I understand that the modifications being proposed through this subamendment would add to the definition of sensitive information, as follows:
Sensitive, in relation to information, includes any information about an individual for which the individual generally has a high expectation of privacy, which may include but is not limited to:
Then it provides the list of items, (a) to (i).
Our interpretation of this is that it provides directional guidance to the Office of the Privacy Commissioner about information that would generally be considered sensitive but leaves open the possibility for the Privacy Commissioner to identify, on a contextual basis, information that could be sensitive in a different context that the committee may not have identified on this list.
It also leaves open the possibility that some of these categories of information in accordance with, for example, the Supreme Court decision that we briefed this committee on some weeks ago, RBC v. Trang, would leave opportunities for the OPC or the courts to undertake a contextual analysis that would determine that in some instances—likely rare instances—things like financial data may not be sensitive.
That would be the ultimate effect as we read it.