Thank you, Mr. Chair.
Thank you to my colleague for the question.
First of all, I think there are a couple of things to clarify with the original discussion on this. It was interesting that some were attempting to use the Privacy Commissioner as a reason to get rid of this amendment, when this actual amendment comes from the Privacy Commissioner himself, on pages 14 and 15, and I can probably provide some clarity on both points that we're making here.
First of all, in his submission to us, colleagues, this is under the definition of “de-identification and anonymization” in recommendation 7: “Strengthen the framework for de-identification and anonymized information.”
What the Privacy Commissioner said is that “[t]he OPC supports the introduction of a new framework for de-identification and anonymization”. He says:
The framework has some positive elements, for example. It provides flexibility to organizations using de-identified information, and adds some needed clarity as to how and in what circumstances de-identified personal information can be used and disclosed.
Right there, that's opening a door for businesses and their ability to use some measures.
He continues:
That said, as currently drafted, it provides too little protection for de-identified and anonymized data.
This is where we get into some specifics about the philosophy on this. On “best practices”, can you name who is going to actually make the best practices, Mr. Schaan?