Assign Privacy Officers

Last updated on March 31, 2016

You must assign one or more individuals within your organization to develop, implement and maintain a privacy policy that suits your business and complies with the ten principles of privacy protection. This individual is commonly known as a "privacy officer."

What is a privacy officer?
Why have a privacy officer?
Will one privacy officer be enough?
Do I need to hire extra staff?
What is the privacy officer's role if a complaint is made to the Information and Privacy Commissioner?

What is a Privacy Officer?

A privacy officer is the first point of contact in your organization when privacy issues arise. He or she has the authority to intervene on privacy issues relating to any of your organization's operations. A privacy officer is responsible for:

Conducting a privacy audit and self-assessment
Developing a privacy policy
Implementing and maintaining a privacy policy
Managing privacy training
Responding to requests for access to and correction of personal information
Working with the Information and Privacy Commissioner in the event of an investigation

A privacy officer must also be familiar with the Personal Information Protection Act and the ten principles of privacy protection.

Why Have a Privacy Officer?

By law, all organizations must assign at least one privacy officer. The name of the privacy officer should be circulated within the organization and staff should be encouraged to discuss privacy issues with the officer. The title and contact information of each privacy officer must also be made available to the public.

Will One Privacy Officer be Enough?

This depends on a number of factors such as:

The size of your organization
The structure of your organization (is it a single location or does it have multiple offices or branches?)
The amount of personal information your organization holds

An organization with a number of offices or a large amount of personal information might choose to assign a privacy officer in each location. However, an organization that holds very little personal information might find that one privacy officer is enough.

A privacy officer can delegate his or her duties to another individual if the transfer of responsibility is formally documented.

Do I Need to Hire Extra Staff?

In most cases an existing staff member can take on the duties of a privacy officer. However, if the main business or activity of your organization involves the collection or use of personal information, then a dedicated, full-time position may be necessary.

What is the Privacy Officer's Role if a Complaint is Made to the Information and Privacy Commissioner?

Information and Privacy Commissioner receives a complaint regarding your organization’s personal information practices, your privacy officer may be contacted to provide information and assistance.

Information & Privacy Commissioner

The Office of the Information and Privacy Commissioner offers a number of tools and resources for private organizations.

Legislation

Personal Information Protection Act

Contact information

Office
250 356-1851

Email
privacy.helpline@gov.bc.ca

Did you find what you were looking for?

The B.C. Public Service acknowledges the territories of First Nations around B.C. and is grateful to carry out our work on these lands. We acknowledge the rights, interests, priorities, and concerns of all Indigenous Peoples - First Nations, Métis, and Inuit - respecting and acknowledging their distinct cultures, histories, rights, laws, and governments.

More topics