Information & Ethics Committee on Feb. 22nd, 2007

Fair enough. Thank you.

With respect to what you described under investigative powers, I have a quote that you were concerned with respect to blanket consent and that we don't get into--I'll actually use the quote--“fishing expeditions” and “open season”. Those are fairly rhetorical terms. Are you satisfied, within the mandate of PIPEDA and your role, that there is a balance with respect to the private sector and the checks and balances that protect the individual? In your role you have the authorities to use discretion.

Thank you, Mr. Tonks.

Mr. Wallace.

Thank you, Mr. Chairman. I have a few more quick questions.

On the notification piece that you're asking for, in terms of it being strengthened, I want to be clear that you're still not asking for order-making powers. You still want to be an ombudsman in this sense. But adding that authority to force people to notify, is that not giving you order-making powers? I'd say it's not because it's not a financial penalty. Is that correct?

So you're happy with the way it is now. You'd like to continue that process.

You were having a conversation with Madame Lavallée and, if I caught it correctly, you talked about working on the voluntary notification piece.

It's great that you're working with that organization for a voluntary code of conduct. But doesn't that really exist already in your office in a sense? Isn't there a voluntary system by which they call you and you advise them on how to do it? Doesn't it exist?

I completely understand your role. You're here to protect privacy. You're the Privacy Commissioner and with you is your assistant commissioner. Privacy is your issue. From my end of the table, there has to be a balance between security and privacy in today's environment, whether it's a great thing or not. And to be frank with you, and I know Robert agrees with me, “lawful authority” might be a difficult thing for them to explain. The “may” issue and “authorized” to provide it, I think in terms of wording, aren't a huge change but may help police in describing it.

Just give me an example. We've used this terrible example of the ISP user. We were told there are a thousand ISP providers and about 30%...that's 300, not a few. Now there are a few big ones, but they're small and they may be our problem.

Let's use another example, and tell me if I'm wrong, because I just don't know and I'd like to know this before I make any decisions on it. I own a company that produces guns, for example. I have a customer who happens to be buying guns lawfully but selling them to a group that's on our terrorist list. The police want to know whether that person is my customer. Am I entitled, as the owner of that company, to tell them, based on the law? Do they have to explain to me that I may tell them or I may not? Do you think “authorized” to provide it would help that situation or not, or do you think they really need a warrant to find out whether this person is my customer?

I don't know where he's selling the guns, but he's buying a large amount of them. It's legal and he is entitled to do it.

If we change it to “authorized to provide”, is that damaging?

No, they would either have to have a warrant or lawful authority—not any information that they want.

I'm convincing Mr. Vincent that he's going to vote for--

Just for your information, Mr. Chairman, I'd like to point out that a gun registry would be a perfect way of achieving this.

Thank God for translation--