More topics

Section 69 - General Information Respecting Use of Personal Information

Last updated on April 27, 2016

Overview

Section 69 establishes requirements for ministries and other public bodies to publicly report the type of personal information holdings they have and how this personal information is used.

Section Reference

Section 69 of the Freedom of Information and Protection of Privacy Act

(1) In this section:

“information sharing agreement” means an agreement that sets conditions on one or more of the following:

(a) the exchange of personal information between a public body and a person, a group of persons or an organization;

(b) the disclosure of personal information by a public body to a person, a group of persons or an organization;

(c) the collection of personal information by a public body from a person, a group of persons or an organization;

“personal information bank” means a collection of personal information that is organized or retrievable by the name of an individual or by an identifying number, symbol or other particular assigned to an individual;

“privacy impact assessment” means an assessment that is conducted to determine if a new enactment, system, project or program meets the requirements of Part 3 of this Act.

(2) The minister responsible for this Act must maintain and publish a personal information directory to provide information about records in the custody or under the control of ministries of the government of British Columbia and about the use of those records.

(3) The personal information directory must include a summary that meets the requirements of the minister responsible for this Act of the following information: 

(a) the personal information banks that are in the custody or control of each ministry of the government of British Columbia;

(b) the information sharing agreements into which each ministry of the government of British Columbia has entered;

(c) the privacy impact assessments that each ministry of the government of British Columbia has conducted;

(d) any other information the minister responsible for this Act considers appropriate.

(4) The head of a ministry must correct as soon as possible any errors or omissions in the portion of the personal information directory that relates to the ministry, and provide the corrected information to the minister responsible for this Act. 

(5) The head of a ministry must conduct a privacy impact assessment and prepare an information sharing agreement in accordance with the directions of the minister responsible for this Act. 

(6) The head of a public body that is not a ministry must make available for inspection and copying by the public a directory that lists the public body's personal information banks and includes the following information with respect to each personal information bank:

(a) its title and location;

(b) a description of the kind of personal information and the categories of individuals whose personal information is included;

(c) the authority for collecting the personal information;

(d) the purposes for which the personal information was obtained or compiled and the purposes for which it is used or disclosed;

(e) the categories of persons who use the personal information or to whom it is disclosed;

(f) information required under subsection (7).

(7) The minister responsible for this Act may require one or more public bodies, or classes of public bodies, that are not ministries of the government of British Columbia 

(a) to provide additional information for the purposes of subsection (6), and

(b) to comply with one or more of the subsections in this section as if the public body were a ministry of the government of British Columbia.

(8) Not later than 60 days after making an order under section 33.1(3) (orders allowing disclosure outside Canada), the minister responsible for this Act must publish a summary of the order.

Summary

The Act requires the minister to publish a Personal Information Directory that assists the public to locate personal information held by ministries and determine how this information is used. It also requires Ministries to provide updated information for the Personal Information Directory and to complete Privacy Impact Assessments and Information Sharing Agreements in accordance with directions set by the Minister. In addition, the Act requires a public body, other than a ministry, to make available for public inspection a directory of its personal information banks.

The Act requires the minister to publish a summary of any order made under section 33.1(3) which allows disclosure of personal information outside Canada.

Policy

  1. The minister responsible for this Act must maintain and publish a personal information directory to assist in identifying and locating ministry records.
  2. The head of a ministry must provide new or updated information to the minister responsible for this Act regarding personal information banks, information sharing agreements, privacy impact assessments, and other information requested by the Minister as soon as possible to correct errors and omissions.
  3. When initiating any new legislation, system or program that involves personal information, in any capacity, the ministry must conduct a privacy impact assessment in accordance with the directions provided by the minister responsible for this Act.
  4. Ministries are required to develop, where appropriate, information sharing agreements to cover regular and systematic exchanges of personal information, i.e., where there is an expectation of an on-going sharing for program purposes. Specific and non-regular requests for personal information would usually be handled on a case-by-case basis and documented separately.
  5. Ministries are required to include a compliance review requirement and schedule in each information sharing agreement.
  6. The head of a public body that is not a ministry must make available for inspection and copying by the public a directory that lists the public body’s personal information banks and includes the information that is listed in the Act.
  7. If the minister issues an order (under section 33.1) that authorizes the release of personal information outside Canada, the minister must publish a summary of that order within 60 days.

Procedure

  1. Each ministry enters updated information about existing and new Personal Information Banks, Privacy Impact Assessments, and Information Sharing Agreements into the prescribed format in the electronic database supporting the Personal Information Directory.
  2. The Privacy and Legislation Branch (PLB) will publish new information as it is received.
  3. The Privacy and Legislation Branch will provide ministries with the prescribed format for Privacy Impact Assessments and Information Sharing Agreements by means of electronic forms and templates. 
  4. A template for the Privacy Impact Assessment can be found on the PLB website.
  5. Guidelines for developing an information sharing agreement can be found at the PLB website.
  6. A public body that is not a ministry is required to make available a directory listing its personal information banks containing the following, which is the minimum amount of information required by the Act:
    • the title of the personal information bank and its location;
    • a description of the kind of personal information held and the categories of individuals whose personal information is included;
    • the authority for the collection of the information;
    • the purposes for which the personal information was obtained or compiled and the purposes for which it is used or disclosed;
    • the categories of persons who use the personal information or to whom it is disclosed;
    • contact information regarding the ministry and branch responsible for the maintenance of the personal information bank; and,
    • any information that the minister responsible for the Act deems necessary.
  7. The minister responsible for this Act may require that a public body, other than a ministry, comply with this section as if it were a ministry.

Interpretation

The minister responsible for the Act publishes a Personal Information Directory that contains summaries of BC government holdings with respect to Personal Information Banks, Information Sharing Agreements and Privacy Impact Assessments. The Directory is a reference tool that assists the public to access records in the custody or under the control of public bodies.

personal information bank” means a collection of personal information that is organized or retrievable by the name of an individual or by an identifying number, symbol or other particular assigned to an individual;

information sharing agreement” means an agreement that sets conditions on one or more of the following:

  1. the exchange of personal information between a public body and a person, a group of persons or an organization;
  2. the disclosure of personal information by a public body to a person, a group of persons or an organization;
  3. the collection of personal information by a public body from a person, a group of persons or an organization;

privacy impact assessment” means an assessment that is conducted to determine if a new enactment, system, project or program meets the requirements of Part 3 of this Act.

To provide services and benefits to the public, public bodies collect and maintain large quantities of personal information on individuals. Much of this personal information is stored and used in what are known as personal information banks.

A personal information bank is a collection of personal information that is organized and retrieved using an individual’s name or an identifying number or particular assigned to the individual. Personal information banks contain:

  • personal information linked to an identifiable individual;
  • personal information that is organized and capable of being retrieved by a personal identifier;
  • personal information that has normally been compiled for a single purpose.

Categories of individuals whose personal information is included.

This is a description of the groups or categories of individuals whose personal information is included in the personal information bank of a public body. Personal information is stored in various ways so that the public body that provides goods or services to individuals might better serve the public and manage its programs.

  • public sector employees
  • citizens
  • government employees
  • program clients

Categories of persons who use the personal information

This is a listing of the groups of employees or individual employees that have a requirement to access and use the personal information in the personal information bank to perform their job functions. Public bodies ensure that the appropriate level of security is in place depending on the type of information. Access is restricted to a need-to-know basis

The following are examples of some of the categories of individuals who use the personal information:

  • administrative
  • management
  • program staff

Sectional Index of Commissioner's Orders

For orders organized by the Act's section numbers, Click here.

For a summary of Commissioner's orders and policy interpretation of key points, Click here.

Last updated: July 27, 2007