[Recorded by Electronic Apparatus]
Tuesday, October 22, 1996
[English]
The Chair: Good morning. This committee is now in session. This is the Standing Committee on Human Rights and the Status of Persons with Disabilities. We are very pleased to have this conference today. I'm sorry it was delayed.
We are looking forward to hearing from experts in the field. As you can see, technology makes us a borderless society and we're working over and through these borders.
I would first of all like you to meet the members of the committee and then I will introduce you to our guests.
I'm Sheila Finestone, I'm the member for Mount Royal and I'm the chair of this standing committee. The vice-chairs of the committee are Mr. Andy Scott.... Would you introduce yourself, please, Mr. Scott?
Mr. Scott (Fredericton - York - Sunbury): I'm Andy Scott. I'm the vice-chair and I'm the member of Parliament for Fredericton in New Brunswick.
The Chair: The other vice-chair,
[Translation]
Mr. Maurice Bernier, please.
Mr. Bernier (Mégantic - Compton - Stanstead): I am vice-chairman of this committee and a Bloc Québécois member for the riding of Mégantic-Compton-Stanstead.
The Chair: Fine.
[English]
The other members of the committee. Russell MacLellan.
Mr. MacLellan (Cape Breton - The Sydneys): My name is Russell MacLellan and my constituency is Cape Breton - The Sydneys in Nova Scotia.
The Chair: Jean Augustine.
Ms Augustine (Etobicoke - Lakeshore): My name is Jean Augustine, member of Parliament for Etobicoke - Lakeshore. I'm very pleased to be here today to hear your presentations.
[Translation]
Mr. Ménard (Hochelaga - Maisonneuve): Good morning. My name is Réal Ménard and I am a member for Hochelaga-Maisonneuve, in Montreal-East. I would like to take this opportunity to tell Mr. Comeau that I read his book on the Bloc populaire and that I thought it was very interesting.
The Chair: Fine.
[English]
I'd like to introduce you to our guests. The first guest we have, or the first witness, I should say, is Ann Cavoukian, who is an expert in the area of privacy. Could we have Ann Cavoukian on the screen, please?
Ms Ann Cavoukian (Deputy Commissioner, Privacy, Office of the Information and Privacy Commissioner of Ontario): Can you see me?
The Chair: Yes.
Ann Cavoukian is an expert in the area of privacy protection and has written and spoken extensively about the subject around the world. She recently co-authored a book with Don Tapscott entitled Who Knows - Safeguarding Your Privacy in a Networked World.
She received her Ph.D. in psychology from the University of Toronto, where she specialized in criminology and lectured on psychology in the criminal justice system. Miss Cavoukian is currently the deputy commissioner in the office of the information and privacy commissioner of Ontario. She joined the commission in 1987, where she is responsible for the protection of privacy and ensuring that government organizations comply with the requirements of Ontario's freedom of information and privacy legislation.
Now we have Dr. David Flaherty, who is just back from Brussels, probably suffering about eight hours of jet lag. We're looking forward to greeting you on the screen. Could you speak, please, Mr. Flaherty?
Mr. David Flaherty (Commissioner, Information and Privacy Commission of British Columbia): Good morning.
The Chair: He's had over 30 years of experience in privacy protection and access to information issues, as an academic and teacher. By the way, he is from Montreal - from Warren Allmand's riding.
By the way, Mr. Flaherty, Mr. Allmand would have been here but unfortunately, or fortunately, one way or the other, he had to be in Montreal with Mr. Chrétien this morning. He sends you his greetings.
Mr. Flaherty is an academic and teacher, adviser and consultant, an advocate for privacy protection. He's taught at Princeton University, the University of Virginia and the University of Western Ontario. His research and teaching fields include American and Canadian legal history, information law and policy, privacy and data protection in modern industrial societies.
He has written and published four books and edited two international bibliographies on privacy and data protection policy. His best known book on the subject of privacy is entitled Protecting Privacy in Surveillance Societies: the Federal Republic of Germany, Sweden, France, Canada and the United States.
He is currently the Information and Privacy Commissioner for British Columbia. Welcome, Mr. Flaherty.
We will move to
[Translation]
Mr. Paul-André Comeau, please. Mr. Comeau is currently in Brussels.
Mr. Paul-André Comeau (Chairman, Commission d'accès à l'information du Québec): Good morning, Madam Chair.
The Chair: After three years as an assistant-professor at the University of Ottawa,Mr. Comeau spent 15 years as a correspondent for the French language network of the Canadian Broadcasting Corporation, not only on radio but also on television. In 1985, he was appointed editor-in-chief at Montreal's Le Devoir, a position he held until September 1990. In November of this year, Mr. Comeau was named chairman of the Commission d'accès à l'information, by the Quebec National Assembly. He is also currently a guest professor in the Department of Political Science at Laval University.
We will begin by
[English]
clerk of our committee, Mr. Wayne Cole. Mr. Cole is responsible for the functioning of this committee. We also have with us our permanent research staff from the Library of Parliament, law and government division, Ms Susan Alter and Ms Nancy Holmes. They will take copious notes and keep us on track.
First, we'll hear from Ms Cavoukian for ten minutes, followed by Mr. Flaherty for ten minutes. Then we'll have three minutes for rebuttal or questions.
[Translation]
We will then have ten minutes with Mr. Paul-André Comeau followed by three minutes of questions, and then we will come back to Ms Cavoukian for a three-minute rebuttal.
Mr. Ménard will put the first question as he must soon leave. He will replace the vice-chairman for the first question.
[English]
Please begin, Ms Cavoukian.
Ms Cavoukian: Good morning, ladies and gentlemen. It's a pleasure for us to be here.
I would ask the indulgence of those on the committee who have heard some of my comments at an earlier appearance this year. Some of it is repetitive, but I was asked to speak generally in this area, so I'll just begin.
The right to privacy is a fundamental human right. It's a very suggestive notion that has been defined very broadly and very narrowly. It's been defined simply as the right to be left alone. It has also been defined very comprehensively.
What I will speak about today is something called informational privacy or data protection. This relates to the protection of people's personal information and of an individual's right to privacy in relation to data or information about them. A very simple definition would be that an individual should have the right to control the uses of his or her personal information, the circulation of it, to whom it is disclosed, and how it is used.
This is perhaps a very simple definition of informational privacy. It's rooted in a German concept called informational self-determination. Quite simply, this just means that the individual should be able to determine the uses of his information. This couldn't be more important than in our present day of computerization and network communications. The new threats to privacy that have been introduced by these information technologies are considerable.
I'll just review a few of them very briefly to give you a sense of the breadth of the problem and why privacy, as it relates to data information, is growing in terms of importance.
In our computerized world we all leave behind us an electronic trail of different data. Any time you engage in a variety of actions with anything other than cash, you essentially leave behind a trail of information that relates to a wide variety of things.
Many of our activities, what we read, what we buy, where we go, how we shop, our purchasing patterns, our habits, our activities, who we communicate with, where we travel - all of this information is captured electronically and stored in a variety of databases. In the past this information used to be fragmented in various databases that couldn't be linked very easily. This has all changed with the growth of networks.
I'm sure you all have some familiarity with the Internet, even though you may not use it on a day-to-day basis. The Internet facilitates the linkage of all these diverse pockets of information.
Databases containing your personal information can now be very easily linked through networks. This is where one of the threats to privacy lies with respect to the information age and the communication age we live in. It is in the ability of organizations to tap into this information and to engage in the linkage of data to develop very detailed personal profiles about all of our activities.
All of the information collected by various organizations through this linkage can now be compiled and announced. It's quite comprehensive in its scope. This is one thing that has now, in my view, linked the activities of both the government and the private sector.
In the past, people used to associate the term ``surveillance'' with government alone, with the various arms of government in its ability to peer into our lives - Orwellian notions of ``Big Brother'' - government being the arm that would look into your lives. I would suggest to you that the private sector commercial enterprises have an equal ability to peer into our lives, through this ability to gather information via computers and network communications.
In fact, a new term has been developed for this. It's called ``dataveillance'', not just surveillance. Now data are used to do the watching, instead of relying on the old physical methods of surveillance such as cameras. So the term ``dataveillance'' and the notion that information can now be used in a very detrimental way to peer into your lives and truly threaten your privacy provide the background scenario.
What can we do about this? We do not wish to advance this in any way, nor do we wish to stop the clock in terms of technology. The progress and advances that have been made by technology are formidable. It would be foolish and pointless to think that we could attempt to stop these advances.
However, what we can do is enlist the use of the technology to the aid of privacy, and that's exactly what has developed. There are now new technologies called privacy-enhancing technologies. We've coined the term PETs, for short. These privacy enhancing technologies do the opposite of what these other, let's say, tracking technologies of surveillance do.
Tracking technologies gather information about individuals in a very detailed, identifiable form that permits the compilation of detailed personal profiles. Privacy-enhancing technologies, on the other hand, do the opposite. They ``anonymize'' personal information. They de-identify or remove personal identifiers from the information, and yet they preserve the value of the information.
Let me give you a very brief example. If you think of cash, that's the closest example. Cash serves as a bearer instrument and is very useful to those who have it. You go to the store, you put down cash, you buy something and the cash is accepted. No one needs to know that it was John Smith who purchased a package of condoms at the pharmacy on such and such a day. It's nobody's business that he paid for it.
In another example, let's say John Smith wants to obtain health care benefits. He lives in a province that provides health care services and he has a right to health care benefits. All the Ministry of Health in that province needs to know is that the person at the other end is a legitimate beneficiary of these services. He's a legitimate user of the health care plan in that province. So he or she is eligible to obtain health care services. That's it.
They don't need to know the name of this individual or what day he checked into this hospital to obtain services. This is an example whereby I'm trying to show that you don't need to have the personal identifiers necessarily linked with the information in order to be able to benefit.
Often what the need for identity serves is the need to authenticate that a user is eligible for a particular service, be it government benefits or being able to access my bank account through an ATM. They don't need to know my identity. They need to authenticate that I am a bona fide and legitimate user of the service or plan, or a legitimate drawer of benefits.
I've said this very briefly. I'm sure it leads to many questions.
The central concept is that there are now these technologies called privacy-enhancing technologies, or PETs for short, that serve to enhance privacy and come to its aid as opposed to detracting from privacy, as tracking technologies of the past and existing technologies have done. They serve to do the exact opposite.
This gives us great hope in the privacy community that we can now enlist technology to the aid of privacy protection, as opposed to simply viewing it as a means of threatening privacy.
When you couple these privacy-enhancing technologies or technological solutions with other very valuable ways to protect privacy, which I'm sure my colleagues will talk about, such as the need for legislation to protect privacy in the private sector and the need to educate the public and heighten awareness on the part of the public of these issues so that they can also be armed on an individual level with means by which to protect their privacy, these form the toolbox of solutions we have available to us.
In regard to technological solutions, there is a need for legislation to cover the private sector in the rest of Canada in the way Quebec has done, as our colleague will tell you. There is also a great need for public education and the heightening of public awareness of these threats to privacy.
I'll conclude my remarks on that note. I don't want to take up other people's time.
The Chair: Thank you very much, Ms Cavoukian.
You've certainly laid out a large parameter for us. In light of the fact that there is a definition of the protection of privacy in many of the UN conventions and human rights issues, and within our own Charter of Rights in Canada, we wondered how you would define it. I think you've done a nice job of that for us. Thank you for that.
Mr. Flaherty.
Mr. Flaherty: Good morning, Madam Chairman. I am very pleased to be speaking to you from Victoria, where I have the privilege to be the information and privacy commissioner.
I'm very happy to have an opportunity to speak with the committee on human rights, in particular to do so with my colleagues Ann Cavoukian and Paul-André Comeau. They are considerable experts in this field.
I have with me Pam Smith, who does research and coordination work with me at the office of the information and privacy commissioner.
I want to begin by saying how pleased I am that the committee on human rights is taking account of privacy as a value and as a human right. One of the characteristics of the Canadian approach to privacy protection has been not to emphasize that privacy is indeed a very fundamental human right.
I think it will encourage you to think, in my view, properly about privacy if you think about it as one of the fundamental human rights requiring protection in this country.
With all due respect to what Madam Chairman just said, we, in the Canadian Charter of Rights and Freedoms, in Canada do not have an explicit right to personal privacy. Privacy is not explicitly mentioned in the Canadian Charter of Rights and Freedoms.
One of my previous experiences before a parliamentary committee was with Bruce Phillips, the privacy commissioner of Canada, in 1990, arguing before the joint committee on the constitution at the time of Meech Lake about the desirability of putting the word ``privacy'' in the Canadian Charter of Rights and Freedoms.
One of the many distinctions of the province of Quebec is the fact that the Quebec charter of rights and freedoms has an explicit right to une vie privée in its Quebec charter. Quebec is also distinguished, as my colleague Mr. Comeau will no doubt tell you, by the fact that it is the only jurisdiction in North America that is regulated for privacy protection in the private sector.
The relevance of privacy as a human right is also considerably reinforced by the fact that the European Union has in its wisdom issued a directive on data protection, on privacy protection, one year ago almost exactly, which will come into effect in October 1998. I think it's very relevant to members of this committee that you appreciate that the European Union has said foreign countries cannot do business with the European Union unless you have equivalent or adequate protection for personal data that might move from your country, in this case Canada or one of its provinces, to any of the 15 member nations of the European Union.
The European Union did that because it did not want to be simply a nation of shopkeepers. It wanted to be an economic union that was also very concerned with the protection of individual rights regarding personal privacy as a fundamental human right.
I come back to the point I want to emphasize: the appropriateness of your committee taking an interest in this matter. As I can see from your study outline, which I've reviewed, having a particular interest in privacy and confidentiality, I'm going to recommend to you one or two areas that I think can be practically addressed by your committee in the next six months.
First, let me just reinforce a couple of points about privacy protection that will help situate your particular concerns for purposes of discussion. One of the things I want to emphasize is that privacy protection is not rocket science. It is not an extremely sophisticated topic. Listening to us as ``experts'' you might think it's pretty complicated, but the reality is we're talking about fairly simple notions that have been put together and encapsulated in Canadian privacy legislation going back to the first privacy act in this country in 1977.
As you probably know, the current federal Privacy Act dates from 1982, when the Access to Information Act also came into effect and around the same time the Province of Quebec introduced its privacy legislation. That has since been emulated or followed by Ontario, British Columbia and now Alberta. So all of the largest provinces now have provincial privacy acts and freedom of information acts.
I think it's important for your committee to be aware that both federally and provincially more than two-thirds of the population have privacy commissioners in place whose job it is, in my view, to act as privacy watchdogs for the population and to be sensitive to the privacy interests that are at risk in any particular innovation or piece of legislation that is introduced.
I can assure you that this week my colleagues and I will be addressing the privacy implications of the proposal for an electoral register that was apparently introduced in the House of Commons yesterday.
The basic principles of privacy protection include notions of transparency. For any kind of information system that collects and uses personal information, the public - the consumer - have a right to know. Whether it's the Royal Bank of Canada introducing a profiling system for all of its financial transactions with a customer, or the Government of Canada, in cooperation with the provinces, introducing an electoral register, the public have a right to know just how this system is going to work.
In my view, another fundamental principle of privacy protection beyond the right of the individual to control his or her information is the principle of finality. If I give my personal information to the Government of British Columbia for purposes of achieving a driver's licence, I don't consent to its being used to update my address for a federal electoral registration system. That would be one example.
At the end of the day privacy advocates like myself are involved in the balancing of competing interests. My view of our work is that we are to articulate the privacy interests for which at the end of the day it is the purpose of the legislature of British Columbia or the Parliament of Canada to make the final balance as to where privacy should weigh against another value in a democratic society.
Consent is also a very fundamental notion. I gather from a brief newspaper report I've seen this morning that the proposal for an electoral registration scheme does allow individuals to opt out of the system if they do not wish to be included in that particular method of being enumerated for a federal election.
Let me turn to my understanding of what the committee's agenda is proposed to be. Basically, I want to encourage you, as someone who worked for the Standing Committee on Justice and the Solicitor General in the mid-1980's with proposed revisions to the federal freedom of information and protection of privacy acts, to be reasonable in terms of your aspirations to work on the subject of privacy in technology.
I'm also speaking as an academic who's always tried to do more than he can reasonably accomplish and has learned to lessen the scope of what he attempts to do. That is certainly my experience as a privacy commissioner in British Columbia.
There are all kinds of privacy implications to new technology. I would encourage you to focus on two or three at most.
The most important one - and I will use that as my illustration in case I run out of time - is the whole world of genetic testing. You're well aware of the human genome project in the United States and the efforts to map the human genome. I have been reading this morning several pages of coverage on the human genome project in The Economist of September 14, 1996.
It is an area of considerable concern to privacy advocates and to the general public, not only because of the mapping of the human genome but also because of the prospect of genetic testing, where you will find out what your predisposition is to Huntington's disease, for example, or, to use some of the popular media reports, to alcoholism or obesity or whatever. I have to emphasize there's considerable hype associated with genetic testing.
You may be sitting there thinking why aren't you as a privacy commissioner in British Columbia or Quebec or Ontario working on genetic testing. The reality of our lives in Canada as privacy protection officials is that we're understaffed. We don't have the research capacity to re-devote the kind of attention your committee could to this cutting-edge issue.
I would strongly encourage you to take a look at the implications of genetic testing in the workplace for workers. It is an issue that affects not only governments but also the private sector, because insurance companies will have considerable interest in the results of genetic testing. It raises issues of consent when family members may have a propensity to a disease; one wishes to be tested and another doesn't.
Genetic testing is an area where there's an enormous secondary literature your staff can take account of. We also have in Michael Hayden, of the University of British Columbia medical school, a famous geneticist, someone who's on a world-class basis. We have Eugene Oscapella in Ottawa, a consultant to the privacy commissioner of Canada, with a knowledge of genetic testing. As we saw at Bruce Phillips' international privacy conference in Ottawa in September, we have Professor Bartha Knoppers, of the Université de Montréal, who is a world-wide expert on the ethical and legal implications of genetic testing and of genetics generally.
There are two other areas that concern me greatly as a privacy advocate and privacy commissioner. One is drug and alcohol testing. My office is about to release a specific report on drug testing in the workplace, particularly as it affects jockeys and owners of horses in British Columbia. We will be addressing some of the broader implications of drug testing.
Most of you will be aware, given your human rights jurisdiction, of a very important recent human rights decision by a tribunal chaired by my colleague, Professor Constance Blackhouse of the faculty of law at the University of Western Ontario, on drug testing by, I think, Imperial Oil, the gasoline company.
The final issue you might want to take a look at, although I would be inclined to encourage you strongly to focus on one or two issues such as genetic testing, is the issue of surveillance cameras in the workplace or in public places. It's an issue I'm very sensitive to in British Columbia.
I was also in England last week. I'm delighted to say we have yet to achieve in Canada a society in which there are surveillance cameras on most of the streets and in most public places as there are in London. That's an example, in my view, of a technology in search of an application - something I'm not very enthusiastic about, unless the case for the threat to private property and to the physical persons of individuals is so great that we require that kind of protection.
I see situations in hospitals and jails in British Columbia or in social service offices where it's appropriate to have physical surveillance cameras in operation to protect the staff in particular or to protect things like cars from being stolen from public parking lots. I'm very concerned to head off at the pass the notion of placing surveillance cameras on roads and streets in downtown Vancouver because there was a Stanley Cup riot there some time ago.
I would encourage you, as you consider your choice of topics for your work, to avoid simply chasing the latest horror stories and some of the hype about technology. It seemed to be symbolic this morning that it took about 45 minutes for this video conference technology to be set up for us to be able to communicate with one another.
Most of the promises of technology are much more grandiose than their current achievements. It might be very useful in the area of genetic testing for you and your colleagues to take a look at what the prospective threats are to human rights, including privacy, from genetic testing or drug testing, and to measure that against the realities by bringing in the private sector and other proponents of genetic testing and drug testing to see what they're actually about.
I can assure you that I and my office will be very happy to cooperate with your professional staff and with members of the committee in anything you wish to undertake. Thank you for the opportunity to speak to you.
The Chair: Thank you very much, Mr. Flaherty. Do you want to take advantage of three more minutes now, or would you like to hold it for later, either to respond to Ms Cavoukian or to wait for our own interveners?
Mr. Flaherty: I can assure you, Madam Chairman, that Ms Cavoukian and Mr. Comeau and I have the advantage of probably singing from the same hymn book, so I don't think we're going to be very busy rebutting one another.
The Chair: It wasn't a matter of rebuttal I was thinking of primarily. It was a matter of taking advantage of elaborating on a particular issue, but we'll leave it at that.
I do want to reassure you that I did know the difference between the privacy that was covered in the Universal Declaration of Human Rights, as we're going to be planning for its 50th anniversary, and that which is recognized under the covenant on civil and political rights versus what's in the Canadian charter, section 7, with life, liberty and the security of the person, and also section 8.
Now I'd like to move to
[Translation]
Mr. Paul-André Comeau, in Brussels.
Mr. Comeau, please.
Mr. Comeau: Madam Chair, members of the committee, thank you for having invited me to join my colleagues, Ms Cavoukian and Mr. David Flaherty. This is an important issue and it is also an honour for me to be here. I would also like to congratulate the members of the committee on having decided to consider the impact of information technology on privacy.
This is a very important issue and I think that you have understood this in listening to previous presentations. It is also a topic that is very worthy of your attention, especially given that the federal Minister of Justice, Mr. Allan Rock, has just announced the government's decision to table a bill in the House on the protection of confidential information and privacy in the private sector. This is a fundamental step, but your work is also extremely important given how seductive these new technologies are.
Everyone is vulnerable to their power and fascination. A new gap is becoming apparent between generations that understand and use these new technologies and those who have remained excluded or who prefer to keep their distance. Obviously I will focus on Quebec's very original experience in the protection of confidential information within the private sector.
Allow me to say that we have had legislation in effect in Quebec since January 1994, therefore for almost three years, and the earth still continues to turn in Quebec. Businesses have not gone bankrupt, at least they haven't done so because of this legislation. I am saying this to encourage the government and the House of Commons to speed up the adoption of this legislation for the private sector.
I'm not going to talk about theory nor am I going to repeat what my colleague just said moments ago. I would like to use two examples to illustrate the role that technology can play in the protection of privacy and also the threats that technological tools or technological gadgets pose to everyone. I will use two examples that the Commission d'accès à l'information du Québec was involved in order to better illustrate the relationship that exists between the threat to privacy and these technologies.
The first tool that I would like to draw your attention to is the microcircuit card, or smart card as it is commonly called. This card was used in an experiment in the area of Rimouski, that ended 15 months ago. Three years of preparation were required for this experiment and it took place over two years.
The experiment was launched by the Régie de l'assurance-maladie du Québec with the collaboration of researchers from Laval University and practitioners in the area, which is 300 kilometers east of Quebec City, on the St. Lawrence.
The experiment took place thanks to the collaboration of approximately 7,500 people in the Rimouski area, the majority of these being people of more than 60 years of age, pregnant women and babies under 18 months of age.
Thus, on the one hand, there were those directly participating in the experiment and on the other, there were those using the tools put at their disposal, that is, approximately 90 doctors and specialists, pharmacists, nurses, and, of course, ambulance attendants.
Let's talk about the smart card. The chip on the card was divided into five discrete zones, separate from each other, and contained administrative information, emergency information, the vaccination history, medical records and medical information on the person, in other words, a summary of the medical record of that person.
This was, therefore, especially in terms of medical information, extremely sensitive information that could contain personal and family history as well as test results or medical diagnoses.
This type of technology obviously raises important questions: can you imagine who could have access to this information? Could, for example, indiscreet eyes see that information, with obviously very serious consequences? For example, what if voluntary pregnancy termination, abortion, was included on the chip and this became known elsewhere? It doesn't take much imagination to foresee the problems this would cause.
The problem of access to information is a fundamental one. Obviously, those who have the right to read the card are first and foremost the owners of the card. That has been the law in Quebec and in some other Canadian provinces for a quarter of a century: medical records are available to their owners. That is not the problem.
Obviously, access to one or more of those five zones that I mentioned a few moments ago depends on the need to know of the person consulting the card.
For example, the receptionist at a hospital obviously only has access to administrative data. However, a doctor may consult all the data. Therefore, rights of access are dependent on the professional capacity of the doctor or the ambulance attendant, and also on the need to know.
These are the basic principles on which our experiment was based, using volunteers.
The Commission d'accès à l'information du Québec was involved from the outset, at the Quebec government's request. We were therefore able to follow this experience and to directly assess the impact of the use of this technology on the privacy of individuals.
We carried out what Americans have called a technology assessment which I think is fundamental. We did this using the criteria of the Quebec legislation and we also used techniques that are commonly used in this field.
We carried out observations, surveys, interviews, and, through specialized companies, we used focus groups, in order to better assess the impact of this technology on individuals, and also the reactions of these individuals to this technology.
At the end of the experiment, we drafted an opinion that was submitted to the government and to the Régie de l'assurance-maladie du Québec.
Obviously we noted that the use of this instrument was very safe and we now have a certain number of hypotheses that have allowed us to foresee other uses for this smart card, which is probably one of the best and the safest tools currently available.
For example, the smart card has been used in France in banking for almost five years. It could also be used for driver's licenses, access cards for government services, etc. There's a whole range of uses.
The Rimouski experiment provided us with guidelines or parameters that will be useful when other uses are made of this technique.
I would like to briefly talk about another experiment that has just started and that is telemedicine. Telemedicine links hospitals on different continents or within a country and can be used for consultations, making diagnoses, of course, prescribing care through dialogue between health professionals and electronic exchange of documents, for example, medical records of the person concerned, tests, X-rays, etc.
This experiment has been running for a few months and has been broadened to include France. Centres in Quebec and France have been linked up to test the use of telemedicine in a very concrete way.
As you can see, using telemedicine to treat people raises a number of very concrete problems.
First, there is the question of information, tests and X-rays being sent along the circuits. Very important criteria have to be used.
Second, there is also the issue of the means of transmission. Can simple telephone lines be used to transmit psychiatric information, for example?
There is also the issue of encryption, which is a major problem, as we saw in the United States during vice-president Gore's first hearings on the information highway. As you know, Americans are opposed to encryption, whereas most other countries, including Canada, have quite a different approach.
So the second issue is the transmission of this information.
Thirdly, and finally, who has the right to receive and use this information?
This may appear to be a trivial problem at first glance, but the consequences can be very serious. When this information is transmitted by computer or even by satellite, can the information be preserved? How? What precautions have to be taken? There are a whole series of questions that have to be answered as quickly as possible.
Thus we have begun this work. We are drafting our work plan and we hope to be able to go further and to come up with observations and guidelines regarding telemedicine and all forms of information transmission. This technology assessment is based on caution and common sense.
I will end by saying two things. First, I would advise the members of your committee to encourage the use of pilot projects rather than allow the general use or large scale implementation of new technology. Second, it is necessary, and this is where your committee can act, that ordinary people and the representatives of ordinary people, yourselves, be very vigilant about the use of these technologies in public services, and also in many other areas.
Beyond legal considerations and lofty principles, I believe that caution and wisdom are the starting points for any privacy protection measure.
Thank you, Madam Chair.
The Chair: Thank you very much, Mr. Comeau. I will ask Mr. Bernier to ask the first questions.
Mr. Bernier: First of all, I would like to welcome Ms Cavoukian and Mr. Comeau. Earlier it was announced that my colleague, Mr. Ménard, would be asking the first question, but he had to leave and he wanted to make sure that I passed on his regards to Mr. Comeau in particular.
I would like to thank you for appearing before us and for the very pertinent information that you have just provided to us. I have two questions for either one of our experts.
First of all, have you given any thought to the cooperation that exists between government levels regarding the need to legislate? Of course, I am referring to the provincial and federal levels. Is there any complementarity that is absolutely obvious and necessary? Can or must the two levels of government, or other levels for that matter, legislate?
I would like to hear what you have to say on this matter. If there is complementarity, what areas should the federal government be focusing on and what areas should the provincial governments be focusing on?
Secondly, what means would you suggest we could use to reassure ordinary citizens about the confidentiality of the information that can be obtained about them? In other words, how can we find out what private companies or governments know about us and what can we do to ensure that this information is being used properly?
I would like to hear what you have to say about these two questions. Thank you.
Mr. Comeau: Madam Chair, I will try to answer the two questions raised by the member.
You raised the issue of cooperation between the levels of government in Canada. This is a topical problem since the federal government has just announced its intention to legislate in the private sector.
One thing is clear, and I think it practically is staring you in the face. Because of the headway made by Quebec in this field, for all kinds of reasons that have nothing to do with audacity or imagination, but which exists for all intents and purposes, it would be unfortunate if we were to establish, in Canada, two levels of privacy protection: one being stringent, the other less so.
I think that we must draw a lesson from what occurred two and a half years ago. Many Canadians and multinational businesses in Quebec took steps to ensure that they complied with the new legislation and they told all of their clients throughout Canada about the way that personal information had to be handled in Quebec.
It seems to me that the ground rules were already laid by the private sector, by the businesses, and I don't see how we could, two years down the road, challenge the ground rules which an impressive number of businesses and multinationals did not hesitate to embrace.
Cooperation is essential. I know that discussions are currently underway between the federal Department of Justice and provincial Departments of Justice where there is already a public sector law, but also with departments of other provinces where no law exists.
I think that harmonization is being achieved, however, in my opinion, it must be done on an empirical basis, bearing in mind what has been established and what business feels is valid for all Canadian citizens.
This is my answer to Mr. Bernier's first question.
The second question is much more difficult and complex. How do we give the citizens confidence? What can we do in concrete terms? You have raised an issue which has already been dealt with, primarily through many polls.
Curiously, although private information is protected in the public sector, the federal government and in several Canadian provinces, Canadians are very suspicious about the way governments protect personal information. They are more suspicious of a government than they are of private enterprise. We see this conclusion constantly, and it is one that becomes further entrenched with each poll on the topic. Canadians, therefore, do not have a great deal of confidence in the way that the various levels of government deal with their information.
What can we do to reassure them? First of all, the action you have taken will obviously make people more aware of the problem. Privacy becomes a problem when there is an intrusion, but as long as there is no problem, no one worries about it. But all it takes is for certain facts about their conduct, health or wallet to be made public, and everyone suddenly gets concerned.
I think that we should run more education campaigns. In Quebec, for example, since the private sector legislation came into effect, we have increased our dealings with consumer groups and businesses to help them provide for and implement provisions to avoid problems.
In other words, we have adopted a preventive approach, we are providing advice. I believe this is the line that my colleagues from other provinces are taking.
The Chair: Thank you. Does anyone else have any comments to make in answer toMr. Bernier's question?
[English]
Mr. Flaherty: I would be happy to say a few words.
The Chair: Please go ahead.
Mr. Flaherty: I think the state of cooperation between the provincial and federal levels on privacy or data protection is going quite well. I will use as my example the Industry Canada task force on the information highway. It consulted widely with privacy commissioners. We lobbied with it, and the resulting report more than a year ago from the task force on the information highway said that privacy should be taken very seriously. It said there needed to be a joint federal-provincial initiative for privacy protection in the private sector.
The Minister of Justice, Allan Rock, announced about a month ago that the federal government intends to legislate for the federally regulated private sector by the year 2000. That would cover banks, telecommunications and transportation companies.
I can assure you, as the privacy commissioner for British Columbia, that I am encouraging the provincial government - in fact, I have a meeting on the matter this afternoon - to begin to take steps to regulate our private sector for purposes of privacy protection, particularly because of the European directive and the importance of privacy as a human right.
I would like to point out to some of your members from Atlantic Canada, by the way - and I happen to be a fifth-generation New Brunswicker - that I am very concerned as a Canadian with the existence of data havens in the Atlantic provinces. None of them has even the beginnings, except perhaps in Nova Scotia, of adequate privacy protection, never mind in the private sector, but also in the public sector.
I'm particularly disappointed in the Province of New Brunswick, if I may be so bold as to say so, as an academic. That province has been promoting the information highway, but has been doing nothing for privacy protection in either the public or private sectors.
Another related point that demonstrates good cooperation, in this instance between the public and private sectors and the federal government and the provinces, is the fact that Canada is now distinguished by having a private sector code called the Canadian Standards Association's model privacy code. It has been in the public domain since last April.
All of us are now encouraging various components of the private sector to adopt this as a form of self-regulation, preliminary to any kind of federal or provincial legislation for privacy protection.
I am strongly encouraging the banks, credit unions and credit companies, which are more in the private than public sector, to adopt the Canadian Standards Association's model privacy code. It is certainly the model for any legislation that I would encourage the Government of British Columbia to adopt.
On the issue of the involvement of ordinary citizens in this debate over privacy, I concur with what my colleague Monsieur Comeau has said about the fact that the existing privacy surveys in Canada demonstrate considerable concern about the preservation of their privacy by all segments of the Canadian population, including members of Parliament.
However, I am always forced to end media involvements in British Columbia by saying, at the end of the day, that it is up to the individual citizens, the residents of our society, province, or country to be their own privacy commissioner. They must be sensitive to the information they divulge about themselves. They must be aware, for example, of the implications to their personal privacy of using the Internet or other online services. Because of the absence of any regulation of the private sector, except in Quebec, we are really dependent on ourselves to be conscious of the privacy risks and to be responsive to them as much as we can.
I would also like to emphasize, in terms of protecting individual members of the public, the importance of encouraging transparency in the private sector with respect to new technologies.
I regret to say it is very difficult to persuade the major banks, for example, to be as open as I think they should be with respect to new profiling systems they have for all of the commercial and financial transactions their clients have with them.
There appears to be, in North America particularly, an extreme reluctance on the part of the private sector to tell us what their technology is capable of doing with respect to privacy and what privacy protection measures they have put in place to try to anticipate these problems.
In contrast, I've heard that some of the great multinationals, including American Express, Citibank, MasterCard and Visa, have, within the last two weeks in Washington, D.C., gone quite a way to talk about what they are doing to encourage consumer trust and confidence in being able to entrust personal information to these multinationals in a very protected way.
I regret to say I've yet to see a similar transparency and openness from much of the Canadian private sector, particularly from individual companies that already have global operations and that, I might remind you, already live with privacy and data protection measures when they do business in countries like Sweden, France, the United Kingdom and New Zealand.
I would also like to emphasize the point Ann Cavoukian made, that the resources of our privacy protection offices, for purposes of educating the general public, are extremely weak.
The Canadian privacy commissioner has always made the point that he doesn't have a budget for this purpose. We're really dependent on members of Parliament, journalists, and the media to carry the message of threats to personal privacy that exist and of what kinds of things can be done to ensure a higher protection for personal privacy, especially in the private sector, than what currently exists.
Those are my responses to the two questions.
The Chair: Thank you.
Ann Cavoukian.
Ms Cavoukian: I didn't hear the question. My system blanked out for about five minutes, but I think I have the gist of it from hearing Mr. Flaherty's and Mr. Comeau's comments.
In terms of things that can be done, as you can see, the issue of privacy is very important to consumers in terms of Mr. Comeau's references to the consumer polls that have been done and the concern expressed on the part of consumers. The problem is that they don't have an awareness of what they can do about these issues or what the real threats are.
Until you know what precisely the problem is, you can't think of ways in which to address it. One of the reasons that doesn't happen is because we are limited in our resources in terms of public education, although I think we do our best. If you as a committee or your members could raise the consciousness of the privacy issue, I think it would bring us forward by great strides, because I think a large part of it is heightening the awareness of this issue, the word ``privacy'' and protection of it, in the minds of the public.
Once you do that, then we and you and other groups can arm the citizens of this country with the things they can do on a daily basis in terms of taking personal responsibility for the protection of their privacy to the extent they can. It can be as simple as knowing that whenever someone asks for information from you, or when you are required to complete a form, you do not have to answer all the information they have asked of you.
When you fill out a product warranty card for a microwave you bought, think to yourself about how it is relevant. How is my date of birth, my occupation, my marital status, what I do during the day, all these questions, relevant to obtaining a warranty for an electronic product? They are not. Product warranty cards are one of the most popular means of obtaining marketing information. This is a very simple piece of information to impart to the public. If we did just that and advised them that they don't have to fill out everything that is asked....
They should look for something called an opt-out box on a form. What is that? Very simply, it's something that says, okay, I do want to give this information to this particular organization that I'm doing business with - let's say I'm obtaining a bank loan, so I have to give the bank information - but I don't want you, the bank, to share this information with or sell it to anyone else for marketing purposes - other banks, other organizations, marketing companies, direct marketers. I only want you to use it for the purposes of this particular transaction.
That would restrict what is called the secondary uses of personal information to which you have not consented. It would restrict it enormously. These are very simple, limited means by which each individual can be empowered to protect their privacy in a considerable way. We have to do a great deal beyond that, of course, but at least an awareness of these issues and some simple techniques as to what the individual can do at a personal level I think would really elevate this discussion.
In terms of the private sector and businesses, in addition to the CSA code Mr. Flaherty referred to, we could, by elevating the consciousness of privacy, the awareness of the issues, also bring to the attention of businesses that it is to their advantage to protect the privacy of their customers. It is to their advantage to have the most accurate information in their possession, in their dealings with their customers, and also to respect the wishes of their customers to protect this information - it is their wish this information not be shared with any other companies or organizations - and that this opportunity be given to the customer and then those wishes respected. This will give those businesses a competitive edge over the others.
So if you add that as a business it it makes good business sense also to protect privacy, you address the market forces in terms of the consumer privacy issues, and I think those are both very important.
The Chair: Thank you very much.
Questions go to you, Mr. Scott.
Mr. Scott: Thank you very much, Madam Chair.
I'd like to assure Mr. Flaherty that there are many New Brunswickers who are equally concerned about the unqualified love affair between the provincial government in New Brunswick and the information highway and all of the implications of that relationship. Specifically, I'll be hosting the third public forum on the human rights implications of technology on November 22 in Fredericton, and I'm trying very much to bring public attention to at least perhaps finding where the brakes are in the car, if not applying them just yet.
My questions, very specifically to Madam Cavoukian, are around whether or not the focus of our attention should be on the supply side or the demand side - if I may use these terms - in terms of this information. I took it from her original statement that perhaps what we need to do is focus on those kinds of technologies that would allow us to in fact de-link member from membership such that if I'm entitled to something by virtue of my membership, who I am as a member shouldn't be of any interest.
At the same time she referred, in her most recent intervention, to the selling of lists, which seems to be on the other end of the equation. Is there not an opportunity for us, for instance, to simply be more vigilant in terms of enforcing restrictions on the profitability of the sale of this information, which seems to be something that might be somewhat manageable?
How much responsibility will it require individuals to assume in order to themselves guard, in a self-managed way, the information they make available? The reason I ask the question is it would seem to me that this then gives us direction as to what extent this is a legislative as against a public relations kind of challenge we face.
Finally, I have a question - I'm not sure the chair is going to handle all of this - forMr. Comeau. He was speaking of the exchange of distance information around telemedicine. I'm aware of the fact that we do a great deal of, and are doing very rapidly more and more, telemedicine things, particularly in the remote parts of northern Canada. Have we learned anything in that exercise that would help us figure out how to restrict the unintended use of that information?
My questions are primarily directed to Madam Cavoukian. Thank you.
Ms Cavoukian: Thank you very much.
I would begin answering your questions by saying I'm a realist and I keep my feet firmly entrenched in the here and now. The here and now requires that we place some controls on what is taking place today in terms of the routine selling of mailing lists in identifiable form.
The direct marketing industry in this country alone, in Canada, generates revenues of something like $10.1 billion a year. In the United States it's over $75 billion a year. These are formidable forces against which we have to compete perhaps in our wish to protect privacy, and these practices are taking place right now.
What I suggest to people I come into contact with, in terms of the here and now, in terms of what they can do, is that, yes, they can do something to at least try to contain the sale of their personal information in terms of forms they fill out. It's very important they be cognizant of what they can do in terms of saying ``I do not want you to sell my information or share it with any others, I just want you to use it for that purpose''. I do that myself, as you can imagine, on a routine basis and it's very effective. They can also call or write to the Canadian Direct Marketing Association and have their name and address put on a ``do not mail'' list. These are the little things individuals can do that advance the cause somewhat.
Let there be no question that this is never in place of legislation. That is critical in this area in terms of regulating the private sector. I think these are empowering techniques individuals can use on a day-to-day basis that do advance the protection of their information considerably, but it is by no means a solution across the board. I think the only long-term solution is to legislate businesses in the private sector to have some compliance with the rules that protect information in terms of fair information practices.
That's the present-day scenario. I was talking about technologies that protect privacy, and you describe it very accurately in terms of separating the identity from the actual information relating to their membership or their eligibility for a use or service.
We are in the pioneering days of these technologies. It's a very exciting time. They are just being developed now. They exist - I can point you to a few of them - but it is just beginning. Awareness of these technologies is very limited, even on the part of the information technology community. So this is where we want to go, and we're just starting.
These are very advanced systems. We have to educate people on the existence of these, both on the supply and demand sides. We have to educate people on how they can benefit both individuals and businesses and meet the needs of both parties.
So I see that more as something we grow into as people develop an awareness of them and as the technologies grow. In terms of the here and now, and what we can do in addition to individuals protecting their privacy through some of the means I suggested, you have to think long term in terms of the legislation.
Don't forget the Internet. People are beginning to leap onto the Internet and the World Wide Web. They have no understanding. They are clueless about how much of their personal information is given away every time they go to the World Wide Web and access someone's home page.
You leave a quick stream behind you of all the sites you've visited. If you don't want people to know that you've visited those sites, then you have to take certain measures. You have to know what happens when you take part in an Internet relay chat group or a news group - that information is far from private. Just educating people about these little pieces of information would go a long way.
The Chair: I know Andy wants to go back to get the balance of your answers, but I think we're going to have to think about the empowering techniques for personal privacy and draft some kind of a householder that we could send out.
Perhaps we'll get some of you to put some input into that householder, as every member of Parliament has the right of access to people's homes with information. Then it's up to the householder to read it if they wish.
You asked Monsieur Comeau a question about what we've learned and what we're learning, and I'd like to add to that. Are there any copyright implications with respect to the films that travel? You alluded to that in the exciting work that you were doing in Rimouski and then in the Quebec-France experience. I wonder if you could build on your answer to Mr. Scott's question with respect to privacy controls in that regard.
[Translation]
Mr. Comeau: Obviously, Mr. Scott's question is extremely important in view of what has occurred over the past two or three years in New Brunswick. Let's take, for instance, the case of the phone-in pharmacies that were set up to respond to the real needs of the people. These were based on a model which has been in use in the United States for some time now. Extremely sensitive information about an individual's prescription and, consequently, about an individual's state of health about his or her illness, is sent over an ordinary telephone line. We must realize that this information is extremely sensitive, and it also is of commercial value.
On this subject, I would like to bring you back in time a bit, to the days of the Krever Commission in the early 80's in Ontario. Because of the Krever Commission, we discovered how some businesses, particularly insurance companies, sold medical information obtained in various ways. Therefore, we must give careful thought about the danger of allowing such information to circulate openly.
Earlier Ms Cavoukian touched upon an important issue to which I would like to add something, and I will answer Mr. Scott's question about the way computer whiz kids have already managed to use the wonders of the Internet to their own advantage and for other purposes as well. We now know that many companies doing business on the Internet are recommending that their clients do not confirm orders or purchases through the Internet and, above all, that they never transmit their credit card number via the Internet, because we know that some whiz somewhere has invented software enabling him to intercept, on the Internet, anything resembling the three sequences of our credit card numbers.
Take a look at your credit card. There are indeed three sequences of numbers, and these numbers can be intercepted and then marketed illegally, with all the consequences that such action may entail.
Consequently, the open transmission of medication and prescriptions constitutes a major problem. Accordingly, to begin with, our thinking must not be in terms of the legal or ethical issues, but should focus instead on purely security related matters. How can we provide medical consultation, purchase drugs or prescribed medicine over the phone in a more secure fashion? There is, of course, a whole range of basic steps that must be taken to do this. Unfortunately, these steps have not been taken and, as a result, we are going to have problems, serious problems.
I repeat, the members of your committee must bear in mind the discoveries made by the first Krever Commission, otherwise science fiction may become a reality.
I do not know if I have answered Mr. Scott's question clearly, but it seems to me that the problem is obvious. To begin with, this is a matter of computer security, security which, for the time being, is not being provided based on what we know.
[English]
The Chair: Have all of your questions been answered?
[Translation]
Yes, Mr. Bernier.
[English]
Before you go ahead, I just want to advise the panel of witnesses and our own members that we have seven minutes left.
In the course of Monsieur Bernier's last question, I wonder if you would keep in mind a couple of questions I would like to ask you. Is there more to protecting privacy than simply protecting people's personal information? If so, what are the other aspects of personal privacy that need to be safeguarded?
I believe you started to answer that for us, Mr. Comeau, and I would like a further explanation for our own committee's evaluation of where we want to go from here.
[Translation]
Mr. Bernier.
Mr. Bernier: I would like to go back to the recommendations made by Mr. Flaherty in his introduction. I retained three things in particular: the question of genetic testing, particularly in the workplace, the question with respect to tests to know our consumer drug or medication habits, once again this applies particularly in the workplace, and all the questions with respect to surveillance cameras in public places.
If I understood correctly, Mr. Flaherty believes that the Committee or the federal government should view these issues as priorities. If I misunderstood, I would like him to clarify the matter. I would also like to know whether or not Mr. Comeau and Ms Cavoukian view these issues as priorities and whether or not there are any other matters that you would like us to focus on in particular. Thank you.
Mr. Flaherty: Mr. Bernier, you understood very well what I consider to be the main priorities. I will speak in English, if I may.
[English]
You've understood me exactly. I think those are the three important priorities. But I think you can see from the kind of discussion we've had for the last half hour just how wide ranging privacy issues are. If the committee is not careful, you'll be all over the lot of human existence.
I would primarily like to touch on data protection issues, on informational privacy issues, asMs Cavoukian called them. We already have privacy commissioners, federally and provincially, dealing with many of these same things.
I think the issues I've outlined for you are ones we're already concerned with, but I don't think we currently have the intellectual or personal resources to do an adequate job of addressing the privacy implications of genetic testing, of the proliferation of surveillance cameras in public and private places, and of the risk of an enhanced use and reliance on drug and alcohol testing.
I should emphasize that in all of those cases I am not a Luddite. I am not opposed to the introduction of these technologies. I want to see them used in a controlled condition with considerable sensitivity to the human rights aspects of their use, which is a matter of direct concern, I would hope, to your committee.
The Chair: I would like to ask you whether or not the remarks and the observations ofMr. Comeau with respect to the information on drugs and drugs usage and medical information, as raised during Krever's first commission, and how these are used to promote, advertise and impact on the health service of our country - and I think the question was implicit in some of the things Andy Scott was saying - would not be another area that would fall somewhat within the description of the three areas in which you suggest we look.
Mr. Flaherty: Madam Chairman, I agree with what you're saying. At the same time, my problem now is that everything I say is coming to me as an echo, which is another piece of evidence of the glories of technology.
As the privacy commission for British Columbia, working with our Ministry of Health, we already have quite a good run on the issue of drugs and drug information being used for marketing purposes. In fact, I'm pleased to say that the Province of British Columbia has the first privacy code in place for pharmacists in the province to accompany this Pharmanet prescription profile system, which, as privacy commissioner, I'm not as enthusiastic about, but which the legislature in its wisdom decided to introduce. Each time any of us gets a prescription at any of 800 community pharmacies in this province our prescription profile is available to the pharmacist, under controlled conditions, to make sure we don't use contraindicated drugs and so forth. In order to have that system in place the College of Pharmacists, the Ministry of Health and the government agreed to develop a privacy code for pharmacists.
So the point you've raised, Madam Chairman, is one that from a British Columbia perspective, at least, we have reasonably well in hand. I obviously am making a plea to you to help me, as the privacy commissioner for British Columbia, on certain issues where I don't feel I have adequate resources to address the problems, particularly from a human rights perspective.
The Chair: I thank you very much for your observations. You have been enormously helpful, all three of you.
I would like to know if we could have a couple of wrap-up remarks from our other two witnesses. I really want to hear if there's an area of priority for them that includes or excludes anything that has been said by Mr. Flaherty.
[Translation]
Mr. Comeau: I would like to say a word in answer to your question which has not really been answered. Obviously, there are some copyright problems, some authentification problems and some signature problems for the information network that must also be resolved. This is a given.
But I would like to draw your attention to what you also implied. It is dangerous and, at any rate, it could be very harmful for Canadians to see a debate focusing solely on the commercial value of information pertaining to privacy. Of course, this information does have a commercial value, but it is first and foremost a question of basic rights. The privacy of individuals, of the citizens of this country, the personal information that defines this privacy has no value. The value of such information is as deemed by the individual and also as is deemed by law.
Therein lies the danger, and this is perhaps the slippery slope we are lured into by the new technologies in their attempt at putting a dollar figure to each piece of information. I hope that your committee will avoid the current pitfall of trying to establish the commercial value of every piece of personal information.
The Chairman: I find these comments particularly useful because I was very fearful that we would slide down this slope.
Ms Cavoukian, have you something to add in conclusion?
[English]
Ms Cavoukian: Yes, thank you very much. I'd like to add that there's one other area I would suggest you extend your focus to - that is, the issues related to the information highway in terms of the Information Highway Advisory Council and the recommendations that came out of that.
But I would extend that a little further. In the next few years you're going to see such a proliferation of electronic commerce on the Internet and through networks communication. I think this is going to significantly change the face of the kind of profiling we have been witnessing to date through direct marketing schemes. I think it's going to put that to shame and elevate it to heights we have not seen before. It will also elevate the enormous threats to privacy in terms of maintaining any ability to contain our information and restrict access to it.
I don't know that we'll be able to do that without putting a huge focus on it right now. Electronic commerce has been waiting in the wings to develop secure techniques in which to engage in electronic shopping and exchange of business and trade, etc. You will see these in the next year growing by leaps and bounds. This includes electronic banking and a number of other private sector ventures. As well, governments are going to be offering services through the information highway counterpart, the Internet and so on.
If you don't have the protections in place, or at least a consciousness on the part of the public taking part in these, then I think you can kiss privacy goodbye in the next century. We are at the critical point right now, the crossroads, in terms of what's going to happen to our personal information. I think market forces are going to converge in terms of accessing our information in a continually detailed manner. The notion of surveillance/``dataveillance'' through these means is, I think, going to grow.
So if you could also include this as an area to focus on it would be very important. You're going to see a disintegration of the boundaries between public and private sector and what is regulated by the public sector laws right now, because, as you've heard, the Internet doesn't know any boundaries. It doesn't know what country it's engaging with. It's out there, and I think it deserves our attention.
The Chair: Thank you very much. I wonder if I could ask all three of the witnesses today if there are any additional pieces of information you feel we must put into the hopper or should consider. I'd appreciate anything in written form that you might want to send.
Mr. Comeau, I wonder if any of the information you have found with respect to smart cards, or swipe cards, an area some of us have expressed an interest in.... Out of the Rimouski experience is there something we can learn? Is there any written information in that regard? With respect to the fact that we're doing a lot of assessing with our aboriginal peoples in the north and with hospital expertise being shared around our country, is there anything further we should know that needs protection, from a privacy perspective, for the integrity of the individual with respect to their human rights?
I want to thank all of you very much for your participation. This was our first experience. I hope it hasn't been too horrendous for you and not too trying for the committee.
I want to thank my colleagues.
[Translation]
I thank you all very sincerely.
[English]
The meeting is adjourned.