Another aspect which in our opinion needs to be updated is the definition of “publicly available information”.
The current definition in the Regulations Specifying Publicly Available Information no longer reflects reality or the expectations of the individuals it is intended to protect. In our opinion, this definition should be expanded to cover situations in which an individual decides to post personal information on a public website.
In such cases, we presume that the individual is waiving any expectation of protection of privacy and that it would therefore not be necessary to obtain their consent in order to collect, use and disclose that information. All the other provisions of the PIPEDA would continue to apply as they do currently for the collection, use and disclosure of publicly available personal information.
The third point we would like to make pertains to the ombudsman model. The life and health insurance industry believes that the current model should continue to be used since it effectively balances individuals' right to privacy and the rights of organizations to use that information legitimately and reasonably in a business context.
This model makes the Office of the Commissioner more accessible, informal and flexible in helping the parties resolve issues. It also makes it possible to work with consumers and organizations to ensure that everyone better understands what should not be done in order to provide reasonable and appropriate protection of privacy.
Another aspect of the ombudsman model is that it focuses the Office of the Privacy Commissioner's attention on responding to individuals' complaints in order to better process them, and on achieving balance between consumers and organizations, rather than devoting time and resources to creating a file in order to deal with a potential breach.
The right approach is to focus on resolving problems first.