What is Freedom of Information and Protection of Privacy Act (FIPPA)?

British Columbia’s Freedom of Information and Protection of Privacy Act (FIPPA) is provincial legislation passed in 1993, which governs how SFU and other public bodies are required to manage the personal information they collect.

As suggested by its name, FIPPA has two main functions:

  • Freedom of Information: As a member of the public, you have a right to access the records public bodies keep about you.
  • Protection of Privacy: You have a right to personal privacy. FIPPA protects your personal information from unauthorized collection, use or disclosure by public bodies like SFU.

Under FIPPA, SFU, its employees, service providers and volunteers share a legal obligation to protect personal information in our custody or under our control.

SFU’s Privacy Management Program is here to assist employees across the university to ensure that we all handle personal information in a manner that’s compliant with FIPPA. See I10.11, Protection of Privacy which establishes a framework for managing personal information in the custody or under the control of the university in compliance with the Freedom of Information and Protection of Privacy Act. The policy applies to all University Employees, Volunteers, and Service Providers who have access to personal information. I10.11 provides clarity on the principles for collecting, using, and disclosing Personal Information within the university context.

What is Protection of Privacy?

According to FIPPA, SFU is required to protect your personal information. Simply put, that means we must take great care with the personal information you share with the university, ensuring that it is not collected unnecessarily or used or disclosed inappropriately.

According to the Information & Privacy Commissioner of BC, personal information is “any recorded information that uniquely identifies you, such as your name, address, telephone number, age, sex, race, religion, sexual orientation, disability, fingerprints, or blood type. It includes information about your health care, educational, financial, criminal or employment history. It also includes anyone else's opinions about you and your own views or opinions.”

SFU is entrusted with an enormous amount of personal information, and it is our shared responsibility to ensure that it is properly safeguarded.

View Our FAQ

Important external links

To learn more about Freedom of Information and Protection of Privacy, consult the following resources:

Office of the Information & Privacy Commissioner for British Columbia

What are Privacy Impact Assessments?

A Privacy Impact Assessment (PIA) is a requirement for all new or revised initiatives at SFU.

Learn More

FIPPA Amendments

On November 25, 2021 the Freedom of Information and Protection of Privacy Amendment Act received royal assent. Most amendments take effect right away.

Highlights include:

  • Updating data-residency provisions.
    • Previously, FIPPA required that personal information be stored and accessed within Canada except under limited circumstances. The amendments remove these restrictions. Now, when sensitive personal information will be stored outside Canada, an enhanced privacy impact assessment will be required.
  • Implementing mandatory privacy breach reporting to individuals if there is a risk of significant harm to the individual (not in force yet).
  • Increasing penalties for offences and adding new offences for evading FOI and snooping.
  • Introducing a $10 application fee for non-personal FOI requests.
  • Enabling more information sharing with Indigenous peoples and adding Indigenous cultural protections.

SFU will be updating the relevant policies, procedures and forms to conform to these amendments.