Thank you, Mr. Chair.
Thank you, Madam, for coming. I'm very pleased that you are our first witness, because your office is one of the few recognized beacons out there dealing with this issue.
I think, from a legislative point of view, there were many years where we felt that it was probably dangerous for politicians to step in on this emerging technology, because we didn't know where it was going. We had to allow this market to develop. We had to allow the technology to come of age. Suddenly it came of age, and very quickly; it moved faster than any of us ever conceived. We feel we're playing catch-up.
In terms of the issue of privacy in particular, people are now living almost entirely online, and there are enormous implications. Social media is an incredible force for good and for communication, but there are issues of privacy, security, safety. There's a whole manner of issues that we have not even begun to get our heads around.
In the short time I have, I'd like to focus on your four main points: accountability, meaningful consent, the limitation of use, and retention of data.
In terms of the issue of accountability, we have government legislation with PIPEDA coming forward, yet in this law, when they're looking at the issue of the breach of privacy, the onus is on the company to decide whether or not to share that with the citizen. It's based on the issue of significant risk or harm.
Do you believe we need to have a clearer standard? I cannot imagine a company ever calling its consumers and saying, “Guess what? Someone has been breaching our data, but don't worry; stick with us.” The obligation of the company to the consumer I think should outweigh the risk to its bottom line, because at what point is the consumer going to be able to be assured that their privacy is being respected? What role do you think your office plays, and what role do you think should be the standard, for issues of breach of privacy?