HackFirstAidEducation
Regulatory grid

State overlay · BC

British Columbia

FIPPA (BC) + School Act

BC school districts are public bodies under the Freedom of Information and Protection of Privacy Act. FIPPA's data-residency rules were relaxed in 2021 but breach reporting and reasonable-security duties remain strict.

Notification window

FIPPA s.36.3 requires notification to the Office of the Information and Privacy Commissioner (OIPC) and affected individuals without unreasonable delay when there is a real risk of significant harm.

Regulators

Office of the Information and Privacy Commissioner for BC (OIPC)

oipc.bc.ca privacy breach reporting form.

BC Ministry of Education and Child Care

Notify the Ministry's Information Security Branch.

Canadian Centre for Cyber Security (CCCS)

contact@cyber.gc.ca — federal incident assistance.

Unique gotchas

  • Even after the 2021 FIPPA amendments, contracts with US-hosted vendors must document a privacy impact assessment (PIA).
  • Independent (group 1-4) schools fall under PIPA BC, not FIPPA — confirm the regime before notifying.

Testing authority

BC Ministry Provincial Assessments (FSA, Grad)