Information & Ethics Committee on Sept. 29th, 2016

It's difficult to come up with a one-size-fits-all, but I do like the necessity approach. It has to be reasonably necessary for a legitimate operating program of the government institution to collect it in the first instance, and obviously that's the purpose that informs the use to which it can be put. You don't necessarily want to bake it in too much, but you do for the private sector. The private sector has to identify the purposes to the individuals, obtain their informed consent, and if they want to use it for any other purpose than the one that they've informed the person about, they have to go back and get consent.

There may be another way of thinking about it, because when you have one institution disclosing and you have another institution collecting, you might frame it so that for the institution that's obtaining it, it needs to be necessary for their legitimate operating program. There should be enough of a connection between the two.

There may be other mechanisms, for example through an order in council or something else like that, if it's out there, but be mindful of the fact that some things that have been seen to be relatively innocuous have had significant privacy consequences. I don't remember how many years ago it was now, but I recall that HRSDC wanted to bring together a number of databases related to programs that it operated. One could easily say it was all collected by the same department for the same general purpose of providing benefits, but there was in fact an advantage, a privacy advantage, of keeping CPP stuff over here, and EI stuff over there. All of sudden, you create what they call a longitudinal database. It would be from cradle to grave in one database. You could say that those are directly connected, but overall the privacy impact of that is that you've created a Big Brother database.

You want to be very careful, to make sure that the decision-making takes those sorts of things into account and there's visibility and transparency, because these things shouldn't be happening in the shadows.

David's answer is an excellent one. I think there's been a bit of a theme about the need for some amount of flexibility here. We've had it on a number of the kinds of issues where, once you start coming up with real-world examples or potential real-world examples, it starts getting more and more difficult to come down with a specific response.

Flexibility sometimes can be a bit of a feature, not necessarily a bug. There is value in that flexibility. What then becomes essential, though, if we recognize that there is going to be that flexibility, is how you ensure that you have appropriate oversight and review as part of that process, and transparency more broadly, so that at least we understand how some of these things are being interpreted, and can better understand whether or not it's consistent with what many people would think is reasonable.