NEWS RELEASE: Recommendations for Canada’s Digital Transformation


October 4, 2018

Recommendations for Canada’s Digital Transformation

VANCOUVER, October 4, 2018 – The B.C. Freedom of Information and Privacy Association submitted a paper to the department of Innovation, Science, and Economic Development for their consultation on digital transformation.

The national digital and data consultation, including the roundtable discussions that took place across Canada from June to September of this year, were an important step to ensuring that government is taking all the varied and diverse stakeholders involved this process into account.

“We’re encouraged by government’s willingness to receive outside feedback and optimistic that Canada’s digital transformation will instigate much needed improvements to our privacy and data protections,” said FIPA executive director, Sara Neuert.

Our submission compared Canada’s existing privacy and data protection framework to international regulations like the European Union’s General Data Protection Regulation. Based on this analysis, we created a list of recommendations, which include:

  • Increased funding for education and awareness around risks related to digital transformation and privacy breaches
  • The creation of a proactive reporting culture around privacy in government
  • An accessible complaints process for individuals who are reporting privacy breaches
  • Increased funding and investigative and enforcement power for the Privacy Commissioner of Canada and the Office of Privacy
  • More research on the impact of privacy issues on marginalized groups in a digital transformation
  • Further study on the impact of public utilities being transferred to a digital platform
  • The creation of a new data protection and privacy framework that complies with digital transformation and sufficient time for interested groups to provide feedback prior to implementation.

The Innovation, Science, and Economic Development department will be issuing a report based on these consultations in the near future.

Sara Neuert, Executive Director
BC Freedom of Information and Privacy Association
Email: Sara (at)
Phone: 604-739-9788
Cell: 604-318-0031


BC Government has big surplus, but no plans to compensate victims of PharmaNet breach


BC Government has big surplus, but no plans to compensate victims of PharmaNet breach

FIPA urges the Ministry of Health to pick up ID theft mitigation costs

Vancouver, February 20, 2017 – After the recent PharmaNet privacy breach, which victimized 7,500 British Columbians, it is astounding that the Ministry of Health has not come forward to offer compensation to those affected, especially since the BC government is sitting on a surplus in the billions of dollars.

The BC Freedom of Information and Privacy Association (FIPA) has sent a letter to Health Minister Terry Lake strongly urging his ministry to cover the costs these victims will have to incur resulting from the failure to adequately protect senstive personal information.

After the breach was discovered, the Ministry sent a letter to the victims advising that “the information gathered could possibly be used as a starting point for identity theft” and encouraging them to engage “the services of a credit monitoring company” as “the information gathered could possibly be used as a starting point for identity theft.” Such services cost money and are far from free.

In their last PharmaNet breach in 2014, the Ministry’s notice to those affected included an offer to pick up  the costs of the recommended ID theft mitigation measures. But for whatever the reason, they have failed to do so this time. This is inexcusable given that the Premier has recently stated that the government has a surplus in the billions that will be returned to taxpayers.

FIPA hopes the Minister will see fit to do what is right for the 7500 innocent victims in this case.



Vincent Gogolek, Executive Director
BC Freedom of Information and Privacy Association | (o) 604-739-9788 | (c) 604-318-0031

The question of online reputation

In 2015, the Office of the Privacy Commissioner of Canada chose “Reputation and Privacy” as one of its priority areas for the next five years. The OPC wanted to examine the risks “stemming from the vast amount of personal information posted online”, with the goals of enriching the public debate, ensuring they can advise Parliament effectively, and developing their own policy position on the issue. To that end, they put out a discussion paper and a call for input on online reputation and privacy.

FIPA agrees that online reputation is a hugely important subject—it affects our employability; our relationships with friends, family, and acquaintances; our connection to our younger selves; our ability to create online communities or participate in existing ones, and come together to advocate for ourselves; and our ability to learn about people in powerful positions and hold them to account—and we decided to weigh in.

We are, after all, an organization that often deals with the intersection of information freedom and the right to privacy.

So, building on the ideas and principles of set out in an earlier submission about privacy and open courts, and with an eye to our organizational values, our online reputation submission strives to paint a picture of what is needed—and what should be avoided—to allow Canadians to have control of information about them, to prevent and reduce information-based harm, and to ensure reputational privacy enhances—and does not impede—free association and democratic free expression. And we tried to keep it brief.

We started by looking at existing protections—laws, social norms, market solutions, and even online architecture—and proposed a few ways to fill in the gaps. We talked about public education that takes a rights-based approach to online reputation, higher standards for social networks’ privacy controls (including privacy protective default settings), and legislation that specifically targets problematic behaviour.

We also took a stab at what a “right to be forgotten” could look like in Canada, urging great caution and making a handful of broad recommendations.

You can see it all here, in the Policy Submissions and Letters section of the FIPA website.

Read more from the May 2016 Bulletin »

To surveil and protect (records from the public)

The VPD may or may not be engaging in mass cell phone surveillance

 Do you know if the Vancouver Police Department (VPD) is using surveillance tools to spy on peoples’ cell phone activity? Chances are you don’t, and neither do we. That’s because the VPD has refused to confirm or deny the existence of records relating to the use of IMSI-catchers, commonly known as Stingrays, in response to an FOI filed by PIVOT Legal Society.

FIPA has joined the BC Civil Liberties Association and OpenMedia as intervenors in an appeal filed by PIVOT to the B.C. Office of the Information and Privacy Commissioner.  We are all arguing that the records must be disclosed under FIPPA.

Stingrays are a surveillance tool used by police that mimic cell phone towers, essentially tricking cell phones to transmit their locations, identifying information, texts, emails and voice conversations. The controversial use of Stingrays by police in the United States has been well-documented.

Stingrays can’t single out a suspect’s phone and therefore gather information from all cellphones in a given area. The devices could be used to store data on citizens that could be searched at a later date, raising concerns about an increase in the already high number of cases where police break privacy rights by illegally accessing individuals’ private records.

Irrespective of concerns that Stingrays could facilitate warrantless police surveillance or other privacy rights violations, Innovation, Science and Economic Development Canada (formerly Industry Canada) has not granted authority to security agencies to use surveillance-dragnet devices that target cellphones.

The VPD argued, under sections 8 (2) and 15 (1)(c) of FIPPA that it would “neither confirm nor deny the existence of records” regarding Stingrays on the basis that the release of records would “harm the effectiveness of investigative techniques and procedures currently used, or likely to be used, in law enforcement.”

FIPA argued that PIVOT is entitled to the information because the sections of FIPPA cited by the VPD do not apply.  The VPD would have had to argue that simply disclosing the existence or nonexistence of the responsive records related to the use of Stingrays would somehow cause harm to law enforcement.

The fact, however, that Canadian police may be using Stingrays is well-publicized and could be assumed by anyone committing a crime. The level of detail in the request – do these records exist or not? – is quite different than a targeted request that would facilitate potential criminal acts, such as the type of undercover police cruisers used and their capabilities.

If this interpretation is upheld by the Office of the Information and Privacy Commissioner, it could apply to virtually any type of police equipment. The result could be not only an absurd level of secrecy within the police force, but a deficit in terms of accountability and oversight. FIPA will continue to speak out on the case due to its implications for privacy breaches and warrantless police surveillance, as well as the need for judicial oversight governing the use of this technology.

Read more from the May 2016 Bulletin »