Private Sector Organizations and Your Privacy Rights

Two privacy laws apply only to organizations in the private sector and between them they cover every organization operating in the private sector in British Columbia. The Personal Information Protection Act (BC) (PIPA) is a law of BC and applies only in BC.

Alberta also has a privacy law called the Personal Information Protection Act , applicable only in Alberta. It is very similar to BC’s law, but the two should not be confused.

The Personal Information Protection and Electronic Documents Act (PIPEDA) is a law of Canada and applies throughout Canada, including in BC.

PIPA and PIPEDA each cover different parts of the private sector.

Both these laws require private sector organizations to follow certain rules to protect the privacy rights of individuals in the course of collecting, using, holding or disclosing personal information.

These laws also give individuals a right to request access to their personal information that an organization has, and a right to request that a correction be made if they feel the information is incorrect or incomplete. At the same time, these laws also recognize the need of organizations to collect, use or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances. In this way, they are intended to balance the rights of individuals with the reasonable needs of organizations.

What Do these Private Sector Privacy Laws Apply To?

PIPA and PIPEDA apply to “personal information” – which is information about an individual who can be identified by the information by itself, or in combination with other information available in the particular circumstances.
Personal information is not only information that you would expect might be private, like workplace reviews, health information or PINs. It is any information that allows you to be identified (except business contact information, this includes an individual’s name, position name or title, business telephone numbers, business fax numbers, business mailing address and business email address.

These two laws regulate how organizations collect, use and disclose personal information. The word “organization” covers:

  1. corporations;
  2. individuals;
  3. unincorporated associations;
  4. trade unions;
  5. trusts; and
  6. not-for-profit organizations.

These laws do not apply to:

  1. information that does not identify an individual, such as aggregate information (link to:  information about many individuals that is collected together from different sources but does not have individual identifiers on it) or statistical information;
  2. information about a group or business; or
  3. an individual’s name together with their business contact information (sometimes called “tombstone data” or “business card information.”)

And the following are not covered under PIPA or PIPEDA:

  1. individuals, when they are collecting, using or disclosing personal information for personal, journalistic, artistic or literary purposes;
  2. any level of government;
  3. the courts;
  4. the Nisga’a government; or
  5. private trusts.

PIPA does not apply outside BC and doesn’t apply to organizations that are covered by PIPEDA, while PIPEDA does not apply in BC except to certain organizations.