Under proposed subsection 7.1(2), we felt comfortable providing those allowances to private companies with regard to collecting that level, which is what we would consider a significantly lower level of personal information, being electronic addresses, when they're not tied to other personal information. So it allows you to identify whether the source is in fact Canadian. Is it a “.ca”? Is that IP address in Canada? We felt that it was important so that it wouldn't place an undue burden on private entities that are trying to defend a contract or a law.
However, proposed subsection 7.1(3) clearly states this is the collection of all personal information—i.e., very sensitive information—via an unauthorized access to a computer system. If we put proposed paragraph 7.1(3)(b) back in, it would allow private companies to access almost any computer system to collect personal information without authorization in defence of a law or a contract. The government didn't feel comfortable with allowing that type of access to private entities.