Information & Ethics committee  Yes, I have lots of hats to wear. Thank you very much to committee members for inviting me as well. I apologize that my presentation will be completely in English. I don't have the skills in French like those of my colleague, so my apologies for that. What I'd like to talk to

Information & Ethics committee  I do. I would echo what my colleague has said. You need to have an effective regulator, one clear regulator, for these issues, and effective sanctions that the regulator could impose. The banks react quite differently to OSFI than they do to the Office of the Privacy Commissione

Information & Ethics committee  I think there's so much ink spilled by lawyers about what real and significant harm means that it sort of boggles the mind. I think the answer is that if you want to get serious, you have to give the commissioner the power to order businesses to do something. She's been asking fo

Information & Ethics committee  Perhaps I could answer that first. I think it's exactly as they said there. They see no upside in it for them. This potentially reveals information about them that they'd rather not know. Academics love to criticize, and it's always sort of going back to that fear of some infor

Information & Ethics committee  Again, I don't want to really.... I think it wouldn't accomplish much for Canada if we attacked Royal, or TD, or CIBC. I would say to them, as an industry, could you share with us what are the sources of identity theft and identity fraud? Where do you see the problem coming fro

Information & Ethics committee  They have the same problem, but to the best of my knowledge they do not share it among themselves. They view it as a vulnerability, so they talk generally about the issues but they don't really share that information. As far as I know, they don't even share it anonymously with th

Information & Ethics committee  If you look at the data put out by the RCMP or people who report fraud to the various organizations—and a year ago I think it was around $17 million in combined value—and you compare that to the combined value that the banks and the credit cards are reporting, which is around $44

Information & Ethics committee  The RCMP are sort of saying that they think people just don't report it. If you ask them, they'll say that people just don't report it, that they are embarrassed, they're this, they're that, that it's not worth it, etc.

Information & Ethics committee  I don't want to be glib, but I have absolutely no idea. They refuse to share anything about their practices or their policies with academics. I would be speculating if I were to tell you that they're doing okay in terms of the algorithms they are running, in terms of the credit c

Information & Ethics committee  I think they do have the ability. I don't think it has to just rest on the credit bureaus. I think they have the ability, because they are running those algorithms. Your credit card is declined if you forget to tell them. If they have what we call the false positives of stopping

Information & Ethics committee  Yes. Institute is a word that we use at the university to help a group of academics come together and conduct research on a variety of projects. Our mandate is in the two areas of privacy and cybercrime. From time to time we have projects that have more to do with privacy, th

Information & Ethics committee  That's right. We've tried to launch research projects to investigate these questions exactly, and in order to do that we wanted to get access to the information from the banks. We were willing to sign whatever they required in terms of anonymity and confidentiality and all of tho

Information & Ethics committee  Exactly. I have not been able to do that.

Industry committee  Thank you, Mr. Chair. Thank you for the invitation to appear in front of the committee. I apologize that I'm not bilingual, so my comments will be in English. I'm an associate professor and the director of the Privacy and Cyber Crime Institute at Ryerson University and I'm appear

Industry committee  The mandating of breach reporting is, of course, a useful step that has been called for by privacy advocates for many years. I see it as a necessary step that in fact will bring us in line with other jurisdictions. In the investigations of the House committee on access to informa