We will both be making a presentation, Mr. Chair.
My name is Frank Zinatelli. I'm vice-president and general counsel with the Canadian Life and Health Insurance Association. I'm accompanied today by my colleague Anny Duval, who is counsel with the CLHIA.
The CLHIA represents life and health insurance companies, accounting for 99% of the life and health insurance in force across Canada. The Canadian life and health insurance industry provides products that include individual life and group life, disability insurance, supplementary health insurance, individual and group annuities, including RRSPs, RRIFs, TFSAs, and pensions.
The industry protects almost 28 million Canadians and about 45 million people internationally. The industry makes benefit payments to Canadians of $76 billion a year, has $647 billion invested in Canada's economy, and provides employment to over 150,000 Canadians.
We welcome this opportunity to appear before the committee as it reviews Bill S-4, which makes important amendments to the Personal Information Protection and Electronic Documents Act.
For over 100 years, Canada's life and health insurers have been handling the personal information of Canadians. Protecting personal information has been long recognized by the industry as an absolutely necessary condition for maintaining access to such information. Accordingly over the years, life and health insurers have taken a leadership role in developing standards and practices for the proper stewardship of personal information.
For example, in 1980 we developed right to privacy guidelines that represented the first privacy code to be adopted by any industry group in Canada. Since then, the life and health insurance industry has participated actively in the development of personal information protection rules across Canada, starting with Quebec's private sector privacy legislation in 1994, the development of PIPEDA, Alberta's and B.C.'s personal information protections acts in the early 2000s, and health information legislation in various provinces.
The industry's overarching theme is to achieve harmonization in the treatment of personal information across Canada as much as possible. The operations of life and health insurers are national in scope, and many common day-to-day transactions may involve interprovincial collection use and disclosure of personal information. Thus, the coordination or harmonization of the provisions of PIPEDA with privacy legislation at the provincial level is very important to avoid unproductive duplication and confusion for consumers, organizations, and regulators alike.
With harmonization in mind, let me turn now to Bill S-4, the digital privacy act. The industry is generally supportive of the bill, as it contains some needed updates that move PIPEDA to be more consistent with other private sector privacy legislation in the country.
For example, B.C. and Alberta deal with the use of information without consent of the individual more effectively than is now the case in PIPEDA. In this regard, the industry strongly supports those amendments to section 7 of PIPEDA, particularly proposed paragraph 7(3)(d.2), which would help industry efforts to detect, deter, and minimize fraud. The impact of fraudulent and deceptive conduct on insurance and other financial services can be extremely costly and damaging.
The industry efforts to control the incidence of fraud are not in conflict with our protection of personal information, but we note that there's a gap in the current legislation that restricts the ability of organizations to disclose information without consent of the individual for the purpose of conducting an investigation into a breach of an agreement or of a law of Canada.
While it is industry practice to obtain consent, there exist clear instances where this cannot be doneāfor example, where the suspected perpetrator is a third party that is not directly involved with the insurance contract, such as a service provider to a member of a group benefit plan.
In some instances, obtaining consent makes no sense. For example, this latter situation is contemplated in a note to principle 3 of the CSA model code for the protection of personal information, which forms part of PIPEDA:
When information is being collected for the detection and prevention of fraud or for law enforcement, seeking the consent of the individual might defeat the purpose of collecting the information.
For these reasons, we support Bill S-4's amendments to section 7 of PIPEDA, which more clearly set out when personal information can be collected, used, and disclosed during an investigation.
This will allow all parties to more clearly understand the range of acceptable circumstances when there is an exception to consent and will have the additional advantage of being harmonized with the approach used in both the Alberta and B.C. PIPA.