Printed . This content is updated regularly, please refer back to https://bcfsa.ca to ensure that you are relying on the most up-to-date resources.
Privacy Policy

Select the section you’d like to navigate to.
Accordion items
-
Go to Privacy Policy
- Privacy Officer
- Collecting, Using, and Disclosing Information
- What is Personal Information?
- Collecting Personal Information
- Accessing or Using Personal Information
- Disclosing and Sharing Personal Information
- Storing, Retaining, and Safeguarding Personal Information
- Disposal of Personal Information
- Seeking Correction of Personal Information
- Managing Privacy Breaches
- Freedom of Information Requests
Privacy Policy
BCFSA is committed to protecting your privacy. This page summarizes BCFSA’s privacy policies and practices, including our website.
If you have questions about the privacy policy or BCFSA’s handling of your personal information, please contact BCFSA’s Privacy Officer at (604) 660-3555 or toll free at (866) 206-3030. You can also email us at foi@bcfsa.ca or write to BCFSA:
Privacy Officer
BC Financial Services Authority
600-750 West Pender Street
Vancouver, B.C.
V6C 2T8
The designated Privacy Officer has overall authority for monitoring privacy management and compliance.
Collecting, Using, and Disclosing Information
BCFSA collects, uses, and discloses information, including personal information, and records in accordance with the following British Columbia statutes:
- Credit Union Incorporation Act
- Financial Institutions Act (“FIA”)
- Financial Services Authority Act
- Freedom of Information and Protection of Privacy Act (“FOIPPA”)
- Information Management Act (“IMA”)
- Insurance Act
- Insurance (Captive Company) Act
- Mortgage Brokers Act
- Pension Benefits Standards Act
- Real Estate Development Marketing Act
- Real Estate Services Act
- Strata Property Act
BCFSA considers privacy risks and conducts a privacy impact assessment (“PIA”) when any new initiative—such as a program, project, or system—that collects, uses, or discloses personal information is being planned.
A PIA is a step-by-step review to ensure that BCFSA:
- Identifies any risks with collecting personal information;
- Protects the privacy of personal information in its custody or control; and
- Remains in compliance with FOIPPA.
- The PIA includes an assessment of the methods of communication and record-keeping (including software) for collecting, handling, storing, and destroying information.
What is Personal Information?
“Personal information” is recorded information about an identifiable individual, other than business contact information, such as an individual’s name, age, home address, or financial information. Business contact information, such as a position title, business address, or business phone number, is not considered “personal information”.
Collecting Personal Information
BCFSA strives to limit any collection to what is relevant and necessary for BCFSA’s functions and the Acts (including those listed above) that it administers. When collecting personal information, BCFSA will explain why we need it and set out BCFSA’s legal authority to collect the information or record. Whenever possible, BCFSA will collect information and records directly from you.
BCFSA may collect your personal information, including:
- To process your licensing or registration application;
- To process your enrollment in licensing or registration education programs;
- To handle a complaint or investigate a regulatory matter;
- To administer your account in BCFSA’s Integrated Regulatory Information System (“IRIS”);
- In the course of conducting a consultation with licensees, registrants, or the public on matters related to BCFSA’s mandate;
- To confirm your identity; or
- To contact and correspond with you, including sending you notifications and information you have requested.
BCFSA may sometimes indirectly collect personal information, including:
- When assessing the suitability of applicants for licensing, registration or business authorization, or qualifications of directors and officers of a financial institution;
- When investigating a concern or complaint;
- When receiving filings and reports containing data required to apply BCFSA’s supervisory framework to its regulated entities; or
- As otherwise authorized by law.
- British Columbia’s Personal Information Protection Act (“PIPA”) allows an organization subject to that Act to disclose personal information without consent where required or authorized by law, such as required filings with BCFSA (PIPA, s. 18(o)).
Accessing or Using Personal Information
BCFSA will only access or use personal information for the purpose it was collected, for a consistent purpose, as authorized by law, or with your consent for another purpose.
Wherever practicable, only those who “need to know” will have access to your personal information and only to the minimum amount required to perform their duties. All employees are subject to BCFSA’s Standards of Conduct Policy and receive privacy training as part of the new employee orientation package and during periodic training updates.
Disclosing and Sharing Personal Information
BCFSA does not sell the personal information it collects and will only disclose your personal information for the purpose it was collected, for a consistent purpose, with your consent, or as otherwise authorized by law. In some cases, disclosure may be required if BCFSA takes action under the Acts it administers, in a prosecution, or pursuant to a request made under FOIPPA. In other cases, disclosure may be made at the discretion of BCFSA, for example, in response to a law enforcement request or as part of information sharing with another regulatory authority as permitted under FOIPPA and the relevant Act administered by BCFSA.
For example, the FIA permits the sharing of information, which may include personal information, with other regulatory authorities to help administer the FIA or similar legislation in Canada or other provinces. In such cases, BCFSA may share risk-related observations with another financial services regulator in Canada.
See also Publication of Regulatory Actions | BCFSA.
Storing, Retaining, and Safeguarding Personal Information
BCFSA makes reasonable security arrangements to protect your personal information against risks such as unauthorized access, collection, use, disclosure, or disposal.
Service providers contracted by BCFSA are also required to comply with FOIPPA and BCFSA’s privacy and security policies. BCFSA’s contracts with service providers, who may have access to personal or confidential information, contain specific provisions requiring confidentiality and compliance with FOIPPA.
Disposal of Personal Information
BCFSA manages records, including records containing personal information, using administrative and operational records classification systems (ARCS/ORCS) in accordance with the IMA.
ARCS and ORCS classify records by common subjects. They specify retention schedules that define how long records of different classifications must be retained for, and describe what must be done with records at the end of their lifecycle. Certain records with enduring value may be sent to the B.C. archives for permanent retention; otherwise, most records are destroyed after the retention period elapses.
BCFSA destroys documents and records using processes designed to safeguard the confidentiality of personal and confidential information and to ensure obliteration.
Seeking Correction of Personal Information
BCFSA makes reasonable efforts to ensure that the personal information it collects, uses, or discloses is accurate and complete. If you think there is a mistake or omission in the personal information BCFSA has about you, you may contact BCFSA’s Privacy Officer by letter or email asking us to correct any errors or omissions in your personal information.
In your request, specify the information you believe is missing or incorrect and include the correct information; BCFSA will make the correction as soon as reasonably possible or annotate the reasons why the corrections cannot be made.
Managing Privacy Breaches
A privacy breach is any collection, use, disclosure, disposal, storage of, or access to personal information not authorized by FOIPPA. In the event of a privacy breach, we follow our response procedure:
- Contain and Report: The breach is immediately reported and all efforts are made to recover the information or remove unauthorized access to information.
- Evaluate Risks: The Privacy Officer reviews to determine what happened, the cause and extent of the breach, how many individuals have been affected, and determine the consequences to BCFSA and affected individuals.
- Notify: If the breach is reasonably expected to result in significant harm to the affected individuals, including significant physical harm or financial loss, we are required to notify those individuals and the Office of the Information and Privacy Commissioner under FOIPPA.
- Prevent: If applicable, the Privacy Officer will recommend best practices and provide guidance on how to avoid a repeat incident.
Freedom of Information Requests
For information about FOI requests and accessing your personal information in BCFSA’s custody or under our control, visit BCFSA’s dedicated FOI page.
Website Privacy Policy
Collection of Information
When you visit BCFSA’s website, the website automatically collects a limited amount of information essential for the operation, security, and reporting analytics of the site. Some of this information (e.g., browser type) does not identify who you are, while other information, such as your IP address, may identify you.
Third Party Links
This website contain links to other websites that are not operated by BCFSA. These links are for your convenience. You should review the privacy notices at those other sites before providing them with personal information.