Information & Ethics committee  There is a regime now adopted in PIPEDA that could probably work very effectively in the Privacy Act as well. It focuses on notifying individuals where there is a risk of harm, and harm is defined as a way that entails there are mitigation efforts the individual could take so the

Information & Ethics committee  I want to say, and just underpin, without mitigating it we do feel that in the investigative area there are shortcomings in the substantive elements of the act that need to be addressed from a public policy perspective, as well as to ensure public confidence moving forward. I al

Information & Ethics committee  I'd like to largely adopt the comments of my two colleagues and add one more example that gets a lot of attention and undermines public confidence and trust, and that's in the security context where we're getting increasingly large numbers and frequency of data breaches often wit

Information & Ethics committee  Our written comments, which we'll submit in due time, will provide you with some legislative suggestions. Many of the provincial counterparts of the Privacy Act have a necessity obligation. What it does functionally is important. You could get to the same place with the existing

Information & Ethics committee  And maybe an independent, individual right of action that's in parallel would be worth considering.

Information & Ethics committee  In terms of adopting, I think it would be useful to clarify this. Metadata already falls outside the definition of personal information in the act where there are ambiguities. An IP address is a good example. Often the argument will be that because an IP address takes three or fo

Information & Ethics committee  It's a bit of a tough one, but yes, as a starting point, we would, and probably further than what's in PIPEDA right now. The current damages mechanism in PIPEDA is closer to a fine, basically. It's hard to actually implement, because you need to meet very high standards of proof

Information & Ethics committee  Yes.

Information & Ethics committee  That mechanism is tied to damage recovery. I would make it little bit different, because the one in PIPEDA is ancillary to a complaint. You have to file a complaint, go through the process, and basically start all over again in Federal Court if you hope to get damages. Very few p

Information & Ethics committee  One of our specific recommendations is to adopt an overarching proportionality mechanism. As we've envisioned that and as it operates in PIPEDA, the private sector counterpart, it would actually sit on top of those exceptions. It doesn't mean that any exception could be overridde

Information & Ethics committee  Without my prejudging the outcome of that decision, what's at issue there is whether, through very contractual clauses, an entity like Facebook that has millions of customers in Canada could essentially opt out of Canadian law. If the decision is that this is the case, I think we

Information & Ethics committee  I think so. We saw in one instance where a B.C. committee reviewing a counterpart to this law in B.C. had not been aware of a trade commitment that was made, even though some level of the B.C. government was involved in the negotiations of trade agreements. They're so multilatera

Information & Ethics committee  Thanks. I would point to the Privacy Act's counterpart, PIPEDA, which wasn't introduced quite so long ago but adopted a very principled framework as opposed to a more prescriptive one. Some of our recommendations try to accomplish this, as well as some of the recommendations of

Information & Ethics committee  Mr. Chair and members of the committee, good morning. My name is Tamir Israel, and I am staff lawyer with CIPPIC, the Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic at the University of Ottawa's Centre for Law, Technology and Society and the Faculty of Law.

Industry committee  The addition of compliance agreements is helpful, but it addresses a very specific scenario. What happens with a privacy complaint is that it goes to the commissioner, she does her report, and she issues a recommendation. It's a non-binding recommendation, so let's say the compan