Protecting Personal Information

Your organization is legally obligated to protect any personal information that you collect, use or disclose, whether the information is about your customers, your employees or others.

Personal Information

Personal information means information about an identifiable individual. Some examples of personal information include:

  • Name, sex, age, weight, height
  • Home address and phone number
  • Race, ethnic origin, sexual orientation
  • Medical information
  • Income, purchases and spending habits
  • Blood type, DNA code, fingerprints
  • Marital or family status
  • Religion
  • Education
  • Employment information

Personal information doesn’t include the contact information of an individual at a place of business.

Personal Information & Your Organization

To collect, use or disclose personal information, private sector organizations in B.C. must follow the personal information and privacy rules set out in the Personal Information Protection Act, which are based on the ten principles of privacy protection.

These rules strike a balance between the rights of individuals to control access to and use of their personal information, and your organization’s need to collect and use personal information for legitimate and reasonable purposes.

Generally, these rules apply to all private sector organizations including corporations, partnerships, legal representatives, unincorporated associations, trade unions, trusts and not-for-profit organizations. Some specific exclusions apply.

Your organization needs to consider how it will comply with and implement these rules. Compliance can generally be achieved by following four steps:  

  1. Assign one or more individuals as privacy officers
  2. Conduct an audit and self-assessment
  3. Develop a privacy policy for your organization
  4. Implement and maintain your privacy policy