As of February 1, 2023, public bodies in British Columbia (B.C.) will be required to report privacy breaches and have privacy management programs. The two provisions are the last to come into force from amendments made to B.C.’s Freedom of Information and Protection of Privacy Act in November 2021.

Mandatory breach reporting brings B.C.’s public sector in line with similar requirements under the federal Personal Information Protection and Electronic Documents Act and provincial acts in Alberta and Quebec. B.C.’s private sector has no breach-reporting requirement.

MANDATORY BREACH REPORTING

Public bodies that experience a privacy breach that could reasonably be expected to result in significant harm, including identity theft, will be required through new regulations to notify both the B.C. Privacy Commissioner and the affected individuals. The notifications must be made without delay and should include the following:

  • The name of the public body
  • The date the public body learned of the breach
  • A description of the breach, including, if known:
    • The date or period during which the breach occurred
    • A description of the personal information involved in the breach
  • The estimated number of individuals affected
  • Contact information for a person who can answer questions about the breach on behalf of the public body
  • A description of steps the public body has taken or will take to reduce the risk of harm to affected individuals

Notifications to the affected individuals must include information similar to that above, plus:

  • Confirmation that the B.C. Privacy Commissioner has been or will be notified
  • A description of steps that affected individuals can take to reduce their risk of harm

PRIVACY MANAGEMENT PROGRAMS

Privacy management programs will …

Read The Full Article at Lexology

Check Also

Privacy 2024 Recap – some significant decisions, slow progress for reform

The past year saw a few court decisions of note as well as halting progress toward privacy…