Evidence of meeting #20 for Access to Information, Privacy and Ethics in the 41st Parliament, 2nd Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was banks.
A recording is available from Parliament.
12:30 p.m.
Associate Professor, Ryerson University, As an Individual
Exactly. I have not been able to do that.
12:30 p.m.
Conservative
Patricia Davidson Conservative Sarnia—Lambton, ON
Ms. Gratton, you talked about PIPEDA. In 2007, there was a fact sheet on businesses and identity theft that was published. The Office of the Privacy Commissioner noted, “Minimizing the identity theft risk means making the fundamental privacy principles enshrined”—under PIPEDA—“part of an organization's culture.”
Do you think that organizations affected by identity theft have followed that recommendation?
12:30 p.m.
Partner and Co-Chair, Privacy, McMillan LLP, As an Individual
Some do and some don't.
12:30 p.m.
Conservative
12:30 p.m.
Partner and Co-Chair, Privacy, McMillan LLP, As an Individual
Definitely, but at the same time, the ones that do follow the law are getting annoyed with the fact that others are not. Yesterday, a story came out about telcos disclosing personal information. I got a call from one of my clients saying, “Are we the only telco not disclosing personal information, because it's looking bad on our industry and we're following the law. It would be easier to just give out the personal information.” So some are following and some are not.
12:30 p.m.
Conservative
Patricia Davidson Conservative Sarnia—Lambton, ON
If the information isn't there about who's affected by it, how do you quantify who is following it and who isn't? How do you determine that?
12:30 p.m.
Partner and Co-Chair, Privacy, McMillan LLP, As an Individual
It's a challenge, but I think if we have breach notification, we'll know a little bit more. If you have one branch or one party collecting the information and collecting all these notifications to say that these are the types of breaches that are happening in the country, I think we'll have a better idea at least.
12:30 p.m.
Conservative
Patricia Davidson Conservative Sarnia—Lambton, ON
Are there particular measures that organizations could be taking to more efficiently prevent the fraud?
12:30 p.m.
Partner and Co-Chair, Privacy, McMillan LLP, As an Individual
What I'm including more and more in the contracts are audit rights. It's one thing to say that you better protect the information, and it's another to have the right to go and audit the premises, the servers, how they're stored. I'm including these types of provisions more and more in contracts, cloud services contracts. It's one way to do it.
12:30 p.m.
NDP
The Chair NDP Pat Martin
Pat, I have to interrupt you. We're at the five-minute mark.
That concludes the time we have set aside for questions. I'm truly sorry to have to shut this off, because we're fortunate to have two such leading authorities as yourselves come and share your testimony with us.
We value it very much and we will benefit from it very much. I hope we have the opportunity to hear from you again, should the committee members feel it advisable after we've heard testimony from the credit agencies and the banks.
Thank you so much, both of you, for being with us today.
We're going to suspend the meeting briefly while our witnesses leave the room, and we'll reconvene in camera for the study of future business.
[Proceedings continue in camera]