Industry committee  Thank you, Jean. I will limit my opening remarks to just two areas regarding the breach notification regime. The first one is thresholds for reporting to the Privacy Commissioner, and then the second area will be record-keeping. As you may know, unlike its predecessor, Bill C-1

Industry committee  No, you're right. When Mr. Israel referred to the different thresholds, I think the only thing that we're agreeing on is that there should be two thresholds, but not that more should be reported to the OPC.

Industry committee  Actually, in a way I would echo Mr. Lawford. In particular, as regards breaches, there has been extensive voluntary compliance because industry does actually see their security safeguard obligations requiring notification to individuals. Maybe the only little piece that Bill S-4

Industry committee  From the CBA's perspective, we totally understand the movement from investigative bodies to the regime that's proposed in Bill S-4, which is similar to B.C. and Alberta, as you just stated. Because of the concern we had been hearing in the media and others, when you read the word

Industry committee  Clearly, our position is different. We don't think amendments need to be proposed for PIPEDA or Bill S-4. The Supreme Court did its homework, which was to interpret one provision in an existing piece of legislation. We therefore don't think amendments need to be made.

Industry committee  I did hear the testimony earlier this week where that came up. Maybe I can give you a really quick example of it. Take a call centre context, where someone calls in and says, “I received the bill of my neighbour at my home.” What would happen in that context is that the call ce

Industry committee  Every organization has breaches of their security safeguards. That goes without saying. Some are more significant to Canadians, broadly speaking. Others are not. We should focus on those that are of the most concern to Canadians.

Information & Ethics committee  Thank you. I've been using this timer to keep us honest, because last time both Tamir and I went way over. We spent the 30 minutes or so that we were waiting having quite a good debate here beforehand. Thank you very much, and good afternoon, Mr. Chair, and honourable members o

Information & Ethics committee  They may have gotten a bit further than we have. We've kept our remarks more on the cautionary side because there's a desire to quickly think about how we can change our PIPEDA law to make sure we're adequate, and I would rather flip it on its head and say let's decide whether or

Information & Ethics committee  I would maybe flip the question on its head, as I did at the end of my earlier remarks. We should be looking to make the changes we think we need to make to our privacy legislative framework based on our values and our own democratic system in both our common and civil law jurisd

Information & Ethics committee  Europe is catching up in many respects to things we've had as part of our privacy regime for a long time, such as the accountability principle. Breaches is an area that exists here that is newer in Europe. Privacy impact assessments and privacy by design, those are terms and prac

Information & Ethics committee  Yes, briefly. Mr. Israel explained that the last time changes were made to the act, an element was added to the notion of consent, known as valid consent. It was already covered, but a clarification was made precisely to protect the more vulnerable groups, such as the elderly a

Information & Ethics committee  I agree. PIPEDA is sufficiently flexible to allow us to take into account the changes due to new technologies. In 2001, there was no Twitter, Facebook, Google or LinkedIn. None of those services existed at the time. And yet those organizations and the Office of the Commissioner

Information & Ethics committee  My answer will be easy. We don't have a view on that.

Information & Ethics committee  We would say no.