Industry committee  I wouldn't have described the exceptions as narrow, actually, but quite the opposite. I believe the exceptions are very broad, and that's perhaps an attempt to strike the right balance.

Industry committee  Thank you, Mr. Chair. Thanks for the invitation to come and speak. My name, as you heard, is Michael Geist. I am a law professor at the University of Ottawa, where I hold the Canada research chair in Internet and e-commerce law. I'm also a syndicated weekly columnist on law and

Information & Ethics committee  I think because it hasn't been touched in 25 years, you're on the right track. Experience to date has left many discouraged about the prospect for broader reform, so improvements, even if incremental, are better than nothing at all. We've literally had nothing for decades.

Information & Ethics committee  I'm not sure that it's easy to implement security breach disclosure legislation, but it has been implemented effectively in some organizations in the U.S. that are probably equal or quite close in size to the federal government and are located in multiple jurisdictions with clien

Information & Ethics committee  I just want to see it. I think it's something that could well be put into the Privacy Act. Whether it appears directly within the Privacy Act or is put into place through stand-alone legislation, either way I think it's long overdue.

Information & Ethics committee  I think even our federal commissioner has already identified alternative mechanisms for educating. The office now has a blog, for example. The issues I'm talking about wouldn't be raised on the blog, but it provides the opportunity to get the information out into the community an

Information & Ethics committee  Well, in some ways that's the very question I was asked right off the bat. Do we have no privacy, and get over it, or are there solutions? Unlike the environment we lived in when the Privacy Act was first introduced, where much of the privacy may well have been protected, becaus

Information & Ethics committee  Many governments have privacy legislation. From an outsourcing perspective, there have really been two schools of thought. One is the accountability principle that you've heard discussed, the idea that whoever collects that information is accountable for it, wherever it goes, whi

Information & Ethics committee  Sure. Part of the concern comes from a technological perspective. There was early talk, for example, of requiring an organization to ensure that the information only resided on computer servers based, say, in Canada, so the information would never physically leave the jurisdictio

Information & Ethics committee  Well, here we get into this issue of how we're going to describe it. I think it's certainly the case that you could create a power, which isn't the order-making power we were just discussing, that could give the commissioner the power to dispense with say the frivolous complaints

Information & Ethics committee  In my mind, it would, yes.

Information & Ethics committee  Our access-to-information legislation has privacy protections when it comes to particular personal information, so there has already been an attempt to strike that balance. In many instances the media relies on sources, where people provide information at great personal risk, so

Information & Ethics committee  As someone who has been the subject of some ATI requests, absolutely. There are appropriate limits within ATI on that, but at the same time, even in those instances, the obligation falls to the individual to show that the information is subject to an exemption, or that the Privac

Information & Ethics committee  Yes.

Information & Ethics committee  You've put your finger on what may be unquestionably one of the biggest issues, if not the biggest issue, that our private sector companies, global companies, and our government face. And that's the issue of outsourcing, particularly around sensitive data. The issue is particular