Information & Ethics committee  An important part of the solution, I think, clearly lies in ensuring that government departments and private sector entities have the right security safeguards to protect their consumers or citizens from these attempts. We have seen many, many privacy breaches in the past years in Canada and elsewhere.

Information & Ethics committee  Health issues are certainly within provincial jurisdiction, and provinces have the jurisdiction to legislate to protect the health of their citizens. Canada, federally, has the authority to protect the health of its citizens when people try to cross the international border. There is a role for provincial governments and legislatures to regulate in that area, but subject to the same considerations, it is exceptional.

Information & Ethics committee  We do some, perhaps less than we should or could. Certainly our role with respect to attempts by ill-intentioned people to access personal information of Canadians mostly has to do with ensuring that government and the private sector have the right security measures in place to protect against these attempts.

Information & Ethics committee  There are a number of considerations that are relevant. The first one is whether there is authority for this. I think there likely is. With Mr. Barrett, I discussed a number of other issues, including the fact that this exceptional measure should be time-limited. That's an important consideration.

Information & Ethics committee  I would answer with respect to the two relevant clauses. In terms of the RCMP, to the extent that the principle that we outlined, i.e., that a federal department or institution should not rely on information that was obtained illegally by a third party partner, if that's not clear and the RCMP argue that it is not clear, then what needs to be changed is the public sector Privacy Act.

Information & Ethics committee  They did not and they were not, and the only finding was that the RCMP was using technology that we found violated privacy. That was the first main conclusion. The second was that the RCMP did not appropriately account for and assess—importantly assess—new technologies that its officers were using.

Information & Ethics committee  I certainly agree that it is urgent to better regulate the issue, both in terms of human rights and in terms of having a solid framework regulating the use of data in order to protect privacy. It is urgent.

Information & Ethics committee  Ideally, I would like to see new legislation in the private and public sector. I would like, at least, to see proposed legislation, in both sectors, that gives a clear indication that, in the near future, Canada will be moving to adopt rules that achieve the objectives I have just stated, namely the protection of rights and an assurance that data is used in a responsible manner.

Information & Ethics committee  Initially they said they were not, and later they acknowledged that in some parts of the organization they did.

Information & Ethics committee  That's an issue we gave some consideration to when we were writing our report of finding. We did not conclude, actually, that they had misrepresented the situation. They told us at first that they were not using the technology. Ultimately they essentially said that because they did not have the systems in place to ensure that the use of new technologies was reported higher up in the hierarchy, when they found out that the technology was used in part by some individual officers to test it and in part by a group of people concerned with child disappearances, then they told us that, indeed, they were using the technology.

Information & Ethics committee  No. I think my task for the next year would be to continue to comment on legislation and try to prepare the OPC for what comes next.

Information & Ethics committee  With respect to Bill C‑11, I would refer you to the brief we submitted a month ago. The current Personal Information Protection and Electronic Documents Act (PIPEDA) is essentially an act that originally incorporated into federal legislation an industry code of practice that was created a little over 20 years ago.

Information & Ethics committee  First of all, it would be that most if not all contraventions of the law should be eligible—let's put it that way—for administrative penalties, as is the situation in most other countries that have penalties. There are modalities that we can discuss if we have time, but the rule should be such that essentially all violations lead to fines if the proper authority determines that the law has been violated.

Information & Ethics committee  In the submission that we presented to your committee about a month ago, we addressed that important issue. We recommend the addition of preamble and purpose clauses in a new law that would firmly ground the federal legislation in trade and commerce. This could be done by having explicit language in a preamble or purpose clause to indicate that the purpose of the federal private sector law—Bill C-11 at this point—is to ensure viable and sustainable digital commerce by protecting privacy.

Information & Ethics committee  They do. It is not normal, again, that organizations, public or private, would require proof of a health status or vaccination status. There have been exceptions. School children, for instance, need to provide proof of vaccination in order to enrol in school. In travel situations, there have been exceptions as well, but the rule is that this is confidential health information that should not be required except for very precise purposes.