Share this: 

British Columbia Data Privacy Laws

Cloud Governance: Data Residency/Sovereignty

Cloud Governance Data Residency and Sovereignty British Columbia Data Privacy LawsThe Information and Privacy Commissioner of British Columbia oversees the public sector and privacy legislation including:

I.  Freedom of Information and Protection of Privacy Act (FOIPPA) – Public Sector

The Freedom of Information and Protection of Privacy Act sets out the access and privacy rights of individuals in British Columbia as they relate to the public sector. FOIPPA covers all provincial government public bodies, ministries, agencies, boards, commissions and local public bodies such as municipalities, universities, colleges and school boards, hospitals and health boards. FOIPPA has two main purposes:

  • Freedom of Information - to make public bodies more open and accountable by providing the public with a legislated right of access to government records, and

  • Protection of Privacy - to protect rights to personal privacy by prohibiting the unauthorized collection, use or disclosure of personal information by public bodies.

Two sections of FOIPPA are critical to entities considering cloud applications:

1. Section 30.1 Storage and Access Must Be in Canada

This regulation states a public body must ensure that personal information in its custody or under its control is stored only in Canada and accessed only in Canada.

2. Section 30.2 Obligation to Report Foreign Demand for Disclosure

This section creates an obligation for public bodies, service providers and employees of both to notify the minister responsible for this Act if they receive, or become aware of, a foreign demand for disclosure of personal information that is not authorized by the Freedom of Information and Protection of Privacy Act.

Source: British Columbia Ministry of Technology, Innovation and Citizens’ Services

II. Personal Information Protection Act (PIPA) – Private Sector

The Personal Information Protection Act came into effect in January 2004, and sets out how British Columbia private sector organizations can collect, use and disclose personal information. This is a private sector privacy legislation modeled closely on the Canadian Standards Association Model Code for Privacy Principles, which outlines ten internationally accepted “fair information practices”.   PIPA applies to all private sector organizations including businesses, non-profits and unions.  The legislation contains rules to protect the privacy of personal information collected, used and disclosed by these organizations as well as limited access provisions to allow individuals to obtain access to their own personal information.

Cloud Governance Data Residency and Sovereignty British Columbia Data Privacy Laws Office of the Information and Privacy Commissioner

Satisfying British Columbia Data Privacy Requirements via a Cloud Data Protection Gateway

The Blue Coat Cloud Data Protection Gateway lets Canadian enterprises in British Columbia define their data protection policies to ensure that sensitive data is appropriately secured and protected in cloud applications.  Authorized data security administrators can select, on a field-by-field basis, whether to allow a data going to the cloud to remain in clear text, or to be replaced with a token. When using tokens as a surrogate value, sensitive data never leaves the organization’s control in any format – making it particularly useful for organizations that need to adhere with FOIPPA or PIPA Privacy Laws in British Columbia.

The data in the cloud is tokenized so it is meaningless when viewed in the cloud, and organizations can be confident that their sensitive data is within their full control at all times.