Refine by MP, party, committee, province, or result type.
Information & Ethics committee Thank you. The central theme of our comments this afternoon is our view that PIPEDA's statutory framework is very well suited for innovation. While there are certain challenges in applying PIPEDA's fair information principles in today's highly dynamic data environment, it is c
May 30th, 2017Committee meeting
Adam Kardash
Information & Ethics committee Thank you. As the committee has heard from previous witnesses, there is an increasingly active discourse and growing recognition in the global privacy arena of the legal and practical challenges posed by the statutory consent requirement in an evolving data environment, but desp
May 30th, 2017Committee meeting
Adam Kardash
Information & Ethics committee I'm happy to begin.
May 30th, 2017Committee meeting
Adam Kardash
Information & Ethics committee My first comment would be that the GDPR is an incredibly complex piece of legislation. It is still being actively reviewed, and there is a tremendous effort globally to understand what certain aspects of the legislation even mean. We're just getting policy guidance from regulator
May 30th, 2017Committee meeting
Adam Kardash
Information & Ethics committee I'd be pleased to do so. We offered four. All of them relate to the ability to process certain data—to collect, use, and disclose personal information—without consent. One of them, as mentioned by my colleague as well, was to create an exception for legitimate interest. This wou
May 30th, 2017Committee meeting
Adam Kardash
Information & Ethics committee Number two, there's currently an exception under PIPEDA in paragraph 7(2)(c) for the use of data for statistical and scholarly study and research. It's just for the use of data. The wording, in my view, allows for the conducting, for example, of analytics, which is a form of rese
May 30th, 2017Committee meeting
Adam Kardash
Information & Ethics committee Finally I mentioned, consistent with my colleagues, that organizations now engage in a practice referred to as de-identification or anonymization or obfuscation, which is extraordinary helpful to protect the privacy interests of individuals while it's processing, but it protects
May 30th, 2017Committee meeting
Adam Kardash
Information & Ethics committee I agree with both colleagues. Striking a balance is difficult. I'm not sure that the answer is necessarily embedding that principle within a statutory framework. There is an existing framework right now that allows for respectful treatment of the life cycle of data, including da
May 30th, 2017Committee meeting
Adam Kardash
Information & Ethics committee I'm happy to answer that. In the context of numerous client engagements, we've had to address that exact issue. The best place to start, actually, is with your reference to COPPA. Under PIPEDA, as we've heard throughout the afternoon, there's a consent-based requirement. Indivi
May 30th, 2017Committee meeting
Adam Kardash
Information & Ethics committee I have two comments. With respect to your first question, I think there are times when it seems as though it would be helpful to have different age gates for different types of scenarios, but given the explosion of the array of different types of services and offerings and cont
May 30th, 2017Committee meeting
Adam Kardash
Information & Ethics committee I would just reiterate that in dealing personally with scores of investigations, I have found that there is a benefit to having an ombudsman model that can be unleashed to have even greater benefits, to allow for what I would call a conversation. Unlike other types of statutes in
May 30th, 2017Committee meeting
Adam Kardash
Information & Ethics committee I want to clarify if the question is whether there are recommendations for helping organizations respond to incidents that would be incorporated into the statutory regime or it is a more general question.
May 30th, 2017Committee meeting
Adam Kardash
Information & Ethics committee As the committee is aware, we've had these discussions, and PIPEDA has a pending statutory security breach notification requirement, which will come into effect once the regulations are put out for comment and then ultimately implemented. One of the comments that industry has ma
May 30th, 2017Committee meeting
Adam Kardash
Information & Ethics committee Yes, those compliance agreements are voluntary for organizations to enter into. There are certain reasons it would make sense for organizations to enter into them with the OPC, like a binding agreement, just as you would have in the private sector, so that would make sense in its
May 30th, 2017Committee meeting
Adam Kardash
Information & Ethics committee We've had to work on several dozen client mandates in which we were dealing with concepts in the EU, with global companies, and importing them. These are very tricky, and what seemed to be the case in every single context is that that was unnecessary for the protection of privacy
May 30th, 2017Committee meeting
Adam Kardash