I think I know where it comes from. The B.C. Information and Privacy Commissioner had an experience with a particular data breach example involving a local mental health organization that had files on the psychiatric conditions of many people. There was some breach. Something happened and they didn't know who got the information, so they felt they needed to notify all these people. In that situation the B.C. Information and Privacy Commissioner was involved, and there were all sorts of difficult questions that needed to be answered. Would the patients themselves be further traumatized by receiving the notification? How would they be notified? The details of going about the whole thing were difficult.
I think it was that particular experience with a mental health organization that led him to question whether we want to jump into this. Of course, I would recommend asking the question directly to him.