Information & Ethics Committee on April 26th, 2012

First of all, I would again talk about our website. We have a checking-in page that lists all the redress mechanisms when you travel, whichever way you travel, for occurrences such as, for example, the use of inaccurate information. In fact, we would be happy to bring you copies the next time we appear, but it is available on our website.

In addition to that, of course, people can make a complaint to our office, and we would then investigate.

The fact that privacy policies are written by lawyers who are not even Canadian lawyers and by courts that are not Canadian courts has always been a problem. It's a problem everywhere. For the most part, these policies are written with U.S. legal challenges in mind. That does nothing to help consumers in Canada or elsewhere. This is a frequent topic of discussion for privacy commissioners.

That being said, what tangible measures can we take? When a complaint is made, we tell the company it must clarify its privacy policy. Sometimes, companies say one thing and do another. Following up can definitely be a challenge. We devote a large chunk of our efforts to investigations, which often take months. Discussions with the companies are ongoing. We tell them they must clarify their policies because they have an obligation to explain to people what they do. So far, they have always complied more or less.

Absolutely. These policies change all the time. The companies, themselves, change daily. Our most recent series of questions had to do with Google's new privacy policy. At the international level, the French data protection authority is asking the questions on behalf of all the data protection authorities.

Yes, we often compare ourselves with others, because we are perpetually trying to improve when it comes to our performance and the protection of personal information. Canada has ranked better in the past than it does now. But given all the provinces and territories that have their own authorities, Canada has a fairly good reputation around the world. Canada is recognized as a country concerned with protecting the personal information of its citizens.

However, as I said, the legislation has not changed. PIPEDA has really not been amended since 1999. Thirteen years is a long time by today's standards. Public sector legislation has not been changed in 30 years. We still don't have any anti-spam legislation in force or any legislation on holes in security systems. Canada is already lagging behind, as I see it.

Yes, and I commend you on that initiative. I might recommend, however, that you wait until the next agreement on joint privacy protection principles is released so there is more content to study and discuss. As it stands, only the intention has been announced; you may want to wait until things are further along.

I believe so, yes.

Thank you for those questions.

In relation to change management, I would say we don't have a choice. We may not be changing fast enough to follow the issues. I know our staff often finds the rate of change that we have to maintain very difficult. In my opinion, either we change or we become largely irrelevant to the privacy problems of Canadians. That's the world in which we live and we have to deal with it.

For the future, increasingly in the online world, the mobile world, the implications of things like geospatial technology and biometrics continue to be in the forefront of our thinking. We rely on our four priorities to guide us. Genetic technology has huge implications for privacy. We talk about it for policing, but there's also the private sector; there is commercial business in genetic testing. There are issues around identity management. Identity theft is a huge online criminal activity. We haven't mentioned public safety and the use of drones. This will be a whole new era of public safety issues. As the web itself changes and then links with other technologies into a total technological environment, it will be a challenge for us to figure out the limits of this total surveillance capability.