Bill C-57 An Act to amend certain Acts in relation to financial institutions
This page has been archived on the Web
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
House of Commons Standing Committee on Finance
November 15, 2005
Opening Statement by Heather Black
Assistant Privacy Commissioner of Canada
(CHECK AGAINST DELIVERY)
Thank you for the opportunity to appear to day to comment on Bill C-57.
I should preface my remarks by noting that we are not experts on corporate governance nor are we experts on the Bank Act, the Insurance Companies Act or the other Acts that Bill C-57 will amend.
The Bill contains several references to the Personal Information Protection and Electronic Documents Act, one of the two federal Acts that protect personal information; however, these references do not relate to Part 1 of PIPEDA, the part dealing with the protection of personal information. We only have oversight with respect to Part 1.
There are only a few provisions in the Bill that relate to the collection, use or disclosure of personal information. There are a series of provisions requiring the directors or officers of banks and other financial institutions to report any interest they may have in a material contract or material transaction with the bank or other financial institutions and there are parallel provisions allowing shareholders to review these disclosures.
There are also provisions that allow shareholders to obtain personal information about other shareholders, provided the information is only used for the purposes specified.
These provisions are intended to promote greater transparency and accountability. We are living in an era in which public trust and confidence in the political process, large corporations and other institutions is eroding. The Enron and WorldCom scandals and, to a lesser extent, the Nortel experience in Canada, have created a renewed emphasis on corporate governance.
This renewed emphasis on corporate governance has taken several forms including new requirements to report the salaries and other compensation of senior executives and more openness about potential conflicts of interest.
These demands for greater transparency and openness often require disclosures of personal of information. The challenge is to figure out how to achieve greater transparency without unduly intruding on the privacy rights of senior executives and others. I suspect this is an issue to which many of you can relate, since Members of Parliament and Senators are required to provide significant amounts of personal information to the Ethics Commissioner, including information about spouses and children.
Viewed in this context, the provisions in Bill C-57 that require or allow the disclosure of personal information do not appear disproportionate. In addition, our understanding is that the provision requiring disclosure of potential conflicts of interest and many of the other provisions in Bill C-57 reflect requirements that already apply to many other corporations as a result of the 2001 amendments to the Canada Business Corporations Act.
So to be clear, we do not have any significant concerns about Bill C-57 from a privacy perspective. We have not been able to find anything in the Bill that directly affects customer information. In fact, it is possible that the new emphasis on corporate governance is in fact beneficial from a privacy perspective because it has forced corporations to be more aware of the risks of poor management practices and it has resulted in corporations giving more emphasis to security considerations.
Since we do not have much to say about Bill C-57, I would like to make a few general comments about our experience with financial institutions.
In our most recent Annual Report on PIPEDA for the calendar year 2004, we reported that we received more complaints about financial institutions than about any other industry. This has been the case every year since 2001, the first year PIPEDA came into force.
However, this does not necessarily mean that financial institutions are not complying with the Act. Rather, we suspect that it is a reflection of the amount and the sensitivity of the personal information banks and other financial institutions are required to collect, the central role that they play in our day-to-day lives and perhaps the complexity of our relationships with financial institutions.
Many of the complaints we have received are the result of the actions of particular employees who failed to follow company policies and procedures as opposed to systemic problems. In the case of the well-founded complaints, financial institutions are typically prepared to adopt our corrective recommendations. On the whole, we have a very positive relationship with financial institutions.
- Date modified: