ISACA Vancouver, an organization of nearly 500 IT security, IT audit, governance and risk professionals throughout the BC mainland agrees in principle with the recommendations pertaining to the modernization of the Personal Information Protection Act (PIPA) proposed by Elizabeth Denham, Information and Privacy Commissioner for British Columbia. In particular, amendments to harmonize PIPA to other existing and forthcoming privacy legislation in Canada and abroad is useful and would be productive for our members who work in the area of IT compliance.
In addition, ISACA Vancouver also agrees with the Commissioner that mandatory customer notification of breach of private information within a reasonable time period makes sense for society as a whole. Breaches are now ubiquitous, and going public to both customers and the Commissioner, in itself, no longer spells reputation disaster, but rather, demonstrates proper corporate governance, and prudent damage mitigation on behalf of the victims whose data have been breached. Further, such a provision would also bring PIPA more in line with customer notification laws currently present in 47 US states, and with existing or forthcoming privacy legislation in Albertan and Canadian federal jurisdictions.