July 10, 2026 – The BC Freedom of Information and Privacy Association (FIPA) has submitted its recommendations to the Treasury Board of Canada Secretariat as part of the 2026 review of the Privacy Act.
The following submission was drafted by FIPA and submitted to the Treasury Board Secretariat.
We want to thank our 2026 UVic Law Co-op Legal Researcher, Sara Mateika, for drawing together and organizing this report considering the many competing priorities, viewpoints and formats into a single narrative.
We want wants to express its gratitude to the groups and individuals who provided feedback on early drafts of the submission. This includes the B.C. Civil Liberties Association (BCCLA), the First Nations Information Governance Centre (FNIGC), the Canadian Union of Public Employees (CUPE), and Dr. Teresa Scassa (on Substack). Their input and expertise consistently helps strengthen FIPA’s recommendations for progressive privacy law reform.
The Treasury Board Secretariat’s review outlined 23 policy proposals organized around six themes: integrated services; accountability and transparency; safeguards for sensitive data; privacy and trust; Indigenous Peoples’ access to and protection of their data; and compliance. Many of these proposals would move important privacy safeguards from policy into law, including privacy impact assessments and breach notification requirements.
FIPA supports several of these directions. However, modernization must not become a shortcut for broader collection, sharing, or automated processing of personal information without meaningful safeguards. In particular, FIPA is concerned about proposals that would enable data sharing between government bodies without consent, and about the use of artificial intelligence and automated decision systems to process personal information and make decisions about people.
FIPA’s submission makes 12 recommendations:
A central theme in FIPA’s submission is that consent remains a foundational privacy protection. Where government proposes to collect, use, share, or process personal information without consent, the law must require clear justification, public transparency, and enforceable safeguards. This is especially important where integrated datasets, automated tools, or third-party AI systems may increase the risk of re-identification, data leakage, profiling, bias, or unfair decision-making.
FIPA recommends strengthening proposed privacy impact assessment requirements. Privacy impact assessments should not become a procedural checkbox. They should be legally required to identify privacy risks, assess the sensitivity of the information involved, set out mitigation strategies, and demonstrate how public bodies will comply with their legal obligations.
FIPA further recommends a stronger approach to breach notification. The current “real risk of significant harm” threshold is too high and may leave people uninformed when the risk is uncertain. Individuals should receive meaningful notice when their personal information is compromised so they can understand what happened, what information was affected, what steps were taken, and how they can protect themselves.
The submission emphasizes that Indigenous data sovereignty and collective rights must be addressed through meaningful consultation with rights-holding collectives. FIPA does not speak on behalf of Indigenous Peoples, but supports the need for privacy law reform to reflect Indigenous governance, self-determination, and principles such as OCAP®.
Privacy law reform must address gaps that are becoming more urgent. Public sector workers need clearer rights when workplace monitoring tools are used. Canadians also need stronger protections where political and parliamentary actors handle sensitive personal information, including voter information.
FIPA supports modernizing the Privacy Act, but modernization must be rights-based. Efficiency, integration, and new technology cannot come at the expense of consent, accountability, transparency, and public trust.
FIPA thanks the Treasury Board Secretariat for the opportunity to respond to the 2026 review and will continue to advocate for privacy law reform that protects people, strengthens democratic accountability, and ensures individuals have meaningful control over their personal information.
You help us fulfill our mandate and stay independent. Every contribution – big, small, one-time, or recurring – makes a difference. Click here to donate.