British Columbia · FIPPA

Access and privacy for BC public bodies, in one platform

AccessPoint manages British Columbia FIPPA access requests alongside the privacy management program, breach notification, and privacy impact assessments now required under the 2021 reforms — pre-configured for BC and running inside your own Microsoft 365 tenant.

British Columbia at a glance

Response deadline
30 business days from receipt
Extensions
Permitted (s. 10) — large volumes, consultations, third-party notice; longer extensions need OIPC approval
Application fee
$10 for general records requests; no fee to access your own personal information
Privacy duties
Mandatory privacy management program, breach notification, and PIAs
Oversight
Information and Privacy Commissioner for BC (order-making)
Languages
English

Built for British Columbia

One platform for the whole access-and-privacy mandate, pre-configured for this regime and running in your own Microsoft 365 tenant.

FIPPA request lifecycle

Intake to disclosure on BC's 30-business-day clock, with s. 10 extensions, the FIPPA exemption catalogue, fee estimates, and records ready for the order-making OIPC — all built on Microsoft 365.

Privacy management program

Maintain the privacy management program every BC public body must now have — policies, PIAs, training, and breach response — as a living part of your platform rather than a binder on a shelf.

Privacy impact assessments

Run the PIAs FIPPA requires before a new initiative that involves personal information — a guided questionnaire with screeners, an embedded risk register, and a defensible, exportable record.

Breach notification

Since February 2023, log a privacy breach, assess whether it could reasonably be expected to result in significant harm, and get a live checklist of what must be reported to the OIPC and affected individuals.

OIPC reviews

Track requests for review and inquiries before the order-making Commissioner with their own statutory clocks, an investigation workspace, and a guided path to closure.

In your own BC tenant

Every request, assessment, and record stays inside your own Microsoft 365 and Azure tenant — no third-party cloud, no per-user fees, and full control of where your data lives.

The 2021 modernization

British Columbia turned privacy management into a legal duty. AccessPoint operates it.

The 2021 amendments to FIPPA gave British Columbia public bodies three new obligations that a request-tracking tool alone cannot meet: a mandatory privacy management program, mandatory breach notification when a breach could reasonably be expected to result in significant harm (in force February 1, 2023), and privacy impact assessments for initiatives involving personal information. AccessPoint runs all three beside your access-request program, on one platform, in your own tenant — so the whole FIPPA mandate lives in one auditable system.

Management program A living privacy program — policies, PIAs, and training — not a one-time document.
Breach notification The significant-harm test and OIPC/individual notices, computed for you.
Privacy impact assessments Assess new initiatives before personal information is collected.

Configured out of the box

Installing the ca-bc-fippa configuration pack seeds your tenant with everything this regime needs — a starting point you can adjust, not a lock-in.

Related guide: FOI Workflow Quick Check
  • FIPPA as the legal-authority and citation spine
  • British Columbia statutory-holiday calendar and 30-business-day rules
  • The FIPPA exemption and exclusion catalogue, colour-coded for redaction
  • Section 10 extension reasons with citations and limits
  • Requestor fee categories and the $10 application-fee configuration
  • OIPC review and complaint grounds and dispositions
  • British Columbia timeliness brackets and statistical-report templates
  • FIPPA correspondence templates with statutory wording

British Columbia Questions

Does AccessPoint support BC's mandatory privacy management program and breach notification?

Yes. The 2021 amendments to FIPPA require BC public bodies to maintain a privacy management program and to notify the OIPC and affected individuals of a breach that could reasonably be expected to result in significant harm (in force February 1, 2023). AccessPoint runs the program, the privacy impact assessments, and the breach-notification workflow alongside your access requests.

What is the response deadline for a BC FIPPA request?

A public body must respond within 30 business days, with extensions available under section 10 for large volumes, consultations, or third-party notice; longer extensions require the Commissioner's approval. AccessPoint calculates every date on British Columbia's business-day calendar.

Is the Information and Privacy Commissioner for BC order-making?

Yes. The OIPC for British Columbia conducts reviews and inquiries and can issue binding orders on access decisions, as well as investigate privacy complaints and breaches. AccessPoint tracks reviews and inquiries with their statutory clocks and a guided closure.

Where does British Columbia data reside?

Entirely within your own Microsoft 365 and Azure tenant. Requests, documents, assessments, and audit history never leave your control — no third-party cloud and no cross-border data transfers.

Run FIPPA and Your Privacy Program in One Platform

Try AccessPoint free for 30 days, pre-configured for British Columbia. No credit card required.

Start Free Trial