There is no current legislative requirement in BC to report or notify an individual in the event of a privacy breach.
Nevertheless, the developing law and potential exposure to liability for organizations faced with a privacy breach strongly suggests that they notify and report as soon as possible, without unreasonable delay, to enlist help and allow individuals to mitigate the risk of harm.
This is one of the central messages, which applies to all organizations, in the BC Privacy Commissioner's September 30, 2015 Report on the Examination of British Columbia Health Authority Privacy Breach Management.
The Report also highlights other areas in which health care organizations can improve privacy controls. In many respects, these can be applied to organizations in other sectors: staff training, confidentiality agreements, centralized coordination and reporting of privacy issues, system security including passcodes and audit controls, investigation and follow up, privacy issues being elevated to the executive level, and compliance monitoring.
We've come a long way in privacy protection but still have some work to do.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.