Privacy Policy

a brass padlock surrounded by many white keys and one brass key

Privacy Policy

BCFSA is committed to protecting your privacy. This page summarizes BCFSA’s privacy policies and practices, including our website.

If you have questions about the privacy policy or BCFSA’s handling of your personal information, please contact BCFSA’s Privacy Officer at (604) 660-3555 or toll free at (866) 206-3030. You can also email us at foi@bcfsa.ca or write to BCFSA:

Privacy Officer

BC Financial Services Authority
600-750 West Pender Street
Vancouver, B.C.
V6C 2T8

The designated Privacy Officer has overall authority for monitoring privacy management and compliance.

Collecting, Using, and Disclosing Information

BCFSA collects, uses, and discloses information, including personal information, and records in accordance with the following British Columbia statutes:

BCFSA considers privacy risks and conducts a privacy impact assessment (“PIA”) when any new initiative—such as a program, project, or system—that collects, uses, or discloses personal information is being planned.

A PIA is a step-by-step review to ensure that BCFSA:

  • Identifies any risks with collecting personal information;
  • Protects the privacy of personal information in its custody or control; and
  • Remains in compliance with FOIPPA.
  • The PIA includes an assessment of the methods of communication and record-keeping (including software) for collecting, handling, storing, and destroying information.

What is Personal Information?

“Personal information” is recorded information about an identifiable individual, other than business contact information, such as an individual’s name, age, home address, or financial information. Business contact information, such as a position title, business address, or business phone number, is not considered “personal information”.

Collecting Personal Information

BCFSA strives to limit any collection to what is relevant and necessary for BCFSA’s functions and the Acts (including those listed above) that it administers. When collecting personal information, BCFSA will explain why we need it and set out BCFSA’s legal authority to collect the information or record. Whenever possible, BCFSA will collect information and records directly from you.

BCFSA may collect your personal information, including:

  • To process your licensing or registration application;
  • To process your enrollment in licensing or registration education programs;
  • To handle a complaint or investigate a regulatory matter;
  • To administer your account in BCFSA’s Integrated Regulatory Information System (“IRIS”);
  • In the course of conducting a consultation with licensees, registrants, or the public on matters related to BCFSA’s mandate;
  • To confirm your identity; or
  • To contact and correspond with you, including sending you notifications and information you have requested.

BCFSA may sometimes indirectly collect personal information, including:

  • When assessing the suitability of applicants for licensing, registration or business authorization, or qualifications of directors and officers of a financial institution;
  • When investigating a concern or complaint;
  • When receiving filings and reports containing data required to apply BCFSA’s supervisory framework to its regulated entities; or
  • As otherwise authorized by law.
  • British Columbia’s Personal Information Protection Act (“PIPA”) allows an organization subject to that Act to disclose personal information without consent where required or authorized by law, such as required filings with BCFSA (PIPA, s. 18(o)).

Accessing or Using Personal Information

BCFSA will only access or use personal information for the purpose it was collected, for a consistent purpose, as authorized by law, or with your consent for another purpose.

Wherever practicable, only those who “need to know” will have access to your personal information and only to the minimum amount required to perform their duties. All employees are subject to BCFSA’s Standards of Conduct Policy and receive privacy training as part of the new employee orientation package and during periodic training updates.

Disclosing and Sharing Personal Information

BCFSA does not sell the personal information it collects and will only disclose your personal information for the purpose it was collected, for a consistent purpose, with your consent, or as otherwise authorized by law. In some cases, disclosure may be required if BCFSA takes action under the Acts it administers, in a prosecution, or pursuant to a request made under FOIPPA. In other cases, disclosure may be made at the discretion of BCFSA, for example, in response to a law enforcement request or as part of information sharing with another regulatory authority as permitted under FOIPPA and the relevant Act administered by BCFSA.

For example, the FIA permits the sharing of information, which may include personal information, with other regulatory authorities to help administer the FIA or similar legislation in Canada or other provinces. In such cases, BCFSA may share risk-related observations with another financial services regulator in Canada.

See also Publication of Regulatory Actions | BCFSA.

Storing, Retaining, and Safeguarding Personal Information

BCFSA makes reasonable security arrangements to protect your personal information against risks such as unauthorized access, collection, use, disclosure, or disposal.

Service providers contracted by BCFSA are also required to comply with FOIPPA and BCFSA’s privacy and security policies. BCFSA’s contracts with service providers, who may have access to personal or confidential information, contain specific provisions requiring confidentiality and compliance with FOIPPA.

Disposal of Personal Information

BCFSA manages records, including records containing personal information, using administrative and operational records classification systems (ARCS/ORCS) in accordance with the IMA.

ARCS and ORCS classify records by common subjects. They specify retention schedules that define how long records of different classifications must be retained for, and describe what must be done with records at the end of their lifecycle. Certain records with enduring value may be sent to the B.C. archives for permanent retention; otherwise, most records are destroyed after the retention period elapses.

BCFSA destroys documents and records using processes designed to safeguard the confidentiality of personal and confidential information and to ensure obliteration.

Seeking Correction of Personal Information

BCFSA makes reasonable efforts to ensure that the personal information it collects, uses, or discloses is accurate and complete. If you think there is a mistake or omission in the personal information BCFSA has about you, you may contact BCFSA’s Privacy Officer by letter or email asking us to correct any errors or omissions in your personal information.  

In your request, specify the information you believe is missing or incorrect and include the correct information; BCFSA will make the correction as soon as reasonably possible or annotate the reasons why the corrections cannot be made.

Managing Privacy Breaches

A privacy breach is any collection, use, disclosure, disposal, storage of, or access to personal information not authorized by FOIPPA. In the event of a privacy breach, we follow our response procedure:

  1. Contain and Report: The breach is immediately reported and all efforts are made to recover the information or remove unauthorized access to information.
  2. Evaluate Risks: The Privacy Officer reviews to determine what happened, the cause and extent of the breach, how many individuals have been affected, and determine the consequences to BCFSA and affected individuals.
  3. Notify: If the breach is reasonably expected to result in significant harm to the affected individuals, including significant physical harm or financial loss, we are required to notify those individuals and the Office of the Information and Privacy Commissioner under FOIPPA.
  4. Prevent: If applicable, the Privacy Officer will recommend best practices and provide guidance on how to avoid a repeat incident.

Freedom of Information Requests

For information about FOI requests and accessing your personal information in BCFSA’s custody or under our control, visit BCFSA’s dedicated FOI page.

Website Privacy Policy

Collection of Information

When you visit BCFSA’s website, the website automatically collects a limited amount of information essential for the operation, security, and reporting analytics of the site. Some of this information (e.g., browser type) does not identify who you are, while other information, such as your IP address, may identify you.

Third Party Links

This website contain links to other websites that are not operated by BCFSA. These links are for your convenience. You should review the privacy notices at those other sites before providing them with personal information.