🍁 Proudly Canadian Owned and Operated | 🥭 Sign up now and receive our early bird discount
Doing Business in BC? Don’t Ignore These Privacy Rules

Doing Business in BC? Don’t Ignore These Privacy Rules

Apr 29, 2025

Which Privacy Laws Apply in BC?

If you're running a business in British Columbia (BC), you need to be aware that BC has its own privacy legislation and depending on your industry and the kind of information you handle, multiple laws might apply at once.

In this article I give a quick overview of the key privacy laws that BC businesses need to be in the know about:

Oh and P.S - look out for our "Mango Moment" in our blogs for quick tips and the TLDR - easily identifiable by our little mango 🥭

BC Personal Information Protection Act (PIPA)

This is the main privacy law for most private-sector organizations in BC. If your company is based in BC and operates entirely within the province, PIPA, not the federal PIPEDA, applies to you.

What it covers:

  • How you collect, use, and disclose personal information about employees, customers, and clients.
  • Rules around consent, access, correction, and secure storage.

Who it applies to:

  • Private businesses
  • Non-profits
  • Associations operating solely within BC
🥭 Mango Moment: BC’s PIPA is considered “substantially similar” to Canada’s federal law, PIPEDA. That means if your business operates only in BC, you follow PIPA instead of PIPEDA, unless you cross borders or deal with federally regulated industries.

Personal Information Protection and Electronic Documents Act (PIPEDA)

This is the federal privacy law that kicks in if your business crosses provincial or international borders.

When it applies in BC:

  • If you operate in more than one province
  • If you transfer personal data across borders (e.g., storing info in U.S.-based systems)
  • If you're federally regulated (e.g., banks, airlines)
🥭Mango Moment: PIPA usually covers you in BC, but if you’re working with customers or partners in other province, or even storing data outside Canada, PIPEDA might kick in too.

Freedom of Information and Protection of Privacy Act (FIPPA)

This law governs the public sector in BC, so if you work with government bodies or public institutions, this one’s for you.

Covers:

  • Provincial ministries
  • Municipal governments
  • Public schools and universities
  • Public healthcare institutions
🥭Mango Moment: FIPPA lays out how public bodies in BC have to handle personal information. And if you're a contractor working with one of them, there's a good chance those rules apply to you too

E-Health (Personal Health Information Access and Protection of Privacy) Act

This law applies specifically to BC’s health sector. It governs how health information is shared electronically through provincial systems.

Relevance:

  • If you work with BC’s Ministry of Health or are a healthcare provider using provincial databases like PharmaNet

You must follow both E-Health Act rules and either FIPPA or PIPA depending on whether you're public or private

CASL (Canada’s Anti-Spam Legislation)

CASL, CASL, CASL. It’s Canada’s anti-spam law, and it applies to pretty much every business that markets anything online, even small ones.

What CASL Covers

  • Emails, text messages, and even LinkedIn DMs that promote your products or services
  • Newsletters, promos, event invites, and referral offers
  • Basically, anything that encourages someone to take a commercial action (buy, register, sign up, etc.)
🥭Mango Moment: CASL isn’t just about blasting emails. It’s about how you send messages, who you send them to, and whether you have permission to do it. And the fines for breaking the rules can be serious—up to $10 million for businesses.

Other laws that may be relevant to you

  • Privacy Act (Canada)

  • Local Government Act

  • Access to Information Act

  • Workers Compensation Act

  • Mental Health Act

  • Insurance Act

  • Hospital Act

  • Credit Reporting Act

  • School Act

  • Financial Instituations Act

  • Medicare Protection Act

  • Pharmacy Operations and Drug Scheduling Act

Even if you have great policies, it only takes one untrained employee to trigger a breach

At MangoHR, we’ve built a training platform that helps BC employers stay compliant—without the complexity. From onboarding checklists to staff privacy modules, we make it simple.

What can you do as an Employer?

  1. Download the full Province's map with more detailed notes on each privacy law
  2. Read our follow-up blogs that go into more detail about each law and sector (sign up to our newsletter to never miss out on free educational content!!)
  3. Download our BC PIPA employer compliance checklist
  4. Sign up to our platform for free and enroll your employees in our BC specific training programs (tailored to over 10 industries)

Related Posts

Land a job in Vancouver's tech scene

Mar 6, 2025

Land a job in Vancouver's tech scene

Helpful tips on how to land your dream job in Vancouver, BC

Read More
The Essential Privacy Guide for Alberta Businesses

May 1, 2025

The Essential Privacy Guide for Alberta Businesses

Learn more about Alberta's privacy laws, from PIPA to HIA, understand when and how you must safeguard data.

Read More