Information & Ethics Committee on Feb. 22nd, 2007

That's right, honourable member, yes.

I think as we move forward all the jurisdictions will increasingly work together by choice because of the central importance of personal information flow in what's more and more a service economy.

Also, because we're a fairly cohesive group, we look and see what works well in one jurisdiction and what doesn't work well as regulators. I think privacy advocates do that and certainly business does that. So I see that we'll have a common learning experience and we will move to a harmonious....

Yes, did you want to--

I did. When Parliament enacted PIPEDA, they anticipated the possibility that we could wind up with a patchwork, and that's why the provision for “substantially similar” is in there. It's an attempt to guide provinces towards some sort of harmonization.

Although when you look at the B.C. and Alberta laws that were passed subsequent to PIPEDA, and on the face of it they appear different because they're different drafting styles and they didn't go with the code and all of that stuff, nevertheless all of the principles in the CSA code are embodied in those two statutes. So they are in effect the same. They have minor differences but essentially operate the same way. I don't think business has a lot of trouble complying with all three.

Mr. Chairman, may I reply? I don't think I said one witness. I think it is centred around particularly one issue, which is prescription habits, and also, in the case of the insurance industry, on issues of access to doctors' opinions of people they evaluate for insurance purposes. So I remain--

Okay.

Yes.

I would refer you to the brief we submitted. I believe this is a very significant act. First of all, I'd like to point out what we seem to be forgetting—the current interpretation creates an exception, and implies that PIPEDA does not apply to the situations envisaged by IMS.

Thus, in the interpretations, we recognize the issue of work product where information—in Quebec—is considered personal professional information. We believe that it would not be a good idea to amend the act, given that the status quo is already the goal we seek. Amending the act, which took years of discussion to craft, would be very significant indeed.

If you were to amend the act, you should examine all the circumstances in which the amendments would be required. You should also examine all the possible implications of the amendments, particularly worker monitoring and intellectual product monitoring in other fields, and with people other than physicians or health workers.

I would repeat that, in my view, the status quo already establishes that such situations are not covered by PIPEDA.

You could do that, that would be one idea. However, you do not need to adopt this amendment, because the way in which the act is interpreted at the moment means that doctors' prescriptions are not covered by the PIPEDA. Consequently, why pass the amendment?

If problems are identified, they will have to be dealt with. This has not been a problem, because these prescriptions are actually exempt from the act.

We have identified quite enough problems that led us to ask for amendments to the act. There is a case before the courts—I believe there has been a discontinuance—in which the point was made that in this specific case and in light of the facts of the case, these practices were not covered by PIPEDA.

So I fail to see why you would pass an amendment, if this has not been a problem to date.

That may be it.

What concerns me is that there be at least a belt. But in many cases, under the act, Canadians do not even have that much protection.

No law can protect the personal information of a citizen who is outside the country. All countries have the authority to govern what goes on within their own borders. In light of the importance of trade in the Canadian context and the many situations that could arise, the idea is to find a solution that can be adapted to various situations. I think the solution provided for in PIPEDA is that anyone who exports the personal information of Canadians must require that the person to whom the information is sent, even if he or she is in a different country, will comply with Canadian standards. In Canada, that individual is responsible for what happens. This is handy, because if there is a problem with my information in the United States, for example, and if I have these contracts, I have some recourse in Canada, which is more realistic.

I think that when the Quebec law was amended recently, a standard was introduced whereby data are to be exported only if care is taken to ensure that local standards apply to the export of information.