Data is de-identified because it was originally identifiable. We start with personal information. There's no question that a telco like Telus had information about its users' mobility data, because it is necessary for Telus to obtain that information in order to deliver the service that they offer to their clients. You start with what is clearly personal information about users of telecom services. De-identification means that you transform that personal information through technological means—which I'll ask my colleague Martyn Turcotte to describe, if we have the time—to reduce the risk that individuals will be identified.
What needs to be understood is that, even when data is properly de-identified, there is always a risk of re-identification through data matching, through all kinds of possibilities. That is why, given the risk of re-identification in every case, we are suggesting that it is not good policy under the current law to treat de-identified information outside the scope of the Privacy Act.