The ELA is proud to welcome our newest member firm: LOGOS  in Iceland!
The ELA is proud to welcome our newest member firm: LOGOS  in Iceland!


British Columbia Announces Proposed Updates to the Freedom of Information and Protection of Privacy Act

Submitted by Firm:
Roper Greyell LLP
Firm Contacts:
Gregory J. Heywood, James D. Kondopulos
Article Type:
Legal Update
By Keri L. Bennett 

On October 18, 2021, the Province announced significant proposed changes to the privacy legislation that governs public bodies. Bill 22 is before the legislature and includes a number of modifications and updates, including the following important proposed amendments.  

Change to requirement to keep personal information in BC 

B.C.’s Freedom of Information and Protection of Privacy Act (“FIPPA”) currently requires public bodies to store and access personal information in Canada unless a specific exemption applies. Barring consent of the individual, the exemptions permitting access and disclosure of personal information outside of Canada are generally narrow and technical.

The COVID-19 pandemic had a sudden and dramatic impact on the operations of public bodies. In order to allow public bodies to function effectively while meeting public health requirements, the Ministry of Citizen Services issued a ministerial order overriding the data localization requirements of FIPPA in March 2020. The purpose of the override was to allow public bodies to use technologies that otherwise would be restricted.  

The ministerial order has been renewed several times and is currently set to expire December 31, 2021.   

Bill 22 proposes a permanent change, permitting public bodies to disclose personal information outside of Canada in accordance with the regulations “if any” made by the minister. At the time of writing of this bulletin we do not have information about the proposed content of any such regulations, however the press release issued by the Province states that the intent is to bring B.C. in line with other jurisdiction and permit increased use of digital technologies.  

Mandatory Breach Reporting 

Currently there is no statutory obligation for a public body to report a privacy breach to affected individuals. The proposed amendments would require public bodies to issue notice of breach to affected individuals if there is a risk of “significant harm” and to the Office of the Information and Privacy Commissioner.  

Indigenous Rights 

The proposed amendments will prohibit a public body from disclosing information if such disclosure could reasonably be expected to harm the rights of an Indigenous people in respect of cultural heritage, traditional knowledge, traditional cultural expressions or manifestations of sciences, technologies or cultures unless the Indigenous peoples consent in writing.  

Fees for Access Requests 

The amendments also contemplate that public bodies may charge applicants fees for making an access request (unless the request is for personal information). The specific amount of the fee will be “prescribed” and likely will be a modest amount. In addition, the proposed amendments permit public bodies to refuse to respond to access requests that unreasonably interfere with operations in expanded circumstances.  

B.C.’s Information and Privacy Commissioner has issued a statement on the proposed amendments that can be found here:

What Does this Mean For Employers? 

The proposed amendments will provide public bodies for greater flexibility to use modern technology tools. However, employers should continue to prioritize protection of personal information by way of appropriate technological safeguards and employee training.  

Breach does not only result from the actions of nefarious actors, like hackers. A significant number of breaches of personal information result from the actions of employees.  

Employers should take the opportunity to revisit their privacy programs, ensure they have an appropriate breach plan in place, and train employees on how to implement the plan.  

Keri L. Bennett is a labour and employment lawyer at Roper Greyell LLP and practices in all areas of labour, employment and human rights law. Keri is also the firm’s Privacy and Freedom of Information lead. To obtain contact information of any other lawyer at our firm, please visit 

While every effort has been made to ensure accuracy in this update, you are urged to seek specific advice on matters of concern and not to rely solely on what is contained herein. The document is for general information purposes only and does not constitute legal advice.