Mr. Chair, we would like to comment briefly on two other provisions of the bill. I will discuss the first aspect and my colleague Mr. Zinatelli will discuss the second one.
With respect to the breach notification provisions in the bill, the life and health insurance industry has long supported a method of notifying individuals that is proportional to the risks of harm that may be experienced by those whose personal information has been compromised. We appreciate the effort that has taken place to harmonize provisions as much as possible with the provisions now present in the Alberta legislation. But we believe there could have been even more harmonization.
For example, the record-keeping requirements in the bill require that an organization maintain a record of every breach involving personal information under its management. Given that in some instances there would be no impact on the individual or the organization, we suggest that consideration be given to linking the record-keeping requirements to the level of risk associated with any particular situation. This could probably be done through regulations.