iAtoday
On March 25, 2025, the British Columbia Financial Services Authority (BCFSA) published a new Information Security Guideline for British Columbia Pension Plan Administrators (the “Guideline”). This guideline applies only to pension plans registered in British Columbia and will come into force on July 1, 2025. It replaces the guideline on information security for financial institutions published in 2021.
We are here for you and your clients
Information security is a top priority for us. We have therefore implemented measures to comply with this guideline and, in the event of a significant information security incident that requires reporting to the BCFSA, we will notify the administrators of pension plans registered in British Columbia. Please note, however, that we make every effort to protect data security and prevent such incidents.
Information security risks
These risks include:
- Unauthorized, illegal or accidental access to, use, disclosure, modification or destruction of data;
- The deterioration of information systems and networks.
These risks may arise from intentional or unintentional actions by any person, both inside and outside the organization.
Obligation to report material incidents to the BCFSA
The plan administrator must contact the BCFSA immediately in the event of a material incident. This includes providing any new details about the incident and keeping the BCFSA informed of all steps taken until the incident is resolved. The administrator must then report to the BCFSA on their analysis of the situation and the lessons learned.
The plan administrator must provide sufficient details about material incidents to ensure that the BCFSA understands their scope, impact and the action plan that has been implemented or is planned.
The plan administrator must:
- Notify the BCFSA by email or phone of their intention to submit an information security material incident report within 24 hours after an incident has been determined to be material.
- Submit an incident report as soon as possible, within 72 hours at the latest, via a secure SharePoint link; the incident report is not mandatory, but the information it must contain is.
|
Steps for submitting an incident report |
Timeline |
Starting point |
How |
|
1. Notify the BCFSA of the intention to submit an incident report |
Within 24 hours |
Once the incident is determined to be material |
Email or phone |
|
2. Report the material incident to the BCFSA |
As soon as possible, within 72 hours |
The date the material incident occurs |
Secure SharePoint link |
For more information on reporting incidents: BCFSA Information Security Guideline.
|
Since 1952, organizations wanting to go beyond traditional plan management They benefit not only from their expertise, but also from service that provides |
Also in this issue
- New Weight Management offer | To make a real difference
- New Women’s Health offer | For a more inclusive workplace
- Appointments | Promotions in our Group Savings and Retirement team
- Trade wars | What history teaches us
- Asset management | MFS unveils its transition plan following Daniel Ling’s retirement announcement
- White paper | Menopause and work: creating an inclusive environment
- Industry events | Our experts share key insights
- Updating salaries | An oversight that has consequences