Information & Ethics committee  The proposed amendment is intended to make it absolutely clear that you can undertake an action or a process like that in Quebec, following your own rules.

Information & Ethics committee  It's a question that might come up in a situation like on-line banking, where you could say this is a potentially risky activity. I don't know whether the fatigue would show up there or not. But one of my concerns is that consumers take in e-mails, and if they're from a financial

Information & Ethics committee  The Privacy Commissioner of Canada has that power now. So I'm assuming that Parliament didn't think it was that intrusive to put it in at the time. But she has a requirement that she has to have reasonable grounds. I think when something has come out in the media two or three o

Information & Ethics committee  There's a risk of fatigue in that. However, I believe our recommendation to the Privacy Commissioner on that was that there be a description in the notice you get with a general indication of how serious it is. So hopefully there would be a number that were not so serious that wo

Information & Ethics committee  This particular safeguard, which I've cited to you, comes out of the Gramm-Leach-Bliley Act in the United States, which requires financial institutions to take due care with regard to customers' personal financial information. That's the source of their jurisdiction, in this part

Information & Ethics committee  In the sense that businesses, like banks and credit card companies, make an effort to try to stop identity theft, that is true. On the other hand, as you said, they certainly don't have any interest in telling people when there's been a breach. Would it be okay to just let it go

Information & Ethics committee  The Financial Consumer Agency of Canada has taken some tentative steps along this line. I believe they're working on phishing documents, so it would be a natural outgrowth for them to continue their work. Whether banks like it or not, they are at the centre of all this, because i

Information & Ethics committee  It is an independent agency, created by an act, which reports annually to Parliament. However, it is financed by the financial institutions rather than by taxpayers.

Information & Ethics committee  That's one of the definitional issues that I hope your next study will cover. If it leads to a further fraud, such as someone then sending out phishing e-mails and then that person can piggyback off your account, well, that's pretty close, but if you're not losing any particular

Information & Ethics committee  That recommendation was in the sense that if there has been a breach and you've recovered your hard drive, or there was a hacking attempt but you're not sure where the data has gone, you would still notify people. That remains our position, because you don't know now, when inform

Information & Ethics committee  Notify the individuals, because individuals could take immediate steps with their banks to cut off further credit or emptying of accounts. They can get a fraud alert on their credit report—we would prefer a credit freeze, but there you go. They can take a lot of steps, including,

Information & Ethics committee  It has been recommended by this committee for data breach notification. I think that's the major one at the moment. I have to grab my recommendations at the back of it.

Information & Ethics committee  Yes, they funded it.

Information & Ethics committee  That is correct. However, for example, the rule I cited before from the FTC...they have a certain jurisdiction to enforce their general consumer protection act. Under their rule-making power, they've made a rule with financial institutions that requires them to take steps like PI

Information & Ethics committee  Perhaps I can add that you may want to look at the Financial Consumer Agency of Canada being an agency that might take over that public education role, because they have that role for the banking system.