Information & Ethics committee  I absolutely think it meets a very high standard. I don't know if the standard is shifting all the time. There are new technologies that are being developed all the time, so this is something that we are constantly reassessing. If there is more that could be done to further minimize the re-identification risk, that's a process that we are always looking at in terms of further controls we could layer in.

Information & Ethics committee  I'm not sure what “very often” would be, but we have definitely done rigorous re-identification tests and attacks, and we've commissioned them. Part of our work with experts was to do that very thing to make sure it was bulletproof.

Information & Ethics committee  I'd like to clarify the question. Do you mean the standards used by the Privacy Commissioner to assess de-identification methodologies?

Information & Ethics committee  No, I'm not. Those have not been published.

Information & Ethics committee  It's not that I'm not aware of standards that were established; there haven't been published standards about how to de-identify. The data must be de-identified to the point where it's not reasonably likely to be identified back to an individual in order for it to fall outside of the privacy legislation, and on that the commissioner is very clear, but in terms of exactly what his office would be looking for if they were to assess our de-identification methodology, there's nothing published on that.

Information & Ethics committee  As I mentioned earlier, we worked very closely with leading de-identification experts, and we have continued our work—because we saw this as so important—to try to develop standards in this space. We work with leading de-identification experts on CANON, the Canadian Anonymization Network, which we co-founded, to continue to push forward the technology around de-identification and arrive at standards.

Information & Ethics committee  I just want to go back to what it is that the government has. We're talking about heat maps and charts, insights drawn from the data. This is not our customers' identifiable data. Normally if we're sharing actual data, there would be that type of requirement to destroy the data, but that requirement doesn't necessarily have the same import here.

Information & Ethics committee  I want to be perfectly clear: We got consent to collect the personal information to provide our network mobility services. There is no personal information that we have done anything with, without our customers' consent. All of what we have done has been in compliance with the law.

Information & Ethics committee  I'm not sure if we turned our minds to that particular solution. We took steps that we thought were appropriate. We were pretty loud about it with media releases in the context of the pandemic and we put a lot on our website. As I indicated earlier, we had taken all of our five core data commitments to the Privacy Commissioner to ensure that we were properly being transparent about what the program is and giving the right assurances to our customers.

Information & Ethics committee  The de-identified data on our websites could never be provided back to an individual, because it is not identifiable data. We have the identifiable data that we collect originally.

Information & Ethics committee  I'm not aware of another program that is using data in this way.

Information & Ethics committee  For our Data for Good program and Insights model, we are only using the data of our customers.

Information & Ethics committee  I'm not sure where that information has come from, but Telus has not moved in the.... When we acquired Babylon in January of 2021, we made changes that brought the program under our privacy program, but we did not move anything from opt-in to opt-out. That was not a change that Telus made.

Information & Ethics committee  If we're talking about personal information, absolutely. If we're talking about de-identified information, there's still knowledge and transparency to encourage customer trust and to earn it, but there's no requirement for consent. In fact, it's probably a little bit unrealistic in most of these contexts.

Information & Ethics committee  Yes, we are.