The Board has repealed the taxi camera rule. The previous requirements of this rule are no longer mandatory for any licensees. Licensees are responsible for ensuring that the use of any existing or new taxi cameras is compliant with applicable privacy and security requirements, including those in the Personal Information Protection Act (PIPA).
Vehicle cameras: Privacy guidance for licensees
The Passenger Transportation Board has developed the following guidance in consultation with the Office of the Information and Privacy Commissioner for B.C. (OIPC). The information provided here is intended to generally assist licensees in understanding privacy legislation as it relates to vehicle cameras and is not legal advice.
Please note the Passenger Transportation Board does not have authority or jurisdiction over the legislation discussed. Licensees that choose to utilize in-vehicle cameras are responsible for ensuring compliance with all applicable privacy legislation and associated requirements. Questions about compliance may be directed to the OIPC.
Personal Information Protection Act (PIPA)
PIPA applies to every organization in B.C., including passenger transportation licensees. It governs the collection, use, and disclosure of personal information. Photos and videos of passengers are considered personal information subject to this Act. The personal information collected in passenger transportation vehicles may include that of passengers and drivers.
The collection of personal information must be limited to what a reasonable person would consider appropriate in the circumstances. Organizations must also obtain consent from individuals except in limited circumstances outlined in PIPA.
Consent must be obtained for the collection, use, and disclosure of personal information. Organizations cannot require a person to consent unless the collection, use, or disclosure of personal information is integral to providing service. Implied consent is consent that is not given explicitly, but which can be inferred based on the individual’s actions and the situation.
Notice must be provided to inform passengers of the intent to collect personal information on or before the collection. Notifications should clearly explain what information you collect, how you use it, and who you share it with.
Organizations must provide access, on request, to personal information under their control but must not disclose that which may reveal the personal information of another individual.
Organizations must take care to make reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification or disposal of personal information in their control. Once it is reasonable to assume the reason for collection has been served, personal information must be destroyed. However, if your organization uses an individual’s personal information to make a decision that directly affects the individual, you must keep that information for at least one year after using it so the individual has a reasonable opportunity to obtain access to it.
Organizations must have a privacy officer able to answer questions about the collection, use, or disclosure of the personal information collected, the organizations privacy policy, and safeguards. Contact information for the privacy officer must be available upon request.
PIPA falls under the jurisdiction of the Office of the Information and Privacy Commissioner (OIPC). For more information or for questions regarding the interpretation of the Personal Information Protection Act, please see the OIPC’s website under “guidance” or contact the OIPC at info@oipc.bc.ca.