Evidence of meeting #151 for Public Safety and National Security in the 42nd Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was data.
A video is available from Parliament.
5:40 p.m.
President, Canadian Association of Mutual Insurance Companies
I'm not familiar with what the banks have, but I can tell you that our members shell out a lot to make sure their systems are protected and secure.
February 27th, 2019 / 5:40 p.m.
President, Canadian Association of Mutual Insurance Companies
Mutual insurance companies.
5:40 p.m.
Liberal
Michel Picard Liberal Montarville, QC
To your knowledge, is what your members spend on system security comparable to what the banks spend, taking into account routine operations?
5:40 p.m.
President, Canadian Association of Mutual Insurance Companies
Absolutely.
5:40 p.m.
Liberal
Michel Picard Liberal Montarville, QC
For now, that's speculation, since we don't have the information. Isn't that right?
5:40 p.m.
President, Canadian Association of Mutual Insurance Companies
That's right. We don't have the information, but percentage-wise, it's certainly true.
5:40 p.m.
Liberal
5:40 p.m.
President, Canadian Association of Mutual Insurance Companies
The risk of a third party gaining access to our systems and retrieving information.
5:40 p.m.
Liberal
Michel Picard Liberal Montarville, QC
What criteria do you follow when recruiting staff to make sure you have some control over the human risk factor?
5:40 p.m.
President, Canadian Association of Mutual Insurance Companies
My job is simply to represent the association. It's not our staff; it's the companies who do the hiring and have the computer systems.
Unfortunately, I can't answer your question.
5:40 p.m.
Liberal
Michel Picard Liberal Montarville, QC
Right now, do your member companies and the banks share any data?
5:40 p.m.
Liberal
Michel Picard Liberal Montarville, QC
As we speak, then, there's no electronic access. It's reasonable to believe that the members of your association do not offer third parties a way into the banking system, a vulnerable entry point, if you will.
5:40 p.m.
President, Canadian Association of Mutual Insurance Companies
Absolutely.
5:40 p.m.
Liberal
The Chair Liberal John McKay
Thank you, Mr. Picard. You've had the penultimate question, and I'd like to ask the ultimate question before we adjourn.
I wonder whether you are understating the significance of the data that you hold. You keep talking about how many bathrooms and who cares, but actually that can be quite significant data in the hands of certain people who wish to do us harm.
I wonder whether in fact you might be taking a bit too casual an approach to your own cybersecurity from the standpoint of data protection, because—and I guess this is a heightened sensitivity on the part of this committee—you never really know how individuals with malicious intention can use that data against both policy-holders and the institutions themselves.
I refer you to a $100-million lawsuit against Zurich Insurance. When the lawsuits start to happen over cybersecurity, everybody starts to run around in dizzy circles because they realize that maybe the data they had or have is far more significant than they actually realize.
I'm curious about your reaction to the value of your data.
5:40 p.m.
President, Canadian Association of Mutual Insurance Companies
We're always concerned with the data we hold. We hold personal information, names, addresses and that kind of stuff. Of course, we cannot ask for as much information as others can. We cannot ask you how much you make or what your job is and that kind of stuff. That's separate from what the insurance companies ask. They want to know what kind of use you make of your vehicle. That's the kind of information they ask for and that you see in the files of insurance companies.
5:45 p.m.
Liberal
The Chair Liberal John McKay
Google is awfully interested in how far I drive and when I drive. I got into the car in my garage on Sunday morning and it told me that it was 21 minutes to get to my church. I think it was kind of surprised that I went to church.
What I would describe as innocuous data becomes, in the hands of others, fairly significant.
5:45 p.m.
Principal, SkyBridge Strategies
Mr. Chair, you're absolutely right. We don't know what we don't know until somebody finds out what we don't know and that becomes valuable.
5:45 p.m.
Principal, SkyBridge Strategies
It could be that we're understating it, but I think it's a question of degree. Banks and financial institutions have 100,000 times more data on you as a consumer than an insurance company would. Sure, there is personal data that insurance companies possess, as well as brokers, agents and so on, but it's a question of degree.
5:45 p.m.
Liberal
The Chair Liberal John McKay
I don't want to press you on the point, but I'm not sure I buy your core argument.
Anyway, thank you for that.
With that, we are adjourned.