Yes, and it's a very attractive model for some commercial uses. You can aggregate or de-identify and then use the information for other purposes: monitoring who comes to your site, what they buy, telling advertisers and your customers, and tweaking your site so that it works right. It has some good uses.
Just as with health information for secondary health purposes, you have to be very careful that the person's particular health record can't be linked back to him or her, even when you take out certain identifiers. It's a bit of an art to design that.
In terms of other tweaks for the act, the consent mechanism is the right way to go. The trouble we had with Nexopia and with our paper on youth on the use of social networks was that kids didn't understand the extent to which information would be used for other things once it was out there. Is there any sense, in this committee or otherwise, in talking about a different level of consent for certain ages?
In the States, as I think you've heard from Mr. Elder, there is an act whereby companies can't collect information on those under 13 years of age. I think that's a pretty good rule. But we haven't been having that conversation here in Canada. It's still possible to collect information on two-year-olds. It's likely offside, according to the Privacy Commissioner, but it's possible to take a swing at it.