Spencer is a three-part test where any satisfaction of one of the tests can constitute lawful authority for the disclosure of the information. One, is it an emergency? Is it exigent circumstances? Is this information absolutely dire so that it needs to be accessed in this moment? Two, is it pursuant to a reasonable law? Is there some other authority that you can rely on to be able to get this information? Therefore, you can rely on that law for the purposes of accessing this information. Three, is it pursuant to a common-law authority where the courts have basically said there is no reasonable expectation of privacy for this information, so it's allowed to be given because it wasn't really considered to be private in the first place?
In the government's subamendment or future considerations in our future draft picks of amendments we might want to think about, what we're trying to do is suggest that the “reasonable law” piece—what reasonable laws you're allowed to rely on—can't include the CPPA itself. You can't go back to proposed section 44 and say that the CPPA says that an organization may disclose an individual's personal information, so that lawful authority allows you to do that. I think the question from the Conservatives is whether we also need to say that you can't rely on other sections of the CPPA, that you can't point to them and say that's a reasonable law.
Now I'll turn to Mr. Chhabra.