The committee met at 1:01 p.m.

[M. Elmore in the chair.]

M. Elmore (Chair): Good afternoon. I’d like to welcome everyone participating and listening today. My name is Mable Elmore. I’m the MLA for Vancouver-Kensington and Chair of the Special Committee to Review the Personal Information Protection Act, also known as PIPA.

I’m pleased to be joining you from the traditional territory of the Musqueam, Squamish and Tsleil-Waututh Nations.

We are an all-parliamentary committee of the Legislative Assembly with a mandate to review the Personal Information Protection Act. In support of this, the committee is holding public hearings to gather input from British Columbians.

In addition to the public hearings, the committee is also inviting British Columbians to send us their thoughts in writing before July 30. All the information we receive will be carefully considered as we prepare our report to the Legislative Assembly, which will be released in December this year.

I encourage everyone who’s interested in the consultation, or who wants to learn more about the work of the committee, to visit our website at www.leg.bc.ca/cmt/pipa.

In terms of our meeting format and introductions today, we are planning to hear from five presenters. I’ll now ask the members of the committee to introduce themselves, and I’m going to hand it off to our very capable vice-Chair, Dan Ashton, and then Dan will hand it off to someone else, and we will continue the introduction of members of the committee.

Dan, take it away.

D. Ashton (Deputy Chair): It’s an honour to work with not only my peers in the Legislature but also the incredible staff.

Gentlemen, thank you very much for being here today.

I’m fortunate. I represent the area from Penticton to Peachland. I’ll go in chronological order. I’ll go across the screen.

Kelly, I’ll pass it over to you and let you pass it on to the next one. We’ll do it in order.

K. Greene: My name is Kelly Greene. My pronouns are she/her. I am in Richmond-Steveston

This is the traditional, unceded territory of the Mus­queam First Nation.

A. Wilkinson: I’m Andrew Wilkinson. I represent Vancouver-Quilchena, which is just east of UBC in Vancouver.

M. Elmore (Chair): Terrific. Assisting the committee today are Susan Sourial, Lisa Hill, Jesse Gordon and Mai Nguyen from the Parliamentary Committees Office, and Amanda Heffelfinger from Hansard Services is also here to record the proceedings.

Now the introduction for our first presenter. Our first presenters today are Daniel Therrien, who’s the Privacy Commissioner of Canada, and Brent Homan, who is the deputy commissioner, compliance sector.

Daniel and Brent, we greatly appreciate you taking the time to join us today to share your expertise and knowledge. You have up to 25 minutes for your presentation. Hansard Services has provided a timer, which will be visible on your screen if you use gallery view. Please begin when you’re ready. After you conclude your presentation, we’ll have questions from committee members.

Please go ahead with your presentation.

D. Therrien: Thank you, Madam Chair.

[1:05 p.m.]

M. Elmore (Chair): Sorry, I’ve just been corrected by our vice-Chair, Dan Ashton. We have two other committee members who were waiting to join us. I’ll just mention them: Garry Begg, the MLA for Surrey-Guildford, and also Adam Olsen, the MLA for Saanich North and the Islands. Once they arrive, they’ll be added to our presen­tation.

Go ahead with your presentation.

Presentations on
Personal Information Protection Act

OFFICE OF THE PRIVACY
COMMISSIONER OF CANADA

D. Therrien: Thank you again, Madam Chair, and members of the committee for the invitation to speak with you today. As mentioned, I am accompanied by Deputy Commissioner Brent Homan, deputy commissioner for compliance, who can answer questions you may have about our cooperation and relationship with the British Columbia office, and Commissioner McEvoy, with whom we have done a number of investigations over the years.

Digital technologies that rely on the collection and analysis of personal data are at the heart of the fourth industrial revolution and are key to our socioeconomic development. The pandemic has made clear that these technologies can bring important benefits such as allowing us to remotely work, receive health services or education. But time and again we have seen, through privacy breaches or other scandals, like the Facebook Cambridge Analytica matter, that digital technologies can create important risks not only for privacy but also for other fundamental rights like freedom, democracy or equality.

An important lesson from the Facebook Cambridge Analytica matter is the close relationship between privacy and other fundamental rights. Privacy violation in this case was related to an impact on the exercise of democratic rights. An important principle to bear in mind is this relationship between privacy and other fundamental rights.

Other jurisdictions have modernized their privacy laws in recent years, notably the European Union, where the General Data Protection Regulation, or GDPR, came into force in 2018. The GDPR is sometimes said to be overly prescriptive. For my part, I would say that it continues to be a very good yet imperfect model for privacy legislation globally. My suggestion would be to not shy away from using it as a source of inspiration while at the same time adopting other rules you think might be better adapted to your local conditions.

Interoperability between privacy laws helps to facilitate and regulate commercial exchanges that rely on personal data. It also helps to reassure citizens that their data are subject to similar protections when they leave our borders. Finally, it benefits organizations by reducing compliance costs.

Interoperability of laws domestically is also important. As you know, in November 2020, the federal government tabled Bill C-11, the Digital Charter Implementation Act, which would enact the Consumer Privacy Protection Act, the CPPA, and the Personal Information and Data Protection Tribunal Act. In May of 2021, my office released a submission package in response to Bill C-11. Despite the bill’s ambitious goals, our view is that in its current state, the bill would represent a step back overall for privacy protection.

There are serious problems with this bill. It seeks to address most of the privacy issues relevant in a modern digital economy, but in ways that are frequently misaligned and less protective than the laws of other jurisdictions. However, with some important amendments, we think the bill could become a strong piece of legislation that effectively protects the privacy rights of Canadians while encouraging responsible economic activity.

Today I will focus my comments on a number of key recommendations my office made in the context of Bill C-11, hoping that this can be helpful to your examination of your own legislation. These comments were informed by precedents, best practice, research and privacy regimes worldwide. Many of our recommendations on Bill C-11 align with the recommendations made by my colleague Commissioner McEvoy.

[1:10 p.m.]

As said, to draw value from data in a responsible way that protects privacy and other rights, our laws must urgently be amended. In Bill C-11, the federal government is seeking to achieve this by maintaining the consent model and adopting several new exceptions to consent. While some of these exceptions are, in our view, reasonable, others are too broad or ill-defined to foster responsible innovation. For example, there is no reasonable justification, in our view, for an exception to consent based on the impracticability of obtaining consent.

In my view, in general terms, what we need is that the federal law or provincial law should accommodate new unforeseen but responsible uses of information in society’s interests or for legitimate commercial interests, within a rights-based framework. This approach will give considerable flexibility to use data for new purposes unforeseen at the time of collection by an organization but within a world of knowable purposes and subject to regulatory oversight.

One of our concerns with Bill C-11 is that it allows for the collection and use of information for purposes defined by companies without adequate or sufficiently precise standards as to the definition of the purposes for which companies would obtain information. That is why we’re advocating for legislation that, yes, will provide flexibility for companies but for purposes that are knowable, according to a standard that can be enforced and interpreted by an independent third party, i.e., the regulator.

What we need is not self-regulation but true regulation. We need objective and knowable standards, adopted democratically, enforced by democratically-appointed institutions. We need sensible legislation that allows responsible innovation that serves the public interest and is likely to foster trust but that prohibits using technology in ways that are incompatible with our rights and values.

I agree with Commissioner McEvoy that meaningful, informed consent should be part of our private sector privacy laws and that individuals should understand how their personal information will be used. That being said, privacy protection can no longer hinge on consent alone. In today’s complex information environment, it is neither realistic nor reasonable to ask individuals to consent to all possible uses of their data.

I’ll be glad, of course, to answer, with my colleague, any questions you have on the consent model and the way to achieve, at the same time, responsible innovation and privacy protection.

On the subject of enforcement, an effective regulator must be properly equipped with meaningful powers that lead to quick and effective remedies. In many countries, this is done by granting regulatory authorities the power to issue compliance orders and impose significant monetary penalties.

Given the immense profits that can be made through the inappropriate use of personal data, serious financial penalties are imperative. There needs to be real consequences for businesses that break the law and incentives to comply. The goal of a penalty is not to punish. It is to provide an incentive for companies to comply with. Given the large profits that can be made with inappropriate use of data, the penalties under the law need to be proportionate.

Unfortunately, the penalty provisions in Bill C-11 are hollow. First, Bill C-11 lists only a few violations as being subject to administrative penalties. This list does not include obligations related to the form or validity of consent, nor to the numerous exceptions to consent, which are at the core of protecting personal information. It also does not include violations to the principle of accountability, which is supposed to be an important counterbalance to the increased flexibility given to organizations in the processing of data.

[1:15 p.m.]

In most laws across the world, all violations of privacy legislation can lead to administrative penalties imposed by the regulator, and of course, the quantum, the amount of money that represents the fine, has to be in relation, has to be proportionate to a number of factors, including the severity of the violation, the ability to pay, and so on and so forth. But the principle should be that all violations of the law should be subject to a proportionate administrative penalty, as opposed to the federal bill, which limits the violations for which penalties are available and excludes, because it’s very difficult to understand, core violations about principles like consent and accountability.

As you may know, Bill C-11 also creates an additional layer of decision-making in the form of the Personal Information and Data Protection Tribunal, an administrative tribunal which would be responsible for imposing monetary penalties and hearing appeals against decisions of my office.

We believe that this tribunal, which does not exist in this form anywhere else, would create unnecessary delays for consumers. The courts, in our view, are perfectly capable of reviewing the legality of OPC decisions without adding a further layer of administrative appeal between the regulator and the courts of law.

Worse, Bill C-11 would encourage companies to choose the route of appeal rather than finding common ground with the OPC when we are about to issue an unfavourable decision. All told, we believe that the addition of this tribunal would only delay access to justice for consumers. In order for consumers to feel protected by the law, to have confidence that their data will be used correctly by companies, there needs to be real consequences in the not-too-distant future after a violation has occurred. So a delay between violation and sanction is an important consideration, in our view, to ensure consumer trust — that their data will be appropriately viewed by a company.

We have recommended that we be granted the authority to impose penalties at the conclusion of inquiries, an approach similar to that found in the GDPR, the European regulation; and also the law in the U.K., Quebec’s Bill 64 and as recently proposed by Ontario in its white paper on a private sector privacy law for the province. In Ontario, for instance, decisions of the Privacy Commissioner, the provincial Privacy Commissioner, would be appealed in a traditional court rather than through an administrative tribunal, as is suggested in Bill C-11.

Moving on to regulatory cooperation, my office’s long history of cooperation with domestic and foreign data protection authorities has shown the overall value of cooperation and proven that it is possible to coordinate activities even where parties are applying different laws. Extending this potential for cooperation not only creates efficiencies for the cooperating authorities or privacy regulators but, more importantly, can lead to better outcomes for communities.

We’re recommending amendments to Bill C-11 to further enhance our ability to cooperate with domestic and international authorities, and we support our B.C. counterparts in their recommendation in this regard, given the significant benefits to be gained from such cooperation.

Our provincial colleagues have recommended that PIPA, the provincial legislation, be amended to enable the commissioner to enter into compliance agreements with organizations to allow for responsive, flexible oversight. PIPEDA, the federal law, currently grants us this power, which allows us to ensure that organizations follow through on commitments they have made to the OPC to rectify their practices.

We have found these agreements to be an important means of effectively resolving complaints. For example, our monitoring of a compliance agreement entered into with dating website Ashley Madison allowed us to ensure a comprehensive implementation of a variety of remedial actions, mostly having to do with security of information.

[1:20 p.m.]

We are pleased that this instrument of compliance agreements will be made available to us as an enforcement mechanism under Bill C-11.

Breach notification is a fundamental element of modern privacy laws. It enhances transparency and accountability in the way private sector organizations manage personal information. Breach notification and reporting requirements were made mandatory under PIPEDA, the federal law, in 2018. Mandatory breach notification to individuals ensures people are made aware of instances where there is a risk of harm with respect to their personal condition, and it allows individuals to take steps to protect themselves if their personal information may have been compromised.

On the other hand, recordkeeping requirements, also a matter for the legislation that came into force in 2018…. So recordkeeping requirements and an obligation to report breaches to the Privacy Commissioner ensure accountability and oversight for companies as to how breaches are managed and further prevented by organizations.

The obligation to report breaches also raises awareness of these incidents and of trends, systemic issues and solutions. We are also, as an office, better prepared with these provisions to develop outreach and educational tools to help inform Canadians and to help businesses mitigate future risks.

That said, our experience to date — although these are generally good provisions — has shown that PIPEDA’s breach provisions could be improved. Particularly, the timeliness for reporting is often poor, leaving consumers at risk and the regulator without knowledge to propose remedies. It is impossible to hold organizations to account when 40 percent of reports are currently submitted to us over three months after the breach has occurred.

To help address these deficiencies, we have recommended that Bill C-11 be amended to require organizations to report breaches “without unreasonable delay” but within seven days after they become aware of the incident. “Without unreasonable delay” is a flexible standard, but our experience has shown that to add to this flexible standard a time limit in days is also helpful to ensure that unduly long delays to report breaches do not occur. And this type of language — “without unreasonable delays but within seven days” — is also found in the laws of many jurisdictions around the world.

In conclusion, now is an opportune for Canada to show leadership on privacy law reform. What we need at both the federal and provincial level is sensible legislation that allows for responsible innovation that serves the public interest and which prohibits the use of personal information in ways that are incompatible with our rights and values.

With that, I and my colleagues would welcome your questions.

M. Elmore (Chair): Thank you very much, Daniel and Brent, for your presentation. I’ll open up to questions from committee members.

A. Wilkinson: The first obvious query is if you have or can send us the proposed amendments you have in mind, whether it’s in the form of a letter that you’ve already sent to them or specific amendments. That would be helpful.

We’re in the strange position of having seen C-11 come onto the horizon knowing that provincial legislation has to meet a standard set by the federal legislation in order to be compatible with it and to take the place of the federal jurisdiction here in British Columbia. So we’d very much like to see what’s going to happen federally before we cast our lot.

What we don’t need is for provincial statutes that are all out of sync with each other, and then a federal one comes along and makes us all start all over again. So your amendments would be very welcome in that regard.

[1:25 p.m.]

I’m not sure if you just want to do these one at a time, but a couple of other things that come up are the phenomenon of informed consent when we’re in this world of this contracts of adhesion. I was buying some GPS maps online yesterday, and of course, you see dozens of pages of the contract, these known as contracts of adhesion, and you either just scroll down to the bottom and hit agree or you wait for it to tell you want to agree and you just…. The number of people that read them is infinitesimally small.

Lastly, the concern of the progress of Bill C-11. I know you’re not a parliamentarian, but it appears to be making slow progress, and perhaps you could give us your insights into whether that’s because of a perceived need for changes on Parliament Hill or it is simply anticipating a foreseeable election. Or is it that the bill may die on the order paper? We have trouble telling that from our perspective.

That’s a fairly long list. I don’t want to use up all the question time.

D. Therrien: All excellent questions. In terms of the text of the recommendations we have made to amend Bill C-11, we’re happy to send you our submission to a parliamentary committee, the Ethics Committee, that includes our views and the text of our recommendations to amend the bill. That submission, by the way, is already on our public website, the Office of the Privacy Commissioner’s website, but if you wish for us to send it, we would be happy to do that.

The recommendations sometimes are in the form of legislative language but, for the most part, are addressing deficiencies, in our view, at the conceptual level and make what we hope are practical recommendations to achieve a better way to protect privacy. I think it’s sufficiently concrete that it would be helpful for your purposes, but it rarely takes the form of the legislation per se.

On the question of informed consent and contracts of adhesion, of course, there are many challenges with the consent model, particularly nowadays, in part because of the naissance of these contracts of adhesion, these long contracts. But also, frankly, because given today’s technology — for instance the increasing use of artificial intelligence — it is difficult for companies to define the purposes for which they will use information without going into a 35-page contract, yet inform consumers sufficiently.

I think a number of things are required to address this challenge adequately. Point 1: despite the complexity of new technologies, including our artificial intelligence, I would agree with Commissioner McEvoy that consent continues to have an important place in privacy protection, but it is particularly useful when the relationship between the service provider and the consumer is relatively straightforward. In these cases, it’s possible to inform the consumer in a way whereby he or she will understand the purposes for which the organization wants to use information, and they can provide meaningful consent.

In other cases…. I’d say not in all cases of artificial intelligence, but in many cases involving artificial intelligence, for example, consent is a problem. It is difficult for companies to define, again, the purposes for which they will use information because, in part, artificial intelligence — the nature of it is to use information and identify new uses of the information as it is being processed.

[1:30 p.m.]

That’s why consent can go some way to protecting privacy, in my view, but I would agree that it’s not part of the federal approach in Bill C-11, whereby there are a number of exceptions to the consent principle. That crime could define how to protect privacy even when consent is not the best means to use to protect privacy lines of Canadians.

A number of models are possible here. I think if you look at our submission on Bill C-11, what we propose, and as I’ve made hopefully clear in my remarks, is an exception to consent that we’re trying to allow for a use of information by companies that might have been in the public interest or for legitimate commercial interests, a broad term that is flexible but still knowable, interpreted and enforced by the regulator. That, to us, is a good way to ensure privacy protection, even when consent may not do the job properly.

So long answer, it was relatively helpful, and I’m happy to answer more questions along those lines.

On the progress of Bill C-11 — as you know, I’m not a parliamentarian — I see that the bill has not progressed since November. I find it a bit unfortunate that there has been no debate in the federal parliament since November. Regardless of what one might think about how effective this proposed legislation is, there needs to be a debate about this. I find it somewhat unfortunate that that debate has not occurred.

As to precisely why it has not moved…. And certainly there’s not enough time for it to progress before the summer period, whether there’s an election which would lead to a new bill or whether there’s no election, and there would be amendments to Bill C-11. I’m not the best person. But all of these scenarios are possible.

I would agree, I think, with the premise of your question, which is that federal law is an important factor. It’s a very important factor in terms of privacy protection in Canada, in part because of the requirement for substantially similar laws to be adopted provincially. We’re not in a good place, currently.

There’s a need to amend the law urgently, because we have a trust problem. Because the companies need to have a framework to know when they can use information, and consumers need to have a law that protects their rights and values. So it is unfortunate that that bill has not progressed, but I’m still hopeful that in whatever form in the fall, there will be progress on the federal law on privacy.

M. Elmore (Chair): Thank you, Daniel.

I want to thank Susan, who has very speedily sent us all the report from the Privacy Commissioner. So thank you for that, Susan.

Any other committee members like to weigh in on a question?

I do have a question, but if anyone wants to jump in before me, you’re welcome to do that.

Thank you very much, Daniel, for your presentation. We’ll take a look at the paper that you submitted as well. I think that in terms of how you’ve gone through and raised concerns on a number of components of C-11, I’m not surprised that it’s been stalled. Certainly seems a number of key components need to be addressed with respect to that going forward. Nonetheless, we are also…. British Columbia must proceed.

We share your view, and also, from our B.C. privacy commissioner as well, that there’s a real need to update our laws. Also agree, in terms of your presentation — a rights-based framework must be the context in terms of legislation.

[1:35 p.m.]

The discussion around the consent model is fascinating and challenging as well in terms of emerging technologies, so I appreciate your remarks there to guide us. I share your concerns in terms of ensuring that we need effective enforcement and hear you clearly in terms of how C-11 is inadequate, that there are exemptions to that.

Certainly, I share your view that all violations should be subject to compliance. Thank you for raising your concerns with respect to the tribunal as an administrative body and also for sharing your views on the importance of regulatory cooperation. Certainly, these are priorities and principles that we’ll take into consideration to ensure, with PIPA, when we update it — and also, of course, hearing recommendations from our Privacy Commissioner, very capable — that we address these, in my view, fundamental concerns, and also breach notifications as well.

My question has do with continuing on from the question from Andrew Wilkinson and just a little bit, as well, in terms of the challenges of the consent model. I’m very interested, certainly, in artificial intelligence and these emerging technologies — very challenging. I appreciate you really fleshing out the complexities of a consent model to address these issues.

Artificial intelligence, as well, is a concern. The inherent bias that is imbedded in artificial intelligence — do you view that to be addressed also, in this broader, rights-based framework, to be able to address that? What are your views on that inherent bias around race, gender, class? These are some concerns that have been raised in the operation of the technologies perpetuating these types of systemic bias. Any view or remarks on that?

D. Therrien: Sure. Clearly, there have been studies that show that artificial intelligence can lead to discrimination. I should start by saying, of course, that technology is neither good or bad. It’s how we’ve designed it that matters. There are studies that have shown that the design of artificial intelligence can and has led to bias and discrimination — for instance, in not recognizing facial features of non-white people as accurately as in white people. But that’s not the only circumstance where there might be discrimination.

I would say two things about that. This is another illustration of the close relationship between privacy protection and other fundamental rights — here, privacy and equality rights. There are a principle of privacy bonds that provides that information collectively used and disclosed by institutions, public or private, needs to be accurate. With the relationship between the principle of accuracy, under privacy law, and discrimination, under human rights law — that is at play here.

The fact that an artificial intelligence system may be using inaccurate personal information can lead to discrimination. The role to be played by privacy law is not to do a complete overlap with human rights law. That’s not a job of the privacy regulator, but there is a link between privacy law and the principle of accuracy with human rights law, equality rights, discrimination. The proper function, I think, of privacy law for the kinds of issues raised is to ensure that the law includes the principle of accuracy, which then requires companies and departments to ensure the accuracy of the information that they have.

[1:40 p.m.]

It gives a tool to the regulator to ensure that this principle is actually being complied with by the public sector or private sector institutions. As a first step, this can, of course, reduce the incidents of discrimination and violations of the right to be informed of these.

M. Elmore (Chair): Terrific. Thank you very much, Daniel. I appreciate that.

A. Olsen: Thank you. Excuse my ignorance in the question that I’m about to ask, because I don’t have a good idea of the legislative framework federally on the components that we have broken into two pieces of legislation here, under FOIPPA and PIPA. The Freedom of Information and Protection of Privacy Act is for public bodies, and PIPA is for private.

I’m just wondering: are those separated? We’re reviewing now. Another committee is now reviewing FOIPPA, and I’m just wondering what your perspectives are on this, from the jurisdiction that you represent. Ultimately, it comes down to just one British Columbian — or we each are individuals, and there are different organizations that collect data on us and hold that data. I’m just wondering as to the effectiveness of having two pieces of legislation or a single piece of legislation. Do you have any thoughts on that?

D. Therrien: That’s an excellent question. To say the obvious, data doesn’t know borders between the public and private sectors — which, I think, requires that the public sector and the private sector laws have common, or at least similar, principles. Should it be one law or two laws? There are a number of jurisdictions that deal with privacy in only one law. It can work, but I am not insisting that it be only one law.

What I think is important, again, is that the two laws — if there are two — have common or similar principles, because of this phenomenon of data travelling. For instance, federally, I’ll tell you that private sector companies are subject to breach notification requirements to individuals and to the regulator, whereas the Public Sector Privacy Act does not include that kind of obligation. That makes no sense whatsoever. The data in the hands of the government is just as valuable and important as the data in the hands of the private sector. Actually, I think that the public sector should lead by example in leading private sector companies to adequately protect the personal information that they hold.

The main point is common or similar principles, because data travels between public and private sectors. By the way, we’re seeing more and more of that phenomenon of data travelling between sectors. It existed before the pandemic, but with the pandemic, it has greatly accelerated. For instance, among the benefits of technologies in the pandemic was the delivery of education or health services to the population. These services rest on platforms that are operated by the private sector, yet there may be conversations that are extremely sensitive when these services are delivered.

The fact is that that’s a benefit. It’s a benefit for citizens that they can have services provided on all these platforms. But the law should ensure that the exchange of information that occurs on these platforms protects privacy, and the fact that the privacy principles would be common or similar — that is, between the public and sectors — would be very helpful.

M. Elmore (Chair): All right. Yeah, that’s a great question and something for us to consider in our deliberations.

Now we are at time, and unless anybody has a really burning question that they want to jump in with, I want to thank Daniel and also Brent. Thank you for the excellent presentation. It will help us a lot in our deliberations and in working with our B.C. Privacy Commissioner here as well. Thank you very much for your time. We appreciate it. Have a great day.

To the rest of the committee members, we have a recess. Our next presenter is scheduled at two o’clock, so you’ve got 15 minutes.

The committee recessed from 1:46 p.m. to 1:59 p.m.

[M. Elmore in the chair.]

M. Elmore (Chair): Okay, everybody. Welcome back.

Our next presenter is David Adams, who is president of the Global Automakers of Canada.

[2:00 p.m.]

Welcome, David. Nice to see you virtually. You have up to 15 minutes for your presentation. Hansard Services has provided a timer, which will be visible on your screen if you’re using the gallery view.

Before you begin, I’ll ask members to introduce themselves. I’ll start with myself. I’m Mable Elmore, the MLA for Vancouver-Kensington and the Chair of our committee, the Special Committee to Review the Personal Information Protection Act.

I’m very pleased to join you from the traditional territories of the Musqueam, Squamish and Tsleil-Waututh Nations.

I’ll ask the rest of the committee members to introduce yourselves. I’ll hand it off to our vice-Chair, Dan Ashton.

Go ahead, Dan.

D. Ashton (Deputy Chair): I’m Dan Ashton. I have the pleasure of representing Penticton to Peachland.

I’ll pass off to my peer in our caucus, in order.

A. Wilkinson: Hi. Andrew Wilkinson, Vancouver-Quilchena.

K. Greene: Kelly Greene, the MLA for Richmond-Steveston.

I’m on the traditional territory of the Mus­queam First Nation. My pronouns are she and her.

A. Olsen: Adam Olsen, the MLA for Saanich North and the Islands.

I’m working today from my home in the W̱JOȽEȽP village.

G. Begg: Hi, everyone. I’m Garry Begg. I’m the MLA for Surrey-Guildford.

I’m proud to be joining you today from the traditional territories of the Coast Salish peoples, including the Kwantlen, Semiahmoo and Katzie First Nations.

M. Elmore (Chair): Terrific. Thank you, Members.

David, please begin when you’re ready with your presentation. We’ll have an opportunity for questions afterwards.

GLOBAL AUTOMAKERS OF CANADA

D. Adams: Thank you very much, Madam Chair and committee members, for allowing me to present in front of you today. I appreciate the opportunity. I do have a short presentation that I would like to go through.

As you mentioned, my name is David Adams, and I’m the president and CEO of the Global Automakers of Canada. I’m pleased to have an opportunity to present for you today on some of the issues and concerns that we see around the review of B.C.’s Personal Information Protection Act but also, more encouraging, the view that B.C. has taken with respect to looking towards the federal C-11 as a means of really generating some harmonization and alignment across Canada.

For those of you that are not familiar with our association, we are a trade association in Canada, right across the country, that represents 15 of the leading international manufacturers of light-duty vehicles. All of those members’ logos are listed below you there.

In 2020, our members represented about 60 percent of the automotive sales and employed about 77,000 Canadians, directly and indirectly. Of note, two of our members, Toyota and Honda, are the first and second-largest producers of vehicles in Canada, which comes as a surprise to some people, anyway.

I had wanted to touch briefly on five key issues — well, really four — and summarize with a conclusion with respect to the presentation today, really outlining our general association’s perspective on privacy, talking a little bit about data portability and data transfer, the idea of modernizing consent requirements and also the right to be forgotten, which, again, will be followed by a conclusion, as I mentioned.

If we look at the first issue, I think all of our members are acutely aware of the importance of protecting the consumer’s privacy within the vehicles that are purchased. That is really a sacred trust amongst the vehicle manufacturers. As some have said, data is money, and there are lots of people that are looking to make money and to monetize the data that exists as cars have become both connected and automated.

[2:05 p.m.]

Safeguarding that privacy is first and foremost in the minds of our member companies. All of our members have provisions written into their contracts as well as documentation up on their websites that refers to their privacy policies. I guess the challenge that we all have, whether we’re downloading an app from Apple or looking at privacy provisions with respect to an automobile, is ensuring that consumers not only take the time to read those disclosures but actually understand them as well.

Within a vehicle, there is a significant amount of advanced automotive technology that does generate data, more or less known as telematics, in modern vehicles. This could relate to crash notifications, for instance, electronic security provisions in the smartphone applications and traffic alerts, just to name a few.

From our perspective and, I think, from the consumers that are purchasing our vehicles, these features enhance the consumer benefit and the consumer experience. Automakers are looking to provide ongoing safety and consumer infotainment provisions into the automobile, all at the same time as trying to advance the protection of consumer information.

Vehicle telematics, again, are data that are generated essentially by the vehicle, not by the individual drivers. In general, these telematics data do not constitute personally identifiable information, because they do end up being aggregated.

With respect to looking at data portability rights, I think we understand that that’s a modern function of a lot of the global pieces of privacy legislation. I think we just need some clarity around how consumers and organizations would understand the scope and application of that concept, because I think one of the factors here, oftentimes, is unintended consequences associated with different activity that’s involved in amending privacy legislation.

With respect to the collection of aggregate data, location data, as mentioned, and other forms of telematics data, our aggregated data cannot be untangled and pinned down to potentially a single user. I think the fact of doing so would violate the privacy rights of other users as well.

Requiring companies to process raw data to comply with portability requests, referring to the point above, could be prohibitively complicated and also expensive. I think we just need to be mindful, as I mentioned a moment ago, about ensuring that we understand the scope of the application or, at least, portability rights.

Data transfer. I know restrictions are one of the things that are being considered under C-11. From our perspective, it would be important to have data transfer availability for global companies, such as the companies that I represent, who have head offices, obviously, outside of the country to ensure that telematics data and other data from the vehicle could be open and available for research and development purposes as required.

The other thing to be mindful of here, as well, is that there are legal obligations with respect to, for instance, advising consumers of recall notifications under the Motor Vehicle Safety Act. Also, it mentions notifications under the Canadian Environmental Protection Act as well. We would want to ensure that some of these legal requirements under privacy legislation as it is modified, going forward…. I think the safety requirements are already contemplated under C-11, but I don’t believe the emissions recall provisions are contemplated under C-11.

These are some of the checks and balances that we just need to ensure are in place as we move forward with amending Canada’s privacy legislation.

I think, with respect to modernizing consent requirements, we want to try and ensure that the consumer’s experience is a positive one as more and more technology gets built into the vehicle. It could be potentially a challenge for both manufacturers and potentially aggravating to consumers to have to consent to data as the different applications and whatnot in the vehicle are added for the purpose of ensuring that consumers do want the service that’s being provided.

[2:10 p.m.]

I guess, in this regard, we would suggest that any update to PIPA be sufficiently harmonized with the federal requirements to avoid unnecessary barriers for collection of data in B.C.

This holds true. As you’re well aware, I’m sure, there are privacy consultations going on in Ontario at the moment, also in Quebec, that we’re heavily involved with, as well as at the federal level. We believe that, certainly, the best path forward is to have privacy legislation, to the extent possible, be harmonized and aligned at a federal level.

With respect to the right to be forgotten, as I mentioned a moment ago, manufacturers do have certain obligations under the federal Motor Vehicle Safety Act with respect to notifying owners in the event of safety defects, non-compliance with the Motor Vehicle Safety Act regulation — recall notices, for instance. From our perspective, exceptions to the right to be forgotten need to be allowed so that OEMs, vehicle manufacturers can continue to meet these and other similar requirements.

Our manufacturers may need to keep records of certain data longer than what some might contemplate in terms of retention of the data for the purposes of administering the warranty and potentially other reasons as well. So there’s no question that we want to respect the fact that we don’t keep data longer than it is needed. But in some cases, data may be…. Well, we would appreciate data being allowed to be collected and retained for longer than some might like it to be.

Finally, in my closing comments, I think all of our members are trying to find a balance between public safety, the consumer desire for advanced vehicle technologies and protecting the consumer’s privacy, while all at the same time trying to ensure that we really harmonize and align our privacy legislation to the greatest extent possible, all in alignment with global practices. This is one thing that all of our members are wrestling with right at the moment. We’ve got the GDPR, obviously, in Europe. We’ve got other privacy initiatives afoot — for instance, in California in the United States and, as I mentioned a moment ago, different provinces looking at privacy legislation as well.

Ultimately, global automakers are going to have to land on one standard, presumably, and that’s probably close to the highest standard, to the extent that it makes sense, so that they can comply with all of the other pieces of legislation. But I think that’s still a book that’s not yet fully written, so we’re trying to ensure that we provide as useful advice as we can as we go forward, both through the consultations federally and with the individual provinces.

We do plan on making a written submission later on but did want to take a few moments today to offer up our initial thoughts and comments on the review of PIPA that your committee is undertaking. Thank you for allowing me the time to do so today. I’m happy to answer any questions that you may have.

M. Elmore (Chair): Perfect. Thank you very much for your presentation, David. We do look forward to your written submission. That’ll help us in our deliberations.

I’d like to open it up to committee members for questions for David. Anybody who’s got a question pretty much can jump in.

K. Greene: Thanks kindly, and thank you, Mr. Adams, for your presentation. I have a question about consent, because vehicles — in particular, newer vehicles — are having software updates all the time, firmware updates, and different functionalities that perhaps are enabled after somebody was to have purchased a car and signed off on all the agreements and whatnot. How do you see consent interacting with the automotive industry in looking at those different factors?

I would really like to hear your opinion. When I grew up, obviously, cars didn’t have those features. You’d turn it on with a key, and that was it. I’d like to hear more please.

[2:15 p.m.]

D. Adams: No, it’s a very perceptive question. I think as the automotive industry moves forward and we move into more of, really, a computer on wheels as opposed to a mechanical device, to your point, a lot of the updates will take place through over-the-air updates, for instance, in terms of upgrading the software and other components of the vehicle. So it is a real issue, and I don’t have a clear answer for you now. But I’m happy to take that back and refer it to my members, saying that this is a question that was raised.

But I suspect that it will either be dealt with at the time when a consumer purchases a vehicle, where they will be advised that, as part of their purchase agreement, they are either consenting to having ongoing updates provided as they are needed for software updates, that kind of thing, or that they will be advised through some sort of internal messaging system by the manufacturer when these software updates will take place.

Those are the two obvious options that I can think of at the moment, but I will take that question back and make that as part of our formal submission to you later on.

K. Greene: Chair, may I ask a follow-up question?

M. Elmore (Chair): Sure.

K. Greene: Thank you. Also, if I could ask an additional question regarding the secondary market, because a lot of people aren’t necessarily purchasing a new car, but they are reselling. So I’d be interested to know how that would interact as well.

D. Adams: If I understand your question, I think it’s related to a used vehicle purchaser and how they would receive the updates and whatnot as well? Is that correct?

K. Greene: Yes.

D. Adams: I think that’s important as well. It speaks to the issue that I mentioned in the presentation that this right to be forgotten. I think vehicle manufacturers at all times want to be aware, because of recall purposes and what have you, of who’s driving their vehicle, where that individual lives so that they can supply them with recall notifications, for instance, and ongoing information. So it’s very important to our members that they do know who is the secondary or tertiary owner of a vehicle, to be able to provide them with the required information.

I’m not sure if I totally answered your question but happy, again, to provide some more information when we provide our submission.

A. Olsen: Thank you for your presentation, Mr. Adams. Just a couple questions. I guess I’ll start with public accessibility to data, and what I mean is public sector accessibility to data.

I think that there is a real benefit, and I’ve been in a few meetings, around community design and design of infrastructure. As well, more and more we’re looking at self-driving technologies and such. There needs to be an integrated grid or an integrated network of some kind that all of the manufacturers can plug into and play nicely with one another where you’re going to have multiple different vehicles on the same infrastructure that need to be able to be communicating with each other.

But even before that, I was part of an event a while back where they were talking about how vehicle data that’s aggregated and anonymized could be very, very useful to municipalities, for an example, when they’re designing intersections and designing public infrastructure to help minimize the cost. I’m just wondering what your perspective is on your OEMs and their willingness to open that data up and make it available.

On one hand, you’re saying: “We need to make sure that we protect the data.” On the other hand, anonymized data is very, very useful in efficiency. So just your thoughts on that.

[2:20 p.m.]

D. Adams: Well, I think we would agree with you that we all want to protect the personal information of every consumer. But I think to the extent that the data is anonymized, then, yes, it makes sense. It can be very useful, as you pointed out, for municipalities, for electrical utilities, for instance, and for many others, in terms of planning road infrastructure and what have you, going forward.

As we move further down along the road to the connected vehicle, then we’re going to see that necessary relationship between not only the vehicles talking to one another but also the vehicles talking to the road system, if you will. There can be a lot of useful information gleaned from that type of V2G dialogue, I guess, between the vehicle and the infrastructure.

So I think we would be supportive, our members would be supportive of making sure that that anonymized data is available for research and development in much the same way that, I think, they would like to preserve the opportunity for the anonymized data to be available for their own research and development processes as well.

A. Olsen: Let me just follow up. I think I just want to follow up with some of comments that MLA Greene made around consent. I think the idea of continually asking for consent is the social norm. I think that we’re in a world in which seeking consent and understanding that you continue to have consent is something that we expect.

So I think that that is a challenge. The manufacturers are going to have to figure out a way to be able to maintain consumer experience but also the consumer expectation that it’s not too difficult to understand what it is that you’re agreeing to and, when you do agree to it, that there is an understanding of what it is. When those changes happen, yes, you have to be continually seeking the consent of people to be able to have their data and use their data.

D. Adams: I think that’s fair. I think the expectation of our members would be that if they’re looking for the consumer to partake in some offering, they would seek their consent to do that. In terms of ongoing consent, I think you see that in some motor vehicles now, where you get a warning that would come on, on your screen, about one thing or another. You do have the option of switching that off so that you don’t have to see it every time you turn on the vehicle. At least in some vehicles, you do.

I’m not sure if that’s the type of consent that you’re referring to. That would, at least, always be there in front of the consumer, perhaps with the consumer’s option to shut that off if they desire to do so. But I think it’s a fair comment to ensure that consumers both know what they’re actually consenting to and that that’s in clear language so that it’s not a six-inch-long piece of legal jargon that nobody can make sense of — that it is actually clear and understandable to the consumer so they know what they’re consenting to and how their information will be used.

M. Elmore (Chair): Thanks. Anybody else with a question here? We’re just running to the end of our time. A quick question?

I want to thank you, David, for your presentation. We appreciate it. It helps us a lot and, I think, really contextualizes the challenge that we’re under here, recognizing the need in terms of the revisions that we’ll be making to PIPA here in B.C. We certainly hear the message, and it’s also our view, in terms that we need to ensure that our provincial legislation is harmonized federally and also internationally in terms of some common principles. Generally, we’re looking at ensuring that it’s a rights-based framework.

[2:25 p.m.]

So appreciate your presentation, taking the time. Look forward to your written submission. Thank you very much.

D. Adams: Thank you very much. I appreciate your questions and comments. Just one last comment, if I might. Your comment about international legislation…. I think Canada revising and updating its privacy legislation is very important just in ensuring that we retain adequacy standing with Europe under the GDPR. I think, for all of us, it’s important that we are able to pursue business on an ongoing basis, innovation, and not be hampered by an inadequate privacy regime here in Canada. So I appreciate you commenting on that.

Thank you all for your time. I really appreciate the chance to appear before you today.

M. Elmore (Chair): Thanks, David.

Amy, hi. Welcome. Nice to see you. Thank you very much for joining us.

Everyone, our next presenter is Amy FitzGerald, who is the executive director of the B.C. Society of Transition Houses. Thank you so much for joining us today, Amy. You will have up to 15 minutes for your presentation. Hansard Services has provided a timer, which will be visible on your screen if you’re using the gallery link.

Before you begin, I’ll ask members to introduce themselves. I’ll start with myself. I am Mable Elmore, the MLA for Vancouver-Kensington and Chair for our Special Committee to Review the Personal Information Protection Act.

I am very honoured to join you from the traditional territories of the Musqueam, Squamish and Tsleil-Waututh Nations.

I’ll pass it off to Dan.

D. Ashton (Deputy Chair): Hi, Amy. Hi from the Okanagan. I’m Dan Ashton. I have the pleasure of representing the Penticton to Peachland riding.

I will pass you along to my peer, Andrew Wilkinson.

A. Wilkinson: Hello. Andrew Wilkinson. I represent Vancouver-Quilchena.

K. Greene: Hi. I’m Kelly Greene from Richmond-Steveston. My pronouns are she/her.

I am in the traditional, unceded territory of the Mus­queam First Nation.

A. Olsen: I’m Adam Olsen. I’m the MLA for Saanich North and the Islands.

I’m happy to be working today from my home here in the W̱JOȽEȽP village.

G. Begg: Hi, Amy. I’m Garry Begg. I’m the MLA for Surrey-Guildford. Welcome.

M. Elmore (Chair): Terrific. Thank you, Members.

Amy, please begin when you are ready.

B.C. SOCIETY OF TRANSITION HOUSES

A. FitzGerald: Thank you very much. Thank you for this opportunity to testify to the Special Committee to Review B.C.’s Personal Information Protection Act, which, if it’s all right, I will refer to as PIPA throughout my testimony.

Apologies. There is drilling going on in the wall behind me and hammering. So if it interferes with your ability to hear me, please send up a flare, and I will see what I can do about that.

I am Amy FitzGerald, the executive director for the B.C. Society of Transition Houses. I am in my office today, where there is not supposed to be drilling but there is.

I would like to acknowledge that the B.C. Society of Transition Houses office is in Vancouver on the unceded territory of the Coast Salish people, shared by the Squamish, Musqueam and Tsleil-Waututh Nations, whose history is tied to this unceded, ancestral land. We are grateful to be here.

The B.C. Society of Transition Houses was founded in 1978 with six members and is a member-based, provincial umbrella organization with, currently, 117 members across British Columbia, in many of your jurisdictions. Our mission and mandate is to train, support and advocate for the women’s housing supports program, which consists of transition and second-stage houses and safe homes, along with the PEACE program, which is focused on specialized supports and services for children and youth who have witnessed or experienced family violence, along with the violence is preventable program, which is a school-based prevention and intervention program run by the PEACE programs and PEACE program counsellors in B.C.

PIPA applies to all of our member programs in British Columbia and sets out how those organizations may collect, use and disclose personal information. My testimony today will focus on revisions to B.C.’s PIPA that are in concert with the federal Bill C-11, the Digital Charter Implementation Act, the European Union’s General Data Protection Regulation, as well as the Office of the Information and Privacy Commissioner for B.C.’s recommendations to the committee about this modernization of PIPA.

[2:30 p.m.]

BCSTH supports and recommends the harmonization of PIPA with the federal bill that will support substantial similarity while respecting B.C.’s own privacy practices. As a provincial umbrella organization, our mandate is to amplify the concerns and voices of our front-line membership.

Thus, regarding our recommendations, I would first like to acknowledge the ongoing reality of gender-based violence in British Columbia and Canada and the daily consequences that our members address, in particular as it relates to privacy practices and the confidentiality of the sensitive information that our member programs collect when serving women, children and youth in crisis.

Our world is moving towards digitizing everything, and that includes anti-violence services, in some capacity, where infrastructure is accessible and exists. For our society and membership, it is not about stopping the electronic collection, storage and sharing of personal information, but it is important to have a strong B.C. privacy legislation in place that helps guide our members to make the best decisions and policies possible in order to keep women, children and youth safe and to keep their personal, identifiable information safe.

Since 2007, BCSTH has had a technology safety project that has developed technology safety resources and training to assist our member programs to learn about how to support women and young people who are experiencing technology-facilitated violence, including strategic methods to train them to use technology safely and to incorporate those methods into safety planning. Our resources and training also assist our members to consider how their programs’ privacy policies and use of technology in their operational and administrative practices impact women and children’s safety, and we suggest ways to implement best practices.

During COVID-19, the necessary shift to using virtual technology has created a mixed service delivery model in British Columbia and across Canada that will most likely continue, going forward. Women’s Shelters Canada, in a 2020 survey of shelters and transition houses across Canada, indicated that 66 percent of respondents said that they would continue the use of pandemic practices such as providing remote access and services through virtual and digital means and texting, as well as telephone capacities.

Our 117 members are non-profits of varying sizes, with a mixture of union and non-union workplaces. Some are CARF- and COA-certified, and some are not. In their daily practices, in person and virtually, they gather personal information when they provide counselling and support services in confidential transition house or safe home or second-stage settings, when they provide family court and criminal court process advice, when they provide safety planning and when they provide employment, housing and referral supports.

Many of our member programs have been subject to subpoenas from their records from litigating parties. Over 35 percent of our programs have had their confidential records subpoenaed by third parties in the last two years, and of those programs, 79 percent were subpoenaed one to three times during the past two years.

Evolving technologies enable more and more data collection, data sharing and sophisticated data analytics. Electronic databases make it easy and inexpensive to collect, store and disclose personal information, with the capacity to store, indefinitely, endless amounts of data and readily disclose personal information to users, third parties and data brokers. In the context of women, children and youth experiencing domestic and sexual violence, stalking, trafficking and harassment, having personal information stored in those places can put their safety at risk through online interception, subpoenas, third-party requests and data breaches.

Privacy and security considerations are a top priority for our member programs. Digital and data transformation has led to an explosion of sensitive data being collected and provided to commercial entities for storage.

BCSTH recommendations regarding the PIPA modernization and harmonization with the federal laws and the GDPR that would be of benefit to our member programs and the women, children and youth they support are as follows.

[2:35 p.m.]

Mandatory breach reporting. BCSTH recommends implementing mandatory breach reporting that requires private and not-for-profit organizations in British Columbia to notify the OIPC and affected individuals of data breaches that pose a real risk of significant harm to the affected individuals, which exists under the GDPR and other Canadian privacy legislation. It should be noted that under B.C.’s FIPPA, which governs public bodies, there is a provision that stipulates that there must be immediate notification if there is unauthorized disclosure of personal information. This provision provides a model example of what PIPA should mirror.

Currently there is no mandatory notice under PIPA that is needed to be given to the individuals affected unless the commissioner orders otherwise. Amendments need to be made to PIPA to hold organizations to the highest standard when it comes to privacy laws, especially breaches, so affected women, children and youth can be assured that their private information is protected.

Two, rights for individuals to demand disposal of personal information. BCSTH supports individuals, women, children and youth having the right to control the use and disposal of their own personal, identifiable information.

PIPA requires an organization to destroy personal information or render it unidentifiable as soon as it is reasonable to assume that the purpose for which that information was collected is no longer being served by its retention and retention is not necessary for legal or business purposes. As noted by the OIPC in their comments, this duty is passive in the sense that an organization must consider and apply that standard without any explicit right for the individuals to require disposal. By contrast, the CPPA, the federal act, will give individuals the express, positive right to require an organization to, as soon as feasible, dispose of personal information that it has collected from the individual which we support.

Three, right to access. PIPA should be revised to give individuals the right to obtain their own electronic personal information from an organization in a simple, commonly used, machine-readable format and at no expense. We also recommend that organizations should have to transfer the personal information to an organization that an individual identifies as long as it is technically feasible to do so and not cost prohibitive.

Both of these provisions empower the users of our member program services to be able to exercise control over their own sensitive information.

Four, administrative, monetary and enforcement policies. BCSTH supports monetary sanctions to ensure enforcement and applauds the OIPC’s statement that they will also always emphasize educational, remedial approaches to compliance and working with organizations, business groups, civil societies and others to secure compliance by persuasion and education whenever possible.

This statement is particularly important for our member programs which are smaller non-profits and are busy 24-7 providing front-line crisis shelter services to keep women, children and youth safe. BCSTH also supports authorizing the OIPC to issue orders in response to non–complaint initiated investigations in order to address privacy concerns invisible to consumers but apparent to the Privacy Commissioner.

Five, training and privacy impact assessment technical support. Finally, BCSTH recommends that, as part of the modernization of PIPA, the legislation include the authority and funding for the OIPC to provide free training to organizations impacted by the new law, such as a B.C. PIPA 101 course, and tie the training to a mandatory privacy impact assessment, perhaps as part of a licensing provision, for example in the B.C.’s Societies Act’s annual licensing provisions. This would provide non-profit societies and organizations with the education and technical support to implement the important new privacy laws included in a modernized PIPA.

Privacy impact assessments identify and mitigate privacy risks. Data controllers are required by the GDPR to complete a privacy impact assessment before initiating any processing activity with high risk of infringing on a natural person’s rights and freedoms.

PIPA does not require private sector organizations in B.C. to complete PIAs. However, private sector organizations are encouraged to do so. The OIPC is available to review your organization’s PIA currently, and they can recommend improvements to your privacy management programs, but it is not mandatory currently. BCSTH would support this as a mandatory step that is paired with the free, accessible training offered by the OIPC.

[2:40 p.m.]

For BCSTH member programs that have been accredited by CARF and COA, this PIA process and B.C. PIPA 101 course should also address the accreditation process to ensure that it is compatible with the revised PIPA.

BCSTH and our membership welcome this opportunity to testify on behalf of the modernization of B.C.’s privacy laws to achieve the goal of accountability and public trust in privacy laws for women, children and youth experiencing violence, to ensure equality of rights before and under the law.

Thank you very much for your consideration.

M. Elmore (Chair): Perfect. Thank you so much for your presentation, Amy. I’d like to open up for questions from committee members.

Does anybody have a question?

I can kick things off. Amy, you mentioned that all of your programs are covered by PIPA, but 35 percent of your programs have been subpoenaed for private information in the last two years and some of them repeatedly. That seems quite high. Is this attributed to the nature of the gender-based violence that you advocate on behalf of members? Is that generally the context, the reason behind those subpoenas? What’s the nature of the information that’s requested?

A. FitzGerald: Historically, subpoenas for our sector have been related, oftentimes, to criminal investigations in sexual assault or domestic violence cases. What we are seeing now is the pattern is more subpoenas in civil matters, specifically in high-conflict family court matters. It is oftentimes the offending caregiver or parent who is looking for the information from both the transition house but also the PEACE program.

The PEACE program is the psychoeducational counselling program that sees children between the ages of three and 18 and their non-offending caregivers. The subpoenas that we are seeing now tend to be in that portfolio more so than the transition house portfolio. I think it’s probably a reflection of the nature of the commonality, sadly, of gender-based violence for certain but also high-conflict family court matters where we are seeing this kind of inquiry as to information.

To be quite honest, it’s quite alarming for our member programs. I am a lawyer, by trade, from the United States. I am not a member of the Law Society here. But I can guide our member programs to practising lawyers here for representation in those cases, and that is what we recommend that they do.

It is prohibitive, to be quite honest, for them to have representation in those cases. We’ve thought about trying to establish, to be honest, a trust fund for our member programs to access legal representation in those cases. The records that they are keeping are confidential records. There’s good case law that once you get to court and raise the essential confidential and important nature of the records, courts have quashed those subpoenas and those requests for records, recognizing the public necessity and public good of the services being provided by the front-line programs. But it’s a long road to get there.

M. Elmore (Chair): Thanks, Amy. But you have to undertake that process with representation to get to that. So are there other avenues to address that?

A. FitzGerald: In terms of with our membership?

M. Elmore (Chair): Yeah, like in terms of recourse around addressing that practice.

A. FitzGerald: I train our member programs on how to respond, and there’s a section in one of our training materials. It’s a legal toolkit on information and resources, so that’s the toolkit that I train our member programs on. If they receive a subpoena, we have sort of a step-by-step process that they should take. One of those critical steps is for them to get legal representation. I encourage our member programs to budget that as part of their budgets in terms of ongoing representation.

[2:45 p.m.]

I will say, and this has come up in some of the other forums that I’m part of, that it costs $20,000 to $30,000, typically, for a member program to be represented in one of these matters. So one of our member programs right now is doing a Kickstarter funding to pay their legal representation. I don’t know if this is the appropriate committee to be thinking about that, but if there’s some way to set up a stream of funding for that kind of legal representation for our member programs to access when they are in these crisis situations, I would welcome that, and I know our members would as well.

K. Greene: I have a question, Ms. FitzGerald. My question is with regards to private information of minors. You said that a lot of the subpoenas that you’re getting for private information are for a program for youth aged three to 18. Was that correct?

A. FitzGerald: Yes.

K. Greene: So people are seeking private information of minors?

A. FitzGerald: Yes. The way the PEACE program operates is the child comes with a non-defending caregiver, and the non-defending caregiver, most frequently, is the mother. So the file would be open for the mother, but within that file, the PEACE program counsellor works directly with the children and youth. So there would be information related to that psychoeducational counselling program, related to those children.

Oftentimes, the family court subpoenas that they’re receiving are for both the mother’s records and the records of the children and youth. It is usually alleging…. Parental alienation is sometimes one of the things we see alleged in those subpoenas. These records would speak to that factor in a family court matter.

M. Elmore (Chair): Any other members who have other questions?

I’d like to thank you, Amy, for your presentation. Really appreciate it, and of course, thank you for the great work that you do — and your members from the B.C. Society of Transition Houses. Certainly, so crucial to ensure that we deal with gender-based violence in B.C. and work to bring an end to that. Thank you very much for the work you do, and thank you for your presentation.

A. FitzGerald: Thanks very much for having me — and welcome to take any questions or provide any information after the fact, if anything comes to mind. Thank you very much and enjoy the summery day.

M. Elmore (Chair): Everyone, our next presenter is Samantha Gale, who’s the CEO of the Mortgage Brokers Institute, Canadian Mortgage Brokers Association.

Thank you so much for joining us today, Samantha. You’ll have up to 15 minutes for your presentation. Hansard Services has provided a timer which will be visible on your screen if you’re using the gallery view.

Before you begin, I will ask the members to introduce themselves. I’ll start with myself.

My name is Mable Elmore. I’m the MLA for Vancouver-Kensington and the Chair of the Special Committee to Review the Personal Information Protection Act.

I’m honoured to join you virtually from the traditional territories of the Musqueam, Squamish, and Tsleil-Waututh Nations.

D. Ashton (Deputy Chair): Hi, Samantha. Dan Ashton. I represent Penticton to Peachland.

A. Wilkinson: Hello, I’m Andrew Wilkinson, for Vancouver-Quilchena.

K. Greene: Hi. I am Kelly Greene, MLA for Richmond-Steveston. My pronouns are she/her.

I’m in the traditional territory of the Musqueam First Nation.

A. Olsen: I’m Adam Olsen, MLA for Saanich North and the Islands.

I am very happy to be working from my home community here in W̱JOȽEȽP.

G. Begg: Hi, Samantha. I’m Garry Begg. I’m the MLA for Surrey-Guildford. Welcome.

M. Elmore (Chair): Thank you so much, members.

Samantha, please begin when you’re ready, and then we’ll have an opportunity for questions afterwards. Go ahead.

MORTGAGE BROKERS INSTITUTE OF B.C.,
CANADIAN MORTGAGE BROKERS ASSOCIATION

S. Gale: I want to thank the committee members for permitting me to speak with you today.

[2:50 p.m.]

My name is Samantha Gale, and I’m the CEO of the Mortgage Brokers Institute and the Canadian Mortgage Brokers Association, B.C. I want to talk to you about a subject which is both simple yet complex, and that is the right to be forgotten, which is in many contexts being narrowed down to something called a right to data erasure.

I can start by explaining that I’m actually not an expert on privacy rights. My background is focused primarily on the mortgage broker sector, which is subject to a licensing regime here in B.C.

My understanding is that the right to be forgotten is, of course, distinct from the right to privacy. While the right to privacy relates to information that is not yet in the public realm, the right to be forgotten relates to information that is already in the public realm, and it questions whether that information ought to be removed from public access.

This issue comes up in the mortgage broker sector when mortgage broker licensees are publicly disciplined. Regulators, of course, serve an important public protection purpose in licencing and disciplining licensees. The publication of regulatory notices of hearing and orders serves multiple goals, including creating transparency in the process so the public can see the allegations, responsible parties, evidence and findings, which is an important element of natural justice.

It also creates accountability. The publication of orders results in some level of holding licensees accountable for conduct. This serves the goals of general deterrents for all licensees at large and specific deterrents for the particular licensee who is subject to the order. Creating a database of regulatory decisions also helps provide guidance and precedents for future decisions. These are all important functions of publishing orders, notices of hearing, by the regulator.

However, when notices of hearing and orders are published by regulators, we now have third parties, for-profit entities, and they do data scraping and create specialized databases. The databases do not appear to filter the information, for instance, by examining particular records to ensure that they’ve been appropriately captured. I believe the process is fairly mechanical. If there’s an order or a notice of hearing, it gets scraped into the database without any consideration of what’s contained in the document.

In the mortgage broker realm, we’ve got lenders and other service providers who then pay a subscription fee to access these records from these entities. They then rely on these records to…. What a lot of them will do is blacklist or cut off the mortgage broker licensees who are on this list.

The challenge, then, in the mortgage industry is that individual mortgage broker licensees deal with relatively few large numbers of lenders. Getting cut off from them essentially means the end of their business. In some cases, this might be a lifelong career. They can, of course, still engage with some smaller private lenders who do not rely on these systems, but that line of business is limited, with the vast majority of mortgage borrowers wanting primary lenders.

It’s now a trend for regulators to post orders indefinitely, which means licensees will be forever on the blacklist. So the problem now is that there are licensees who…. Maybe they were the subject of an order a decade or more ago. That order may have [audio interrupted] a fine, investigation costs or supervision but no licence suspension. Or perhaps there was a period of licence suspension which has long ago ended.

However, the act of being blacklisted through data scraping entities…. None of this matters. Being on the backlist is akin to being suspended, as the licensee will be unable to facilitate most transactions. So the problem here is twofold: No. 1, this usurps the function of the regulator, who has to live with a disciplinary result which is now rendered most likely meaningless; No. 2, there’s no opportunity for the disciplined licensee to work through a process of rehabilitation, as they are shut out of working.

My question is: should there be a right to data erasure in these contexts, particularly when not only does the information being in the public realm no longer serve a public protection measure, but it creates harm? I would say the answer to this question is most definitely yes.

[2:55 p.m.]

I know that in the criminal context, criminal offenders who engage in more serious criminal conduct than disciplined licensees have a right to be pardoned after either five or ten years. Shouldn’t disciplined licensees, at a minimum, be on the same footing as criminal offenders?

The subject of the right to be forgotten is, in many cases, nuanced. It can involve the posting of online reviews, which may be unusually negative or even defamatory; the publication of other decisions, such as arbitration rulings, which may impact somebody’s employment; or perhaps it’s social media postings and social media sharing which contain defamatory or harmful content concerning indivi­duals.

I am mindful that imposing restrictions on the posting or use of online information and imposing data erasure requirements raises questions around freedom of expression, censorship, transparency and recreating history. However, the Internet — its widening scope and application through social media apps and FINTRAC — does require us to examine these issues and understand emerging trends and risks.

Perhaps it’s time to follow Europe’s lead. The EU passed the General Data Protection Regulation in 2014. Article 17 now provides that the data’s subject has the right to request erasure of personal data, on a number of grounds, within 30 days.

These are my submissions to the committee.

M. Elmore (Chair): Thank you, Samantha.

I’ll open it up to committee members for questions. Does anybody have a question?

A. Wilkinson: There’s a bit of history around this. Around 1990, the College of Physicians reluctantly agreed to post disciplinary histories of doctors. It was initially done on whether there had been an adverse decision about a particular doctor. It appeared in a print publication that was almost impossible to find.

That arose because of a pattern that had emerged in the western world of some efficient people, particularly surgeons, moving from one jurisdiction to the next. It was almost impossible to find their records. So they did this until they got caught in the third jurisdiction, and they moved to a fourth and a fifth and a sixth. In the United States, it was a big problem, because there were 50 different jurisdictions, and they run low-budget organizations there.

If you fast-forward 30 years, this is now online, available for basically every regulatory college — that they have to post the disciplinary results. If you go on to the lawyer, look up the Law Society. It says what the disciplinary history has been since 1983. Those are completed disciplinary processes where there has been an adverse answer for the registrant. If there’s no adverse outcome, then they don’t get registered.

I suppose the question for you is, I presume…. [Audio interrupted] results, punitive findings — convictions, in simplistic language — are appropriate for the public domain and should stay there indefinitely.

S. Gale: I think that’s a good question. I think that one of the challenges is that continuously posted information may, at some point, no longer serve as a public protection measure. I think that we’ve come a long way. I would assume that regulators in all of the various disciplines, first of all, have got access to each other’s databases. I’d assume that in Alberta they’re going to know about disciplinary records in B.C. and vice versa. Certainly, in the mortgage broker realm, there’s access to one another’s…. There’s sharing amongst regulators — in related disciplines, even, not just in different provinces.

That’s a very important function. We certainly want to make sure that licensees are suitable for licensing. If they’ve engaged in some kind of conduct which makes them unsuitable, that’s very important to keep alive and keep a record of. But there may come a point where the public posting of information perhaps creates more harm than good. Should we keep, in the public domain, records from 20 or 30 years ago where the conduct described really doesn’t create a public protection concern at this juncture? The answer to that may be no. Maybe it’s yes, but maybe it’s no.

[3:00 p.m.]

My concern is that when we simply scrape all the data together, lump it into one pot and then enable the public at large to access information, that really impacts the individual. Is that something that, as a society, we want to happen? For example, like I’ve said, we’ve already made a decision about criminal records. We’ve already decided that some people are eligible to have their public record extinguished through the pardon process.

M. Elmore (Chair): Does that answer it for you, Andrew? Okay.

Any other committee members — questions, here?

G. Begg: Not a question — really, a follow-up to Samantha’s comment and, to some extent, Andrew’s comments. I think the spectre is raised here of a greater issue, which is not within the control of this committee. But the observation that you make about the intended or, perhaps, unintended consequences of disciplinary hearings is an important one for us to consider.

I’ll pose it in a different context — each of us knows this to be true: if a criminal charge is laid, it receives far more public attention than does the subsequent court proceeding, which oftentimes results in an acquittal. This involves the so-called public right to know. There is no such thing, of course, in law, as the public’s right to know. However, an innocent person stands a very good chance of being condemned only by the criminal charges and not as vindicated by the judicial process that encompasses everything.

It’s a fascinating discussion — not one that, I think, falls within our jurisdiction. But the observation must be made that we live in an environment in which you cannot unring the bell. People choose to listen to the bells that they choose to listen to. Once that bell has been rung, it can’t be unrung. It’s, I hope, some comfort to you, Samantha, that we appreciate the importance of being alive to an issue like the one that you’ve talked about here today.

S. Gale: Thank you.

M. Elmore (Chair): Any other questions from other committee members?

Samantha, I just had a question. What is the number of your members impacted in this practice? Do you have an estimate of that, in B.C. and across the country?

S. Gale: Yeah. There’s a database, and it contains — I’m just going off my memory here — probably about 20, maybe 30, cases, including notices of hearing and orders. Sometimes these data-scraping entities also check licensing periods. For instance, if somebody is not getting their licensing documents in on time — maybe they’re off the system for a day or two — the systems will capture activity like that.

Alberta has a very proactive regulator. It probably has a similar number of decisions. Ontario has a larger body of mortgage agents and brokers, probably three or four times the size, with the number of disciplinary cases matching that.

M. Elmore (Chair): Terrific. Thank you. As we’re just wrapping up, coming to the end of our time, do any other committee members have a question for Samantha? I’d like to thank you very much, Samantha, for your presentation and your written presentation for us to consider. We appreciate that. Have a good day.

All right, team, we have our last, one more, presenter, who’s scheduled but not present yet. We’re going to give them five minutes and check back at 3:10.

The committee recessed from 3:05 p.m. to 3:10 p.m.

[M. Elmore in the chair.]

M. Elmore (Chair): Okay, everybody. Our final presenter this afternoon is Dr. Mike Figurski.

Mike, you have up to 15 minutes for your presentation. Hansard Services has provided a timer, which will be visible on your screen if you’re using the gallery view.

Before you begin, I’ll ask members to introduce themselves. I’ll start with myself. I’m Mable Elmore, the MLA for Vancouver-Kensington and the Chair of the Special Committee to Review the Personal Information Protection Act.

I’m very honoured to be joining you from the traditional territories of the Musqueam, Squamish and Tsleil-Waututh Nations.

D. Ashton (Deputy Chair): Welcome from the Okanagan. I’m honoured to be able to represent the people from Penticton to Peachland. I’ll pass you over to my caucus peer.

A. Wilkinson: I’m Andrew Wilkinson from Vancouver-Quilchena.

K. Greene: I’m Kelly Greene, MLA for Richmond-Steveston.

I’m coming to you from the traditional, unceded territory of the Musqueam Nation, and my pronouns are she and her. Welcome.

A. Olsen: I’m Adam Olsen. I’m MLA for Saanich North and the Islands.

I’m very happy to be working from my home here in the W̱JOȽEȽP village.

G. Begg: I’m Garry Begg. I’m the MLA for Surrey-Guildford.

M. Elmore (Chair): Thank you, Members.

Mike, you’ll have your presentation, and then we’ll have an opportunity for questions afterwards. Please begin when you’re ready.

MIKE FIGURSKI

M. Figurski: Hi, my name is Mike Figurski. I’m a small-town doc in Big White. I’ve been there for about 20 years. I also do some academic and clinical research at UBCO faculty of medicine and take students. I’ve got a small start-up that does open-source, not-for-profit health records, including open EMR.

I’m considered a subject matter expert for stewardship in medical records and wrote the chapter on EMR best practices for the Canadian Family Physician two years ago.

I appreciate the opportunity to come and speak to the committee about the upcoming review of the PIPA laws. What I was hoping to do was describe a problem I’m sure some of you are already aware of, especially Dr. Wilkinson there.

There are three people involved in health care informatics for B.C., of course. There’s the patient, there’s the doctor, and then there’s the provider, which is, for most people, the government through the Medical Services Plan. The fourth player is the vendors who create software to exchange and store information for the physicians and for access to the patients.

There are two phenomena that I’d like you to be aware of. One is vendor law for physicians. About 15 years ago now, the federal government provided about $150 million for B.C. to digitize physicians’ offices, and they came together with a list of six approved EMR vendors. Four of them were domestic, from B.C. They said: “We’re going to pay about $15,000 to start up and about $5,000 a year to support integrating these medical records into your office to try to supplant the paper records.”

The goal was the same ones we’re pursuing today — to allow patients better access to their information and to allow better information-sharing within the health circle. Unfortunately, this goes counter to the business model of most medical record vendors, who are most interested in securing and maintaining a long relationship with these providers, who they’ve invested heavily in to secure their records as application service providers.

Correct me if I’m wrong, if anyone knows the numbers, but I think there are about 8,000 physicians in B.C., and they pay in the order of $400 to $700 per month, over 90 percent of them, to maintain these records.

[3:15 p.m.]

The goal and the expectation was that they’d be able to share these records freely, and patients would be able to get a digital copy when they need it and store it, share it and understand it a little better.

Unfortunately, all but one are proprietary. They’re for-profit companies. Three of them are currently owned and operated through Telus. One is an open-source solution, which is OSCAR, and without the support of PIDO, which was the organization implementing the mandate of digitization, OSCAR has grown to about a 15 percent market share in B.C., which is phenomenal, considering that it’s open source, pretty much entirely word of mouth and funded by the physicians rather than by the government or subsidies.

Vendor lock occurs when physicians can’t easily migrate their records to another vendor. This is something that most physicians are saddled with. They sign confidentiality, non-disclosure and hold-from-harm agreements when they agree to these information-sharing contracts with the vendors that prevent them from even discussing how well the device or application works in their practice, specifically comparing it to other platforms, and prevents them from recovering their data in the same digitized format they entered it.

For instance, in my case, when I left Osler about ten years ago, after painstakingly entering everything digitally, I was provided non-searchable PDFs as my patient record and was able to provide patients a specific picture of the visit from the last 15 years, but not gather any information from those records.

Likewise, patients suffer because they’re locked into physicians’ records. They can’t easily access, import, migrate their records to another system or, better yet, to their own hard drive and understand and treat their medical conditions themselves.

One thing I’ve seen work really well in other places, particularly New York state with the privacy legislation. They said: “We’re not going to tell you how to do it.” But like Europe, they’re looking at the other side of privacy, not just…. We’re very good in Canada at the security side, making sure that nobody has access to their information, but we’re really bad at making sure that patients are privy to it themselves. They have the right to access, share and easily view their own information.

For instance, the Provincial Health Services, one of the health authorities that goes across the province, maintains four main databases. It maintains a provider registry — who can provide services, who is licensed, who has businesses. They provide a client registry — who has an MSP number. They provide lab services, the provincial lab information services. What are all the lab reports and test results? And they provide PharmaNet. What are the medications that are listed under each health care number dispensed by a registered pharmacy in B.C. over the last 14 months?

Now, as I understand PIPA, I’m supposed to be able to access that information. There’s supposed to be a mechanism for it. In fact, as a physician, I can access anyone’s information but my own. If I do access my own information, or anyone in a health authority accesses their own information, it’s immediately flagged, investigated and usually results in a penalty.

I would love to see this go the other way — that any time someone accesses my information, I get an email, text or other notification, and I can understand whether or why that person needed access to the information. When I do want to get my PharmaNet information, the government has met requirements, technically, to provide a mechanism, but it’s cumbersome and inefficient.

[3:20 p.m.]

For instance, for pharmacy, if I want to get my Pharma­save, or you want to get your Pharmasave, as a client of medical services, you fill out a form, you fax it to PHSA, and they send you a fax copy of the 14 previous months’ PharmaNet. You can’t really import it into anything else. It’s not in a digital format. It’s not something that would be practical to use or share with my health care provider.

It would be great if I could access my own record anytime, anywhere. I don’t understand, personally, as a provider, why patients can’t go on and see what has been prescribed under their number. I think they’d recognize a lot of fraud, where people were using their number or pharmacists were using their number to bill, erroneously or otherwise. They know what medications they’re on. They can print a list and bring it to their doctor and, hopefully, through greater insight, they might be interested enough to find out why they’re taking these medications and what they’re actually for. It’s a great opportunity to link patient-facing information at just the right time and the right place.

For MSP, we talk about wanting to have a provincial health information service, and the information is already there. Every time I see a patient, I send the fee and the diagnosis to MSP, and they pay me. So MSP maintains a record of every diagnostic code billed under every patient for the last seven years — that’s the time frame they’ll release. Likewise, I can fill out a fax form and send it to PHSA and have them send me — again by fax — a seven-year record of all the billing codes that have been put under my number in B.C.

I think that if we mandated that patients had the right to access this information — the pharmacy, the lab, the diagnostic codes, the providers — they would have a de facto medical record, a personal health record, that they could curate, share and shop as they saw fit. One thing that would facilitate that is legislation that specifically mentions digital format, machine readable — things like this that make it non-optical. Something that is actually level 3 information, where each word is categorized and mapped so that it can easily be integrated into intelligence systems.

One thing that would help would be insisting on a standardized format for export of medical records. Every current EMR uses a MySQL database. It’s a certain format of database, but they all have different tables, and all but OSCAR are unpublished. So nobody really knows where the data is within this back end. If we legislated that physicians should be able to require or request their information in a standardized format, it would go a long way to true interoperability.

I know that that’s probably well beyond the mandate, and I’m sorry for taking up most of my time, but that’s all I had to say.

M. Elmore (Chair): No. Thank you very much, Mike. It’s a great presentation.

I’d like to open it up to questions from committee members. Do we have questions? Who would like to jump in?

A. Wilkinson: Mable, just a few observations, if that’s helpful.

M. Elmore (Chair): Sure. Go ahead.

A. Wilkinson: I still remember when PharmaNet came in, in 1993, and within a year, someone….

[Interruption.]

M. Elmore (Chair): Okay. Go ahead, Andrew. Proceed.

[3:25 p.m.]

A. Wilkinson: Yeah. And back in 1994, a year after PharmaNet came in, it was disclosed that some hospital staff had been cruising through PharmaNet to see what Mike Harcourt’s medication profile looked like. Those were early days, and since then…. That’s — what? — 27 years ago. The telescope has been reversed so that the idea is that as few people as necessary can look at medical records.

Hospitals, as you know, are much more complicated than doctors’ offices with potentially dozens of people, as nursing shifts change and more and more consultants see the patient, needing access to the record. There is the element of implied consent when you’re in hospital, especially if you happen to be comatose or unable to consent to something. Clearly if you want care, you are going to need to have your caregivers have access to the record.

But we’re still in this very, very long transition. Most of you will have heard that about four years ago, the National Health Service in the U.K. wrote off, I think it was, a £3 billion information system because it didn’t work for their 65 million patients.

They’ve regrouped now, and if you want to see how well it’s going, you can download the NHS COVID app, and that provides the COVID records for any person who’s an NHS patient. They can easily share them with a border official or another doctor or their sister-in-law, just by sending the COVID update to that person. It contains their name and the batch number and the date of their immunization — all that stuff. The NHS has made huge progress in this.

We’re in a messy place because our health authorities all use different information systems. Dr. Figurski described, wisely, that there are a number of different information systems in doctors’ offices. It’s not at all integrated, to the point where we find ourselves as one of the last places — and certainly one of the last areas, especially in the world — using fax machines.

We should all look forward to the day when fax machines become totally obsolete and you cannot buy them or service or use them anymore, because they’re insecure, they’re messy, they’re not capable of being able to transfer — the type you’re talking about, Dr. Figurski. So I think we’re in a messy space. It’s not going to be tidied up anytime soon.

Canada Health Infoway was a big-spend program. It started about 15 years ago to try and rationalize all of this. If we had an NHS-type system, then you would be told how it works and you would be told to do it. If it worked, we’d all be happy. If it didn’t, we’d be mad at the central government. Instead, we have, actually, 11,000 independent contractors out there doing their own thing. In doctors’ offices we have 60,000 nurses entering information to hospital systems. It goes on and on and on.

So what we’re starting to see is LifeLabs now makes lab results available online, if you want them — separate registration, separate account, separate password. You can use your B.C. Services Card to get into health gateway, which has most of your medication record and your immunization record. But we’re in a very messy place right now. The only consolation is it’s way better than it was five years ago.

I guess, as a citizen of British Columbia, as a former medical practitioner, as a former cabinet minister, I say even though I’m supposed to blame the NDP for everything these days, stay tuned. It should get better.

M. Elmore (Chair): Thanks, Andrew.

Other comments?

M. Figurski: Can I make a little comment here? I think it was Ralph Klein. He wasn’t popular when he pushed it through, but if you talk to physicians working in the field, Alberta seems to have the best distributed system out there. It was definitely a top-down approach.

A. Wilkinson: I’ll leave that with the members of the government caucus to talk about whether they want to do a top-down approach with the medical profession in B.C.

M. Elmore (Chair): Any other committee members have questions or comments?

Mike, I’d like to thank you for your presentation. It’s been informative. It is not, technically, under our purview.

Thanks, Andrew, for filling in some of that context.

It’s certainly a work-in-progress in terms of needing to bring that to the place where it needs to be. So appreciate the work that you’ve done, and thanks for bringing the matter to our attention. Appreciate you taking the time today. Do you have any last words you wanted to wrap up with?

M. Figurski: When I was reading provincial regulations, I think Ontario slipped “machine readable” somewhere in there. It would be great if that happened to us as well, in my opinion.

[3:30 p.m.]

M. Elmore (Chair): Okay, thanks. We’ll make a note of that.

I’d like to thank you for your time and for your presentation. I hope you have a great rest of the day.

M. Figurski: Thank you and appreciate all your good work.

M. Elmore (Chair): Okay, Members, that is our five presenters today. That really sped by. It was a lot of fun. I want to thank everybody for your time and for your discussion, deliberations and questions. It’s all been very informative.

We are going to be seeing each other in short order, tomorrow. Our committee is meeting again Wednesday morning, 9 a.m. to noon, to continue our public hearings. I hope that everybody who has been listening in will join us again tomorrow. We’ll have some great presentations.

I will now entertain a motion to adjourn.

Adam, did you have a point? Did anybody else have anything they wanted to add before we wrap up?

A. Olsen: No. I’ll second that motion, but I’ll just also say that I’m getting my second vaccination in about an hour here, so I may be incapacitated, depending on how it affects me. I wanted to let you know that. There are people around me who’ve been on their backs. I don’t know. I’m hopeful.

M. Elmore (Chair): Okay, good luck with that Adam, and we hope to see you tomorrow morning.

Okay, everybody, thank you very much. We’ll be adjourned for today, and see you tomorrow.

The committee adjourned at 3:31 p.m.