Menu

Joint Submission to Special Legislative Committee Reviewing BC’s Privacy Legislation

Posted on

The BC Civil Liberties Association and BC Freedom of Information and Privacy Association have made a joint written submission to the Special Legislative Committee reviewing BC’s Personal Information and Protection Act (PIPA).

We argue that PIPA desperately requires substantive amendments to keep pace with the growing requirements of increased privacy protections. In an era of digitalization, privacy is too often treated as an afterthought. Compared to other provincial and the federal privacy legislation, since its enactment in 2003, PIPA has undergone zero substantive amendments.

The COVID-19 pandemic and the federal implementation of the COVID Alert contact-tracing app highlight the necessity of prioritizing digital privacy protections. This period of legislative review is an important time for the provincial government to take action on needed privacy reforms and ensure BC is keeping pace with global privacy protection standards.

Our joint written submission calls for:

  • Greater public education so that individuals are more aware of their privacy rights and for businesses to know their responsibilities.
  • Specificity, clarity, and accessibility in organizations’ privacy policies.
  • Enhanced credentials of privacy officers in organizations processing highly sensitive or large-scale personal information.
  • Definitions of terms such as “de-identified information,” “anonymized information,” “pseudonymized information,” and “aggregate information.”
  • Enhanced privacy and security requirements for de-identified information and information shared between public and private entities.
  • Addressing the legislative gap which enables private entities to exercise public functions while displaying a lack of transparency on how personal information is collected, used, and disclosed.

Read our full joint submission in full here.

You can also read the transcript of BCCLA’s oral submission to the Special Committee, emphasizing the need for privacy breach notification, meaningful enforcement powers, privacy concerns associated with community organizations being required to share information, and de-identification.