Ten Privacy Principles

Last updated on August 22, 2023

Identify purpose
Limit collection
Get consent
Limit use, disclosure and retention
Reasonable security
Be accountable
Be open and transparent
Ensure accuracy
Right of access and correction
Provide recourse

Identify Purpose

You must identify in writing: the purpose for which you are collecting personal information, the legal authority and the contact information of someone who can answer questions about the collection, unless an exception applies. Find help here (PDF).

Limit Collection

Do not collect personal information indiscriminately or without a legal authority. Information must be necessary to fulfill identified purposes, and be reasonable and appropriate. Find your collection authority here (PDF).

Get Consent

Secure consent for as a means to use or disclose personal information for secondary purposes. Consent must be written and explicit. There are some specific circumstances where consent is not required. Find more here.

Limit Use, Disclosure & Retention

You may use or disclose personal information for the purposes identified when it was collected, or another reason authorized by FOIPPA. For new uses, get consent. Find your use (PDF) and disclosure (PDF) authorities here.

Limit Retention

Personal Information used to make a decision about an individual must be retained for at least one year. Information must be destroyed in accordance with any applicable records retention schedules. Find your Records Officer here.

Reasonable Security

You must make reasonable security arrangements to protect personal information. Measures should be appropriate and proportional to the sensitivity of the information. Consideration should be given to physical, technical and procedural measures. Find your MISO here.

Be Accountable

Be responsible for all personal information under your control, including contractors’ records. Be aware of who your Ministry Privacy Officer is. Find your MPO here.

Be Open & Transparent

Routinely release any records that can be regularly provided to the public. Proactively disclose any records that will be of interest to the public. Consult with Information Access Operations on these processes. Find the Open Information Open Data Policy here (PDF).

Ensure Accuracy

You must make a reasonable effort to ensure personal information collected is accurate and complete if it will be used to make a decision affecting the individual it is about. Learn more about this requirement here.

Right of Access & Correction

Individuals have a right to access their own personal information, or have that information corrected. Be aware of the FOI process, and direct any requests to Information Access Operations immediately.

Provide Recourse

If you receive a complaint about how an individual’s personal information has been handled, direct it to the Corporate Privacy Office immediately, via the breach reporting line: 7-7000, option 3. Learn more here.

Contact information

Office
250 356-1851

Email
privacy.helpline@gov.bc.ca

Additional Resources

The 10 Privacy Principles Wheel

Did you find what you were looking for?

The B.C. Public Service acknowledges the territories of First Nations around B.C. and is grateful to carry out our work on these lands. We acknowledge the rights, interests, priorities, and concerns of all Indigenous Peoples - First Nations, Métis, and Inuit - respecting and acknowledging their distinct cultures, histories, rights, laws, and governments.

More topics