Insights Header image
Insights Header image
Insights Header image

Proposed Changes to FIPPA: Two Steps Forward, One Step Back

November 5, 2021 Privacy Law Bulletin 4 minute read

On October 18th, 2021, the British Columbia government introduced a bill (“Bill 22”) to amend the Freedom of Information and Protection of Privacy Act (“FIPPA”).[1] Bill 22 is intended to strengthen government accountability and transparency, enhance public sector privacy protections, and increase information sharing with Indigenous peoples while limiting disclosure that may harm them.[2] However, the proposed amendments raise some questions regarding transparency and data residency, and introduce potential uncertainty regarding the rules for public sector technology service providers.

The Proposed Changes

Bill 22 introduces a number of new requirements for managing and protecting privacy:

  • A privacy management program must be developed for each public body.[3]
  • Notification to any affected individual is required for privacy breaches involving personal information in the custody or control of a public body.[4]
  • All public healthcare bodies must conduct a privacy impact assessment.[5]
  • Disclosure must be refused where it could reasonably be expected to harm the rights or abilities of Indigenous persons to protect or control their cultural heritage, cultural expression, and traditional knowledge.[6]

These requirements were identified as a result of the heightened need to provide safe and convenient online services following the COVID-19 pandemic while simultaneously keeping pace with other jurisdictions and new technology.[7] Other changes are purported to increase government transparency. However, these changes were all introduced alongside the removal of the Office of the Premier as a designated “public body”,[8] and the introduction of a fee for all non-personal information requests.[9] These changes are questionable as to their intent and move the British Columbia government unnecessarily away from its purported goals of increased accountability and transparency.

To further the protections afforded by FIPPA, Bill 22 also makes it an offence to:

  • make a false statement to, wilfully mislead, obstruct the duties of, or fail to comply with the privacy commissioner;
  • willfully conceal, destroy, or alter records to avoid complying with a request for access; and
  • collect, use, or disclose personal information except as authorized, or fail to notify the head of a public body of an unauthorized disclosure.[10]

The latter two offences identified above extend to corporate service providers and their employees to the extent that Bill 22 further imposes personal liability on any officer, director, or agent who authorizes, permits, or acquiesces in the commission of such an offence.[11] In addition, these offences bring with them increased penalties of up to $500,000 for corporations.[12] Thus, all corporate service provides must be aware of the restrictions and requirements proposed and currently existing under the Act, and ensure that they have robust privacy policies in place to protect against the risk of improper employee conduct.

Concerns Regarding Data Residency

The proposed changes regarding data residency requirements will allow access to digital tools and technologies, but data will no longer need to be stored in British Columbia. Information and Privacy Commissioner Michael McEvoy calls this change deeply concerning.[13] However, by contrast, this development is leading some in the industry to be optimistic because such technologies can provide the most secure and effective solutions, increasing privacy and data security.[14]

The concern identified by the Privacy Commissioner is based on the fact that the proposed amendments in Bill 22 with respect to data residency leave any protection of personal information disclosed outside of Canada entirely to regulations that are, as of yet, undrafted. McEvoy suggests requiring public bodies to conduct privacy impact assessments and consider reasonable alternatives before exporting personal information.[15] Similarly, details of data linking activities are relegated to regulations, reducing transparency and clarity regarding the rules and requirements for data linking-programs.[16]

What does Bill 22 mean for business in British Columbia? Service providers will have the ability to leverage new technologies to provide British Columbia’s public sector with modern tools to serve the province. However, by leaving the details of how these issues will be governed to regulation, the British Columbia government is leaving service providers in a position of uncertainty as to what rules they may face when operating in the public sector.


For anyone doing business with a public sector entity in British Columbia, the proposed amendments in Bill 22 will bring some long-anticipated changes to FIPPA by strengthening protections through new offences and stricter privacy management requirements. Such changes should work to give those businesses a higher degree of confidence with respect to how information will be managed and ease the burden, to some degree of conducting business with the public sector.  However, Bill 22 also introduces some new concerns regarding the commitment to transparency in the public sector and a lack of clarity regarding how many of these new provisions will operate in practice. Compliance with these new changes will be important for any service providers operating in the public sector. It will be necessary to closely monitor the Bill 22 changes as they are introduced to ensure there are no material revisions, which could be introduced through the as of yet to be drafted regulations, and to remain in compliance with the new legislation.

[1] Bill 22, Freedom of Information and Protection of Privacy Amendment Act, 2021, 2nd Sess, 42nd Parl, British Columbia, 2021 (first reading) [Bill 22].
[2] British Columbia, Legislative Assembly, Hansard, 42nd Parl, 2nd Sess, Draft Transcript (18 Oct 2021) (Hon L Beare) [First Reading].
[3] Bill 22, supra note 1, s 25.
[4] Ibid, s 25.
[5] Ibid, s 39.
[6] Ibid, s 9.
[7] First Reading, supra note 2.
[8] Bill 22, supra note 1, s 50.
[9] Ibid, s 44.
[10] Ibid, s 37.
[11] Ibid, s 37
[12] Ibid, s 37.
[13] Michael McEvoy, Information and Privacy Commissioner for British Columbia, Letter to Minister Lisa Beare Re: Bill 22 – Freedom of Information and Protection of Privacy Act Amendments (20 Oct 2021), online: Office of the Information and Privacy Commissioner.
[14] Jeremy Hainsworth, “Victoria unveils changes to information and privacy legislation” (18 October 2021), online: BIV.
[15] Ibid.
[16] Ibid.

by Robert C. Piasentin and Kristen Shaw (Articled Student)

A Cautionary Note

The foregoing provides only an overview and does not constitute legal advice. Readers are cautioned against making any decisions based on this material alone. Rather, specific legal advice should be obtained.

© McMillan LLP 2021

Insights (5 Posts)View More

Featured Insight

Warning For Businesses: Companies Can be Liable for Tort of Bribery Even if They Did Not Intend to Pay or Receive a Bribe

Businesses with a duty to provide impartial advice must take steps to ensure the payments they make or receive are not later interpreted as bribes.

Read More
Apr 12, 2024
Featured Insight

Storm Clouds Looming: The Impact of Competition Act Changes on Leasing

The Affordable Housing and Groceries Act (Bill C-56) recently introduced changes to the Competition Act (Canada) which will govern all landlord and tenant leases and other agreements, not just those of grocery stores

Tuesday, April 30, 2024
Featured Insight

Sidestepping Contracts: The Expansion of Environmental Liability Where The Contractor Is Not Paid

B.C. Court’s decision in Cordy Environmental Inc v Obsidian Energy Ltd opens the door for contractors to sue former owners/operators of contaminated sites.

Read More
Apr 12, 2024
Featured Insight

Amendments to Ontario’s Conservation Authorities Act: Effective April 1, 2024

On April 1, 2024, significant amendments to the Conservation Authorities Act came into effect.

Read More
Apr 10, 2024
Featured Insight

Foreign Investment in the EV Battery Market: Regulatory Framework in North America and Canada’s Strategic Edge

Explore Canada & U.S. electric vehicle battery market growth, incentives, and foreign investment regulations. Strategic insights for Indo-Pacific companies.

Read More
Apr 10, 2024