surveillance of the public by private sector organizations, such as BC Housing providers, in publicly accessible areas. Coauthored by the OIPCs for B.C. and Alberta and the Privacy Commissioner of Canada.

Privacy Guidelines for Landlords and Tenants

The guidelines are intended to assist landlords and property managers performing your duties under the Residential Tenancy Act in a manner that respects the privacy of tenants and promotes transparency in landlord, tenant and prospective tenant relationships.

BC Housing Supplement to Privacy Guidelines for Landlords and Tenants (under revision) – This highlights some differences between the BC Housing-provider relationship and the landlord-tenant relationship discussed in the OIPC for B.C. guidelines.

Protecting Personal Information Away From the Office

Guidelines for protecting personal information outside the office. Issued by the OIPC for B.C.

Privacy Breaches: Tools and Resources

Privacy breach guidance for the public and private sectors. Includes key steps in responding to privacy breaches, privacy breach management policy template, privacy breach checklist, and a breach notification assessment tool. Issued by the OIPC for B.C.

Privacy Emergency Kit – Sharing Information During an Emergency

The Office of the Privacy Commissioner of Canada, in consultation with the OIPC for B.C. and the other privacy oversight offices across Canada, has developed this kit. It helps private organizations under PIPA and public bodies under FIPPA create plans for information sharing before, during and after an emergency in a way that complies with privacy law.

PIPA and the Hiring Process

This document provides answers to employers’ most frequently asked questions about PIPA and the hiring process. Issued by the OIPC for B.C.

Securing Personal Information: A Self-Assessment Tool for Organizations (under PIPA)

This document helps raise awareness of the adequacy of an organization's security measures and offers guidance on the minimum security requirements in 17 different categories. Coauthored by OIPCs for B.C. and Alberta and the Privacy Commissioner of Canada.

Tips for Organizations Responding to a Privacy Complaint Under PIPA

This guide offers suggestions for organizations that are investigating a privacy complaint made under PIPA. Issued by the OIPC for B.C.

Cloud Computing for Organizations Under PIPA
This guidance document is intended to help small- and medium-size enterprises understand your privacy responsibilities and offers suggestions to address privacy considerations in the cloud. Issued by the OIPC for B.C.

The difference between PIPA and FIPPA

The Personal Information Protection Act (PIPA) applies to all private-sector organizations in B.C., including a corporation, partnership, unincorporated association, trade union, trust and non-profit organization, such as housing providers working with BC Housing.

The Freedom of Information and Protection of Privacy Act (FIPPA) applies to public bodies in B.C., including government ministries and most government agencies, boards, commissions and Crown corporations. It also applies to local public bodies, such as municipalities, universities, colleges and school boards, hospitals and health boards as well as designated self-governing bodies of professional organizations listed in FIPPA Schedule 3, such as the College of Physicians and Surgeons and the Law Society of BC. BC Housing is a Crown corporation public body under FIPPA.

Although FIPPA does not apply to the private sector, certain records (“record” is defined in FIPPA) in the custody or under the control of providers working with BC Housing might be covered, and thus subject to access to information requests under FIPPA.

FIPPA governs access to BC Housing records and the protection of personal information in its custody or under its control.

PIPA is focused on personal information, which does not include access to a provider’s records as in FIPPA unless the records contain personal information that an individual is entitled to request, or, in the case of access by BC Housing, the record was created as part of the provider’s working relationship with BC Housing.

Privacy training & awareness

Privacy Awareness Training

This document provides a basic understanding of the information you need to know to protect the privacy of your tenants and/or clients.

Privacy Training for Housing Registry Members

This document ensures users with access to The Housing Registry understand the obligations to protect privacy. Employees and volunteers must review this training before accessing The Housing Registry. access