Really, by including these in here, we're saying that context doesn't matter. In terms of determining sensitivity, we're saying to forget context; it's always sensitive information.
That's really the heart of the problem, as I see it, with some of the things that may not always be deemed sensitive. If the Supreme Court of Canada is saying that financial information is not always sensitive, perhaps we should listen to that.
Just to clarify a last point regarding paragraphs (f), (g) and (h), social security, passport and driver's licence numbers, passwords and financial data are not deemed sensitive in the GDPR or in Quebec's Law 25. Is that correct?