BC Privacy Law Reform Update: Commissioner Calling for Changes to BC’s Personal Information Protection Act
On June 2, 2020, the Office of the Information and Privacy Commissioner for British Columbia (the “OIPC”) released its general briefing note (the “Briefing Note”) to the Special Committee on its desired changes to British Columbia’s private and not-for-profit sector privacy legislation: the Personal Information Protection Act (“PIPA”).
As discussed in a recent blog post, the Legislative Assembly of British Columbia recently appointed a Special Committee to conduct a review of PIPA. The Special Committee will be holding public hearings as part of its review, inviting British Columbians to share their views on how PIPA is – or is not – working for them and their organizations.
In the Briefing Note, the OPIC confirmed that it would like to see PIPA more closely aligned with other Canadian and international privacy legislation, including the General Data Protection Regulation (“GDPR”) in the European Union. In particular, the Briefing Note recommended that the Special Committee consider:
- implementing mandatory breach reporting that requires private and not-for-profit organizations in British Columbia to notify the OIPC and affected individuals of data breaches that pose a real risk of significant harm to the affected individuals, which exists under the GDPR and other Canadian privacy legislation;
- authorizing the OIPC to levy monetary penalties against individuals or organizations that violate PIPA; and
- authorizing the OIPC to issue orders in response to non-complaint-initiated investigations in order to address privacy concerns invisible to consumers, but apparent to the OPIC.
Additional information on the Special Committee’s public hearing, including how to participate and make submissions to the Special Committee, can be found at https://www.leg.bc.ca/parliamentary-business/committees/41stParliament-5thSession-pipa.
For more information about PIPA or any other Canadian privacy laws, please contact the authors and see our Cybersecurity, Privacy & Data Management group page.