Sometimes legislative changes can take a very long time. And, sometimes, when there’s political will, it can happen quite quickly. And that’s exactly what happened in British Columbia recently. Bill 22 was introduced Oct. 18, and it proposed broad and sweeping changes to the province’s public sector freedom to information and protection of privacy legislation, known as FIPPA.

In break-neck speed, the Bill rushed through the legislative process and passed last week. It came into effect immediately.

The new law has a number of interesting components. The first one I’ll mention is that it repeals the outdated data localization requirements that were very difficult to deal with. And that leaves only the province of Nova Scotia as the one jurisdiction with data residency requirements (for their public sector). It would be nice if they got around to changing their system with something a bit more workable, efficient and less costly. As I mentioned in a previous message, the information and privacy commissioner in British Columbia expressed some concerns that when they made this change to FIPPA, they didn’t include stronger provisions requiring the protection of personal information regardless of where it ends up being stored or accessed from.

There are a few other important changes to FIPPA to note. Among them, it now contains a legal requirement to conduct privacy impact assessments. In addition, public bodies are now required to develop and implement full privacy management programs. The last change I’ll mention is that FIPPA now includes mandatory breach notification for the public sector in British Columbia. So, privacy pros, take note!

And … you see? Legislative change does sometimes happen. The willingness in B.C. to move forward so quickly may have had some flaws, but it is encouraging to see some movement. This is on the heels of what Quebec passed for its private-sector law in September. I think you’ll agree with me that change is in the air in Canada.