Vancouver, February 24, 2020 – On February 18, 2020 the Legislative Assembly agreed that a Special Committee be appointed to review the Personal Information Protection Act (PIPA). PIPA deals with the collection, retention, use, and disclosure of personal information by private sector and nonprofit entities. The B.C. Freedom of Information and Privacy Association (BC FIPA) is pleased that this process is commencing in accordance with section 59 of that Act and looks forward to participating in the process.
“BC FIPA wants to ensure that people are empowered to maintain their right to privacy and access to information,” says Jason Woywada, FIPA’s Executive Director. “Even before consultations begin, we can anticipate a number of recommendations in areas surrounding mandatory breach notification and an expansion of the Commissioner’s powers with the ability to penalize bad actors. I remain hopeful the government will follow through and implement the recommendations from this Committee, as well as prior Committees and OIPC reports, despite the fact that hasn’t always been the case.”
In order to better protect the privacy of British Columbians, breach notifications should be required when a private sector or nonprofit entity that controls personal information becomes aware that they have lost the control of that personal information and that a significant risk to individuals is present. This provision would be similar to those that came into effect in November of 2018 in Canada’s federal private sector privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA), and would require notifying the Information and Privacy Commissioner of BC, the affected individuals, and for the organization to keep a record of the breach.
Another major change that BC FIPA would like to see to the Act is the introduction of monetary fines to be used at the discretion of the Information and Privacy Commissioner of B.C. As private organizations move towards a business model that monetizes the collection and use of personal information, significant deterrents for breaches and misuse need to be introduced in order to protect the privacy of British Columbians.
“As we look to other international models, such as the powers ascribed to the Information Commissioner’s Office in the United Kingdom under the European Union’s General Data Protection Regulations, we see the use of fines as being an effective tool in regulating how organizations are using personal information,” says Jason Woywada. “If British Columbia wants to continue being a leader in Canada when it comes to privacy protection, we will need to see a move in this direction.”
Contact: Jason Woywada, Executive Director, BC Freedom of Information and Privacy Association
Email: Jason (at) fipa.bc.ca