PIPA review presents opportunity for BC to become leader in privacy protection

Vancouver, February 24, 2020 – On February 18, 2020 the Legislative Assembly agreed that a Special Committee be appointed to review the Personal Information Protection Act (PIPA). PIPA deals with the collection, retention, use, and disclosure of personal information by private sector and nonprofit entities. The B.C. Freedom of Information and Privacy Association (BC FIPA) is pleased that this process is commencing in accordance with section 59 of that Act and looks forward to participating in the process.

“BC FIPA wants to ensure that people are empowered to maintain their right to privacy and access to information,” says Jason Woywada, FIPA’s Executive Director. “Even before consultations begin, we can anticipate a number of recommendations in areas surrounding mandatory breach notification and an expansion of the Commissioner’s powers with the ability to penalize bad actors. I remain hopeful the government will follow through and implement the recommendations from this Committee, as well as prior Committees and OIPC reports, despite the fact that hasn’t always been the case.”

In order to better protect the privacy of British Columbians, breach notifications should be required when a private sector or nonprofit entity that controls personal information becomes aware that they have lost the control of that personal information and that a significant risk to individuals is present. This provision would be similar to those that came into effect in November of 2018 in Canada’s federal private sector privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA), and would require notifying the Information and Privacy Commissioner of BC, the affected individuals, and for the organization to keep a record of the breach.

Another major change that BC FIPA would like to see to the Act is the introduction of monetary fines to be used at the discretion of the Information and Privacy Commissioner of B.C. As private organizations move towards a business model that monetizes the collection and use of personal information, significant deterrents for breaches and misuse need to be introduced in order to protect the privacy of British Columbians.

“As we look to other international models, such as the powers ascribed to the Information Commissioner’s Office in the United Kingdom under the European Union’s General Data Protection Regulations, we see the use of fines as being an effective tool in regulating how organizations are using personal information,” says Jason Woywada. “If British Columbia wants to continue being a leader in Canada when it comes to privacy protection, we will need to see a move in this direction.”

Contact: Jason Woywada, Executive Director, BC Freedom of Information and Privacy Association

Email: Jason (at) fipa.bc.ca

Phone: 604-739-9788

-30-

BC FIPA Makes Submission on Employee Privacy to the Information and Privacy Commissioner

BC FIPA has made its submission regarding the Draft Employment Privacy Guidelines to the Information and Privacy Commissioner of BC today.

FIPA is in support of a large part of the Draft Guidelines – on the whole, they are clear,
reasonable, and support a meaningful interpretation of the legislation.

However, there are also several areas of concern, and these are brought to the attention of the OIPC in this submission with the hope that this will assist in the improvement of the Draft Guidelines throughout this consultation process. FIPA asserts that employees in British Columbia deserve the highest possible protection of their privacy rights.

To this end, FIPA recommends that the OIPC take the following actions in relation to the
Draft Guidelines:

1. Recognize the status of privacy rights as fundamental, constitutionally protected rights.

2. Recognize that neither individual nor collective employment contracts can detract from an employee’s privacy rights.

3. Support the view that privacy rights generate benefits for both employers and employees.

4. Adopt a rigorous and contextual interpretation of what is “reasonable.”

5. Require a meaningful kind of “demonstration” of any justification for infringing on privacy rights, such as a written explanation, showing a logical justification for the action, and some evidence to support that justification.

6. Amend the Draft Guidelines to provide that employers must specify the aspect of an employment relationship that is being “managed,” and how, in order to justify the reasonableness of any invasion of employee privacy.

7. Adopt the Draft Guidelines relating to covert surveillance in full, reinforcing the limitation of covert surveillance to investigations of a reasonably founded specific allegation.

8. Adopt further measures to ensure the protection of any health or medical information about employees, including introducing an important role for health professionals whenever such information is collected, used or disclosed.

9. Adopt the Draft Guidelines on the notification requirement in full, and include concrete examples of what might qualify as notification. In different circumstances, the notifying document might be posted on a bulletin board, sent directly to all employees, or described during a meeting.

10. Amend the Draft Guidelines to explicitly state that any collection, use or disclosure of employee personal information without consent must meet both the reasonableness and notification requirements. Employers cannot fulfill their obligations under the Act by notifying employees of a surveillance practice, where it is unreasonable.

11. Add a provision to the Draft Guidelines affirming that information used for the
purpose of managing an employment relationship is always subject to the reasonableness and notification requirements, regardless of whether that information is also related to an insurance or benefit plan.

12. Require employers to publish and distribute information about employee privacy rights and the role of the OIPC in all workplaces.

Download the full submission (pdf).

Speech to the BC Library Association on Bill 38 – Personal Information Protection Act – May 30, 2003

Darrel Evans, executive director of BC FIPA, was in Victoria today to deliver a speech at the BC Library Association Annual Conference on Bill 38, BC’s Personal Information Protection Act (PIPA).

After extensive consultation and input from organizations like BC FIPA, Bill 38 has turned into a real privacy bill what BC FIPA describes as an “enormous leap for privacy rights.”

However, there are still concerns, especially with regards to the drastic cuts made to the budget of the Information and Privacy Commissioner who will oversee PIPA.

There are also areas that could be improved such as issues like grandfathering, exceptions to consent, reduced rights of employees, limits to access and correction provisions, and the broad exception for the loosely defined “investigative purposes”.

On the whole, BC FIPA believes the legislation to be a very good one. Hopefully, the government will use this constructive criticism to make the bill even better.


Read the full text of the speech (pdf)
.

BC FIPA’s comments on Bill 38, the Personal Information Protection Act, submitted to the Minister of Management Services – 15 May 2003

Bill 38 is a very good piece of privacy legislation and a breakthrough for privacy rights at the provincial level. BC has shown strong leadership among the provinces in moving forward with a private-sector privacy bill that has real teeth. For this, great credit is due to yourself and also to Chris Norman and Sharon Plater, the officials at the Corporate Privacy and Information Access Branch who have conducted the public consultation process and the development of the legislation.

However, Bill 38 is not flawless. In our news release of May 2, 2003, BC FIPA’s president stated, “We are pleased at how far the bill progressed [during the consultation process]. We’re not saying that the act is perfect, but we give it a high “B” grade.”

FIPA has stated clearly to the government, the media and the public that we support Bill 38 because its merits greatly outweigh its flaws. In endorsing the Bill, we recognize how far the government moved to improve and strengthen it during the consultation process. Nevertheless, we must state that we are in substantial agreement with most of the points the Privacy Commissioner has raised. We urge the government to consider the substance of the Privacy Commissioner’s comments seriously, and if at all possible, make improvements to the Bill in the areas in which he has expressed concern.

Read BC FIPA’s complete comments to the Minister (doc).