It's in the group insurance world, and I'm going to refer to that frequently, unfortunately, but we collect claims information relating to individuals. The claims are processed and adjudicated internally. Insurers have quality assurance programs in place and review the internal audits of their employees to ensure that claims are being adjudicated properly and processes are being followed. For instance, the SOX audits might involve looking at personal information. I don't think they incorporate personal information into their work product, but there are other processes going on in the business that do not constitute or create a source of information that is not about that individual. It's about the employee who's adjudicating and processing the claim.
Another example might be succession planning in a business. Employees of insurance companies specifically are not caught by PIPEDA. I think generally across the industry the privacy rules are implemented for their employees as well. So employees might say this is personal information about themselves, but I would suggest that succession planning is more business information. It's not information about that individual employee, it's about business continuity. If that individual is not around, someone else will be there to step in.
So those are two examples.