Information & Ethics committee  Thank you, Mr. Chair. I am here alone. Janet Lo, my co-counsel, sends her regrets. She's in a lock-up for CRTC on Bell-Astral. The Public Interest Advocacy Centre is a non-profit organization that provides legal and research services on behalf of consumer interests, and in part

Information & Ethics committee  We do, and the Nexopia complaint is a good illustration. But we could have chosen other social networking websites as well. The point is that we've gone through the process of identifying a site that seemed to not have made it clear to users what information would be used. The Pr

Information & Ethics committee  That's the core of our complaint. It was triggered by the fact that you can go on to Nexopia, and they even provide a handy-dandy database searching tool for outside users—or anyone—to search from the front page for age, gender, and the city where you live. And if you do that, yo

Information & Ethics committee  They were asked to change their privacy policy and some other information on June 30, and they missed that deadline. They were asked to change their default settings by September 30 so that when you become a new member you are defaulted into “friends only”, and that this not be s

Information & Ethics committee  No, I'm saying that when the Privacy Commissioner asked Nexopia to have a data retention policy and to provide users with a real delete key, if you will, they said no. And then the Privacy Commissioner thought it was important enough to go to Federal Court on her own to try to en

Information & Ethics committee  We think that users and people.... It's almost a human right. You should have a chance to ask a company to remove the information. It's clear in the act that you are supposed to delete it if it's no longer used, so we don't see why you shouldn't have the right to remove it. In E

Information & Ethics committee  The Privacy Commissioner did a pretty good job of saying that even with the present act, these are the rules. The trouble comes when the company says, “That's nice. Thank you for your finding. We'll continue to do business as we wish.” The problem is in the enforcement. The act

Information & Ethics committee  It's interesting to stay slightly on that one as well. We haven't heard much in the committee—I've been watching it—about de-identification of personal information. That's used as an equivalent in the act. You can either de-identify or delete. The research we've done in our pape

Information & Ethics committee  Yes, and it's a very attractive model for some commercial uses. You can aggregate or de-identify and then use the information for other purposes: monitoring who comes to your site, what they buy, telling advertisers and your customers, and tweaking your site so that it works righ

Information & Ethics committee  One of the things I mentioned in my presentation was that companies define personal information in terms of the uses they're going to put it to for their own company. While that might be fine, a standard statement of what personal information is, according to the law of the juris

Information & Ethics committee  Perhaps tweaking the act to say you have to state the act's own definition of personal information might be something you'd legislate. Otherwise, I think that would be something led by the Privacy Commissioner in a round table with stakeholders. It could be in the form of guideli

Information & Ethics committee  Let's take the example of data breaches. Now there's something that has shown that, although we have a good act, something can come along such as hacking or data-handling practices that can become a chronic problem. It's worth tuning up the act for that. Otherwise, the act itself

Information & Ethics committee  That's right.

Information & Ethics committee  They were all on retention issues.

Information & Ethics committee  I believe one of them was a refusal to set up a retention schedule for new users. So it would say that you had to keep it for three years after you stopped being a user. One was offering a true delete button. There were two more that I'm afraid I'd have to take a look at my phone