Information & Ethics committee  Thank you for the opportunity. We're looking at the Canadian federal Privacy Act, which when it was passed in 1982 was undoubtedly on the cutting edge of privacy legislation. But it's starting to show its age. It was built based on what are referred to as the OECD guidelines, w

Information & Ethics committee  I think there may be a little bit of confusion, because we have PIPEDA, the private sector legislation, which has been in force and was just subject to its five-year review. When it was passed, PIPEDA didn't have a breach notification requirement explicitly stated in it, but amon

Information & Ethics committee  We don't specifically say within the brief, so I'm kind of moving into my own views on this, but yes, I would say those are not trivial.

Information & Ethics committee  Sure, and it does—

Information & Ethics committee  It's our view that the government should be controlled with respect to the security safeguards and notification rules to standards at least as strong as will be in the private sector. It's an important maxim—at least in the more modern principles of personal information protect

Information & Ethics committee  On the philosophy or the difference, you've really hit the nail on the head with respect to the principal differences between the private sector legislation, where it concerns a consensual relationship, and the public sector legislation. When you're dealing with a bank or dealing

Information & Ethics committee  I believe notification was one of the ones the commissioner recommended. We added the general duty to protect personal information and the issue respecting data matching, if my recollection is correct.

Information & Ethics committee  I'm sorry; my apologies. The first two, the duty to protect and the data matching, were considered separately, and they were considered to be at least connected to the reporting by the federal Privacy Commissioner. Within the discussion we had at the Canadian Bar Association, b

Information & Ethics committee  My apology; I believe it is included in the necessity one. One moment.

Information & Ethics committee  I don't have them numbered separately.

Information & Ethics committee  Without having turned our minds explicitly to the narrow question of whether the commissioner in this context should have order-making powers in the Privacy Act rather than PIPEDA, the consensus seems to be that in order for there to be proper accountability within the legislatio

Information & Ethics committee  I just want to make sure I fully understand your question.

Information & Ethics committee  There are a number of different models. There's the one that would give the commissioner the power to compel a public body to follow the requirements of the law. Currently it's not the court nor the Privacy Commissioner; it's simply a requirement that every citizen and every empl

Information & Ethics committee  I don't know the specifics of it. I certainly am aware that the Privacy Commissioner has said that. The Correctional Services of Canada is an institution under the Privacy Act. Individuals would have a right of access to their own information. I certainly have seen instances in

Information & Ethics committee  Are you referring to paragraph 7(3)(c.1) of PIPEDA?