Information & Ethics Committee on Dec. 5th, 2024

That's good. I'm getting at this because the government claims that it sent these very private details, including previous convictions and licence plate numbers, to 50 organizations. A couple of those organizations, in particular the Ontario Securities Commission and the Mutual Fund Dealers Association of Canada, then went on to send that information to upwards of thousands of individuals, but we actually don't even know how far and wide that information went.

I'm just trying to understand. For me, it would make sense that we know the processes that led to it, and how far and wide.... I just wanted your opinion on whether you think the public has a right to know and whether Parliament has a right to know.

Thank you very much for your testimony.

Thank you, Mr. Chambers and Mr. Dufresne.

I'm going to go to Ms. Khalid now, for five minutes.

Thank you very much, Chair, and thank you, Commissioner and deputy commissioner for being here today. We really appreciate it.

I just want to clarify. H&R Block previously said in a statement that there was no evidence that the breach came from its firm. The tax firm said that a comprehensive internal investigation had concluded that none of its data systems, software or security had been compromised. H&R Block said it was not aware that any of its own clients were impacted by the breach.

Do you have any information that would confirm that?

You will be getting to the bottom of where exactly the breach occurred. Is that right?

As we go through this digital age, the nature of nefarious actions is different. In so many ways, the more we are public, the more we try to find that balance between raising public awareness and battling the crimes as they're occurring. The changes are so fast as technology changes.

Where do you think that balance is in terms of public protection and public awareness?

What do you think the nature of that relationship should be? Who is ultimately accountable here?

I appreciate that.

Recently, the government hosted an auto theft summit, which dealt with many of these similar issues. As digital technologies are used more and more in vehicles, it makes it easier for them to be stolen, for example. Bringing all of industry, different levels of government and police together led to some really significant steps forward.

Who do you think should be at the table if we were going to have a conversation like this with respect to privacy, especially regarding the breach we're talking about today?

Lastly, can you help us understand the differences between the roles of ministries, departments and agencies as they engage with you?

Thank you very much, Commissioner.

Those are all the questions I have.

Thank you, Ms. Khalid and Mr. Dufresne.

We're going to reset the clock here.

I am glad you brought up the issue of H&R Block, though, because that had not been brought up to this point. I'm equally glad to hear, Mr. Dufresne, that they are part of the investigation, because they were implicated in this. In fact, the motion that was passed by this committee was to have H&R Block come here to answer questions. We received correspondence from them, as committee members know, to say they have done their own internal investigation and found that it wasn't their issue. I look forward to your report on this to see if they were involved at all and if the information of Canadians was not breached as a result of their mechanisms as well.

This is a six-minute round. This will take us to about 5:30. I'm going to leave it up to the committee to decide whether they want to go past this point.

Mr. Barrett, you have six minutes. Go ahead.

Would the implementation of any of those recommendations prior to this point have prevented the breach that occurred?

Is it your view that privacy breaches should be immediately brought to the attention of Canadians?