Information & Ethics committee  Some do and some don't.

Information & Ethics committee  Definitely, but at the same time, the ones that do follow the law are getting annoyed with the fact that others are not. Yesterday, a story came out about telcos disclosing personal information. I got a call from one of my clients saying, “Are we the only telco not disclosing per

Information & Ethics committee  It's a challenge, but I think if we have breach notification, we'll know a little bit more. If you have one branch or one party collecting the information and collecting all these notifications to say that these are the types of breaches that are happening in the country, I think

Information & Ethics committee  What I'm including more and more in the contracts are audit rights. It's one thing to say that you better protect the information, and it's another to have the right to go and audit the premises, the servers, how they're stored. I'm including these types of provisions more and mo

Information & Ethics committee  It's a good question. As for what they usually do, the first thing they look at is whether the organization had proper policies in place, and then, if they had these policies, whether the employees were aware of these policies. Had they received proper privacy training? Usually,

Information & Ethics committee  Well, in Quebec we have an opt-out system, so nobody is jumping on the wagon per se, but yes, you're right. There are lawyers who are making a living by filing privacy class actions, sometimes copycat files from the United States that they import here. In some cases we defend the

Information & Ethics committee  Well, it's a little grey, right? There's a contract. The contract is usually worded in very broad language saying that they need to protect the information in accordance with applicable laws. They just want the business. They want the contract. They'll sign it. At the end of th

Information & Ethics committee  It should not be anything lower than what we have under CASL, right? Spam is an issue. Privacy and identify theft is also an issue, so in my view, why should it be any lower? If she had the power to issue fines for up to millions of dollars or hundreds of thousands of dollars, it

Information & Ethics committee  Yes. Sometimes it's not shredded. It's stored. Also, it's not digital shredding of electronics that are not.... The information is not erased. It's provided to another employee, another customer.... You've had the Staples case. I had a case recently where the information got los

Information & Ethics committee  I believe so, and I think a great example is with CASL, the anti-spam law coming into force. People are taking it very seriously. The incentive is there if the penalties are there, and they have D and O liability, directors and officers liability, employers liability, so people a

Information & Ethics committee  Yes, a little bit. It's still difficult to be authorized, although in the last year we had two cases, one against Apple in Quebec that was authorized last summer. There also was one earlier involving the health law in Ontario, Kay, that was authorized. They are authorized more

Information & Ethics committee  They aren't subject to our laws, but even if they were, what incentive would they have to comply? That speaks to the first point I made in my presentation. I don't know if you have anything to add.

Information & Ethics committee  Towards the end of my presentation, I mentioned four or five points in that regard. But there is something else I would say. In an ideal world, companies would be penalized for failing to report a security breach. The commissioner should have the power to issue orders and make t

Information & Ethics committee  I will start. Thank you for the invitation. I'll give the first part of my presentation in French and the second, in English. I'd like to start by discussing the legal framework governing privacy protection and the response of business. Despite the legislation that exists, the