Information & Ethics committee  If there are subsidiaries here in this country, they're subject to our law to the extent they are collecting and using information inside Canada. I think that's fairly clearly understood. With regard to the offence, section 28 of the act already outlines what the offences are at the present time.

Information & Ethics committee  I think I have.

Information & Ethics committee  I have a concern that if you move to a sliding scale such as reasonable fees you can end up in a situation where they become deterrent fees, and people feel that they can't afford the cost of an access request and therefore they are denied access to the fundamental information to which they're entitled to have a right of access.

Information & Ethics committee  Thank you very much. You don't pass privacy laws to require good corporations to act responsibly. You pass laws because you have other companies that don't accept those responsibilities. The very first complaint investigation under the Alberta privacy commissioner's office involved three companies that had disposed of very detailed personal records containing tons of personal information, financial data, by putting those into the dumpster.

Information & Ethics committee  PIPEDA, of course, applies to all business organizations, not just those in certain sectors like insurance. I think the Quebec amendment was useful. It brought their law up to a higher standard, for sure. PIPEDA already has that standard to a certain extent. When you are transferring data for processing anywhere, whether it's to another province or outside the country, you have an obligation to put in place safeguards, including contract-type safeguards, that will protect the information.

Information & Ethics committee  I was surprised when I saw that bill and looked at the fact that the list would have date of birth on it. I think that's certainly the one element I would have a concern about, because it's certainly a piece of information that is much more personal than any other. Your telephone number is not particularly sensitive information, unless it's an unlisted number.

Information & Ethics committee  Hopefully, sir, the changes will simplify the act and make it easier for small business to use. Some of the recommendations I've seen made over the past number of meetings here have indicated to me that if they were put in place, they would make it easier for the small business sector.

Information & Ethics committee  Sure. The act currently authorizes businesses to use information they come across in the normal course of their business activities. So if a business organization saw something it thought was suspicious in nature, it could certainly use that and later on disclose that to the RCMP or to CSIS or whatever.

Information & Ethics committee  May I jump in on this one? I've thought about those comments by Jennifer Stoddart at some length, and I think you can draw a fairly bright line between a definition of work product information as work output and work processes, but it would not include video monitoring or video surveillance.

Information & Ethics committee  It's already happened. There has been at least one case where a respondent won the right to have a judicial review of a finding made by the Privacy Commissioner's office. It's already entering the common law realm in that sense. I have no difficulty with it. I think there are situations, but they're going to be rare ones.

Information & Ethics committee  I can address that first. I certainly agree with you, Mr. Martin, that we need to have some formal legal duty to notify built into the act. I think Canadians demand it, just to build trust in the electronic commerce world. I don't necessarily recommend the U.S. approach; in that approach, most state laws are based upon the California model that was the first law.

Information & Ethics committee  Mr. Martin, I actually checked into that story. I actually checked with the Manitoba ombudsman. I was very, very curious about your comment earlier that your health information was in the U.S. I got total assurances that it never left the province. I was very interested in that story and I did some research into it because I write a thing called Privacy Scan, and I have been following these hearings and looking at the issues raised.

Information & Ethics committee  —your data has not left the province.

Information & Ethics committee  To the broader question about U.S laws, there are quite strong sectoral laws in the States involving health information, banking information, and other specific areas, such as children's privacy, but no general, broad federal-level encompassing privacy act. There are tons of state-level laws.

Information & Ethics committee  Through the Department of Commerce, they created something called the “safe harbour” arrangement. Companies voluntarily enter it, and when they do so, they declare that they will abide by a set of privacy rules. Because they're declaring that, they are subject to the Federal Trade Commission Act, which prevents misleading and deceptive advertising.