Skip to main content

Frequently Asked Questions – Use of Cloud Services during COVID-19

This information is intended to guide BCIT faculty and staff in the use of third-party cloud services during the COVID-19 outbreak. We will continue to update this page as new information becomes available.

Update May 31, 2021

Order extended to Dec 31, 2021 for use of technologies during COVID-19

The Freedom of Information and Protection of Privacy Act (FIPPA) contains standing provisions which prohibit the storage or access of personal information outside of Canada (s. 30.1) except with consent or as expressly permitted under the Act. On March 26, 2020, the Minister for Labour and Citizens’ Services passed Ministerial Order MO85 under the FIPPA to support the use of third-party cloud-based applications or services to help facilitate remote working arrangements and service delivery during the COVID-19 pandemic. Order MO85 temporarily permits BCIT to use cloud- service tools that store or permit access of personal information outside Canada without consent under specific conditions as described below. On June 5, 2020, the Province extended this temporary ministerial order to remain in effect until December 31, 2020 to continue to allow the use of cloud-based applications and services during the COVID-19 state of emergency. On Dec. 1, 2020, the temporary ministerial order was further extended to remain in effect until May 31, 2021. Effective May 31, 2021, the ministerial order has been extended until Dec 31, 2021.

While the extension of the Order ensures that BCIT can continue to depend on certain software and technologies that have proven to be central to the Institute’s response to COVID-19, the Order does not remove or relax BCIT’s ongoing obligation to ensure that the personal information about students, employees and others is secure against risks such as loss, theft, unauthorized collection or disclosure. Even when cloud-based tools or services are used in reliance on the Order, BCIT must still ensure that these tools are properly vetted to ensure that third party providers have appropriate data security practices and there are appropriate contractual safeguards in place.