Evidence of meeting #60 for Access to Information, Privacy and Ethics in the 42nd Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was pipeda.

A recording is available from Parliament.

On the agenda

MPs speaking

Also speaking

Robert Ghiz  President and Chief Executive Officer, Canadian Wireless Telecommunications Association
Linda Routledge  Director, Consumer Affairs, Canadian Bankers Association
Wally Hill  Vice-President, Government and Consumer Affairs, Canadian Marketing Association
Charles Docherty  Senior Legal Counsel, Canadian Bankers Association
David Elder  Special Digital Privacy Counsel, Canadian Marketing Association

4 p.m.

Liberal

The Vice-Chair Liberal Nathaniel Erskine-Smith

Unfortunately, we'll have to wrap up. We're a little over the seven-minute mark. Hopefully your answer can be picked up in relation to other questions.

Mr. Kelly, go ahead for seven minutes.

May 11th, 2017 / 4:05 p.m.

Conservative

Pat Kelly Conservative Calgary Rocky Ridge, AB

Thank you.

I would like to start with Ms. Routledge.

You said a few things in your remarks that interested me quite a bit. You spoke on behalf of the banking industry and about the narrow definition of publicly available information being out of date. I would like you to expand on that, because I'm not quite sure I understand what you mean and what the implications of that definition are.

4:05 p.m.

Director, Consumer Affairs, Canadian Bankers Association

Linda Routledge

When the publicly available information regulations were promulgated, they talked about telephone books, professional directories, and so on, with that type of information being considered publicly available. Now people voluntarily put their information online and in any other media. Technology is opening that up more and more.

We feel it would be advisable to think about looking at those regulations and maybe modernizing them so that they're not just restricted to these databases that were in existence in 2001.

4:05 p.m.

Conservative

Pat Kelly Conservative Calgary Rocky Ridge, AB

At present, is there is a tight definition of what constitutes publicly available information?

4:05 p.m.

Director, Consumer Affairs, Canadian Bankers Association

Linda Routledge

The regulations set out, I think, five or six categories for the exact type of information that can be considered publicly available.

4:05 p.m.

Conservative

Pat Kelly Conservative Calgary Rocky Ridge, AB

Would you favour a broader definition or a narrower definition?

4:05 p.m.

Director, Consumer Affairs, Canadian Bankers Association

Linda Routledge

I would favour a broader definition that would be more technologically neutral.

4:05 p.m.

Conservative

Pat Kelly Conservative Calgary Rocky Ridge, AB

Okay.

You devoted a full section of your remarks to financial crimes. You spoke about “financial crime” and using that language rather than references to fraud.

I have a background in the mortgage business. I was in it for many years and am aware of many different scenarios and have taken a lot of training on the prevention of fraud. In fact, I even taught those coming into my industry about fraud prevention.

How do you see PIPEDA? What is the intersection or interaction between PIPEDA and fraud prevention?

4:05 p.m.

Director, Consumer Affairs, Canadian Bankers Association

Linda Routledge

In PIPEDA there are exceptions regarding disclosure without consent, under which banks can disclose to other organizations only in instances of fraud.

4:05 p.m.

Conservative

Pat Kelly Conservative Calgary Rocky Ridge, AB

Does PIPEDA prevent you from co-operating with other entities?

4:05 p.m.

Director, Consumer Affairs, Canadian Bankers Association

Linda Routledge

It does certainly restrict us, because it's restricting it to fraud. There are other things like bank robberies, money laundering, and so on, that certainly aren't fraud but they are definitely criminal activities. We would like to have the definition broadened or the concept broadened so that for the rest of these types of crimes, the banks can share information with other organizations and other banks.

4:05 p.m.

Conservative

Pat Kelly Conservative Calgary Rocky Ridge, AB

Is there appetite among your members for sharing for that purpose?

4:05 p.m.

Director, Consumer Affairs, Canadian Bankers Association

Linda Routledge

Actually, before PIPEDA was amended, we had the bank crime prevention and investigation body. It facilitated the exchange of this type of information among the banks, but with the most recent change to PIPEDA, we've taken away investigative bodies and now we have these two exemptions from disclosure. The problem was that instead of saying “criminal activity”, the exemption said “fraud”. That definition limits what the banks are able to do.

4:05 p.m.

Conservative

Pat Kelly Conservative Calgary Rocky Ridge, AB

I would have thought it would be the other way around—that fraud, being either civil or criminal, would set a lower bar for what you would be allowed to share.

4:05 p.m.

Director, Consumer Affairs, Canadian Bankers Association

Linda Routledge

I can ask my legal counsel to opine on that one, if you'd like.

4:05 p.m.

Charles Docherty Senior Legal Counsel, Canadian Bankers Association

Our view would be that the definition of fraud as used there is limiting, in that we are dealing with crimes. In that circumstance, it's to prevent, suppress, and detect fraud, so our interpretation is that it's fraud as defined in the Criminal Code of Canada, which is why we are looking for an expansion to include financial crime.

Really, what the banks are focused on—and other organizations that are able to use this exception—is to combat crime. That's what our focus is.

4:10 p.m.

Conservative

Pat Kelly Conservative Calgary Rocky Ridge, AB

I find it quite refreshing and I am quite pleased that your organization is talking about the desirability of sharing information for the purpose of combatting financial crime. There is a perception in the industy that your membership is not keen on sharing information and that even when a bank is the victim of financial crime, of fraud, its tendency is to keep it inside and not to allow it to be known or to share information with other bodies for the purpose of coordinating efforts to prevent crime. I think it's important that financial institutions do co-operate for that purpose.

I probably have only a minute or so left in this round. Maybe we'll return to this, but I'll switch it a bit and quickly ask Mr. Hill about the processes that he referred to.

You talked about training and updating to meet changes to PIPEDA. How onerous do you think it will be to react to the new changes, for the mandatory reporting and whatnot? Is this going to be an onerous effort or not?

4:10 p.m.

Vice-President, Government and Consumer Affairs, Canadian Marketing Association

Wally Hill

I don't want to use the word “onerous”, but there is a job to be done, and to do it properly, organizations, especially large organizations, are going to have to change their processes and develop training to make sure that the appropriate staff are properly trained to handle the breach protocols.

We don't know yet what those will look like in detail. The discussions on what they might look like have been ongoing over the last year or so, with government officials, trying to ensure that they aren't unduly onerous in terms of some of the provisions. The law did require record-keeping and so on, and there is a question as to what degree of record-keeping organizations are going to have to work on.

4:10 p.m.

Conservative

Pat Kelly Conservative Calgary Rocky Ridge, AB

Thank you.

4:10 p.m.

Liberal

The Vice-Chair Liberal Nathaniel Erskine-Smith

Thanks very much.

With that, we move to Ms. Trudel.

4:10 p.m.

NDP

Karine Trudel NDP Jonquière, QC

Thank you very much for your presentation.

I sympathize with my colleague. I would have made the same decision about the teddy bears. You made the right decision.

With social and peer pressure, I have unfortunately had to adapt to the digital era, to tablets and games, since I am a mother of two young boys.

I have done research on consent. I have noticed that parents put photos of their children on social networks and talk about their activities. I educate my young boys a lot about the importance of not posting just anything on those networks. There is a lot of educating to be done in that area, and it is our responsibility as parents. Unfortunately, we may miss some things.

I read that businesses may be forced to remove personal information posted on the Internet. It was said earlier that the processing of complaints would be a burden for businesses. If I have understood correctly, forcing businesses to remove personal information has to do with the right to be forgotten.

I don't know whether you are aware of this, but California passed a law on that issue, and I would like us to discuss it further. The law is titled Privacy Rights for California Minors in the Digital World, and it requires companies, websites and application designers to give children under the age of 18 an opportunity to delete information they themselves have posted. However, that piece of legislation does not pertain to information others have posted about minors.

What do you think about that? Could we apply the same principles here, in Canada?

4:10 p.m.

Vice-President, Government and Consumer Affairs, Canadian Marketing Association

Wally Hill

I think that could be challenging in terms of who we're defining as children. The users of social media, as you pointed out at the outset, are very wide-ranging. You have younger children and then you have teens who spend a great deal of time on social media. I'm not sure how some of those users, or their parents for that matter, would react to organizations arbitrarily removing information that has been posted by those individuals.

I have to say that I'm not familiar with the law or code you're referring to, so I'm just opining in a general sense. I think when you're talking about children under the age of 13, it's more challenging. I think that's the reason why social media networks have age limits and that type of thing. As I was saying earlier, our own code requires parental express consent, and even for children between the ages of 13 and 16 the consent of both parent and teen. Then it goes up in terms of gradients. I think it would be challenging to implement something along the lines of what you've described if it's across the board in terms of children and teenagers.

David, I don't know if you're familiar with that.

4:15 p.m.

David Elder Special Digital Privacy Counsel, Canadian Marketing Association

I'm certainly not an expert in California law, but I would point out that currently under PIPEDA, and under the principles at the end, there's a general right to withdraw consent for the use of any personal information, subject to contractual or legal restrictions. I would think that in a situation where someone had posted something themselves and wanted it removed, and there was no other valid contractual or legal reason an organization should keep or post it, in many cases PIPEDA would now require that it be removed.

I think a lot of social networks actually do operate this way. If you post something to a lot of social networks, you can remove it after you've posted it. It doesn't change the fact that people have seen it, and in some cases might not change the fact that others have copied it and distributed it in other ways, but you can pull it off the actual network it's on.

4:15 p.m.

President and Chief Executive Officer, Canadian Wireless Telecommunications Association

Robert Ghiz

I can understand where you're coming from. I have a four-, six-, and eight-year-old, and they are on their smart tablets, all the time. They're better at it than I am. We use it for teaching as well as fun.

As I said, when I was growing up, if I was going to get disciplined I'd probably get the wooden spoon. You're not allowed to do that now. We threaten to take away their smart phone and it's devastating for them. It's a good way to get them to listen to us.

4:15 p.m.

Voices

Oh, oh!