Justice committee  Good afternoon, Mr. Chair, ladies and gentlemen members of Parliament. With me today is Carman Baggaley, Senior Policy Analyst at the Office of the Privacy Commissioner. My comments today will focus on the amendments proposed to the Sex Offender Information Registration Act, or

Justice committee  I heard the testimony stating that the victims only want the criminal justice system to take better account of what has happened to them. I sympathize entirely with that viewpoint. I don't think there is much to be done with the public nature of the system in question. It is con

Industry committee  Thank you, Mr. Chair. Good morning, members of the committee. Thank you for the invitation to present our views on Bill S-4, An Act to amend the Personal Information Protection and Electronic Documents Act and to make a consequential amendment to another Act. With me today are

Industry committee  Certainly several years ago. I understand this bill is the outcome of a five-year review of PIPEDA called for in the original legislation. Certainly I support the bill, subject to two amendments, but generally I support this bill. Some of the provisions in this bill are overd

Industry committee  I think there are two main amendments that are very necessary and that will be helpful for us to implement and apply. I refer to the obligation imposed on organizations to notify the OPC and the concerned individuals in the case of data breaches. We know from media reports and

Industry committee  Currently, PIPEDA is based in large part on the concept that information is to be collected and used with the consent of the individual to whom it pertains, and that deals with a private organization. That concept is not defined; nevertheless, it has been the subject of many inve

Industry committee  Thank you for the question. Frankly, I haven't read the amendment proposed in the B.C. legislation, so I can't comment on that particular formulation, but I'll say a few things. Point one, the Spencer decision is a huge development for privacy law. It is very helpful; it has se

Industry committee  Yes. The number fluctuates, but it's roughly 60.

Industry committee  Yes.

Industry committee  The requirement in question would require organizations to keep records of data breaches of any kind. We will be able to review their records to determine whether or not appropriate breach notification has occurred, and it will allow us to determine trends generally on the issues

Industry committee  The corporations would have the obligation, and we would have the ability to review these records.

Industry committee  I believe you are probably referring to compliance agreements—

Industry committee  —so I'll ask my colleague Madam Kosseim to answer your question.

Industry committee  It's for two reasons, essentially. Point one, I totally agree that there needs to be provision in PIPEDA allowing organizations to address the issue of fraud or breaches of agreements that they may face. The question is how to do it. The current regime, I think, is preferable t

Industry committee  I think the requirement for that breach notification is a big part of it. The importance of this should not be underestimated. As I have said, and as we all know, breaches are a growing concern. With this requirement for organizations to advise both my office and individuals, we