Chair:	* Rick Kasper (Malahat-Juan de Fuca NDP)
Deputy Chair:	* John Weisbeck (Okanagan East L)
Members:	* Pietro Calendino (Burnaby North NDP) Glen Clark (Vancouver-Kingsway NDP) Gerard Janssen (Alberni NDP) Steve Orcherton (Victoria-Hillside NDP) Erda Walsh (Kootenay NDP) * George Abbott (Shuswap L) Geoff Plant (Richmond-Steveston L) * Katherine Whittred (North Vancouver-Lonsdale L)
Clerk:	Kate Ryan-Lloyd
* denotes member present

[ Page 53 ]

The committee met at 1:23 p.m.

R. Kasper (Chair): I'd like to welcome you here. My name is Rick Kasper. I'm the Chair of the Special Committee on Information Privacy in the Private Sector.

I'd like to begin by making a few remarks on the mandate of this committee. This committee was established by the Legislative Assembly of British Columbia to inquire into the possibility of regulating privacy protection for personal information held by organizations in the private sector. One major recommendation of the Special Committee to Review the Freedom of Information and Protection of Privacy Act, which reported in June 1999, was that a committee of the Legislature undertake such an inquiry. This committee is the result of that recommendation. Members of the committee are committed to consulting widely with private sector enterprises and interested individuals on privacy regulation for the private sector. To that end, the committee has scheduled three public hearings to date. Yesterday we were in Vancouver, today we are in Richmond, and we'll be in Victoria on Monday. Please note that in addition to hearing from witnesses at our public hearings, we will also be accepting written submissions.

[1325]

I'd now like to introduce the members of the committee. On my right are Katherine Whittred and John Weisbeck. On my extreme left, we have George Abbott and Pietro Calendino and our clerk, Kate Ryan-Lloyd. Not all committee members are in attendance, because other members have other business to do as MLAs.

Our first witness -- and I understand that we just have two witnesses scheduled for this afternoon -- is Mr. Kevin Evans. Mr. Evans is the B.C. vice-president of the Retail Council of Canada. Kevin, if you could come forward. . . . Just to give you an overview, we're very informal. If you can give your presentation. . . . We've allowed up to 20 minutes for a presentation, and then members of the committee might like to ask some questions of you and to perhaps get a little more emphasis on some additional areas or perhaps pursue some areas that you may not have brought forward to the committee. So I'd like to welcome you here, and it's your time.

K. Evans: Thank you very much, Mr. Chair. I'd like to begin by expressing our appreciation and admiration to the legislative special committee for looking at this area. It is an area of tremendous concern to retailers, and we welcome the opportunity to present our views.

Let me begin by telling you just a wee bit about the Retail Council of Canada, which I am representing today. The Retail Council is the voice of retail in this country. We have served, promoted and represented the diverse needs of Canada's retail sector since 1963. We are a non-profit, member-funded industry association. We have more than 8,500 members. They represent all retail formats, including department stores; specialty, discount and independent stores; and, in the past few years, on-line merchants. Collectively, our members account for about two-thirds of Canada's $100 billion general merchandise retail market. In August of 1998 the Retail Council underscored its commitment to serve our members in British Columbia by appointing myself as B.C. vice-president. We created a new position here in B.C.

The issues under review are, as I say, of significant interest to retail and are underscored by a sense of urgency, in light of the continuing and dramatic impact of the Internet. While that impact has raised the issue with regulators all over the world, and while information technology is the focus of my submission this afternoon, we wish to remind government that the privacy issues under consideration obviously affect a range of businesses and business activities wider than on the Internet.

Having said that, the Internet is currently the driving force behind the transformation of business in this country. Retail, as an example, has witnessed the emergence, in just the past couple of years, of a whole new lexicon. On-line merchants are called e-tailers, and hybrid on-line and on-land merchants are known as clicks and bricks. This submission will argue that Canada's e-commerce development is falling behind and that a reason for that is a lack of consumer confidence regarding privacy and security on the Internet. What is needed, in our submission, is a blend of voluntary and regulatory consumer protection initiatives that, most importantly, are harmonized in nature. I'll be elaborating on that further in this submission.

A word about e-tailing and the benefits of this technology. I think that we tend to sometimes focus on the spectre of conspiracy and information being squirrelled away and heading off into cyberspace, never to be seen or accounted for again. E-tailing really offers us as consumers some new and, I think, substantial benefits, including things like convenience -- you can shop 24 hours a day, seven days a week, if that is your desire -- and access to an unprecedented range of goods and services. The retail marketplace has never been as consumer-centric as it is now, nor, in our view, consumers as empowered. They now have an unprecedented ability to gather information and compare information -- price, for example -- about their potential purchases.

[1330]

Access to this type of information, needless to say, carries both tremendous promise and great responsibilities for com-

[ Page 54 ]

So Canadians have got to be assured that they can enjoy the benefits of electronic commerce without trading away control of their personal information. We believe that the development of e-commerce in this country to its full potential depends on the development of effective and transparent consumer protection.

In the following two sections of this submission we'll provide brief overviews of the current status of e-tailing in Canada and public attitudes towards consumer protection as it relates to on-line privacy and security. This week's cover story in Maclean's magazine is focused on Canada's progress in the development of e-commerce globally. The headline is very telling, because the headline reads: "Missing the Internet Wave."

That coincides with the release Monday in New York, where I was at a conference, of an Ernst and Young report on global on-line retailing. That report notes that Canadians are the most wired inhabitants of the planet -- computer penetration of 56 percent of households in Canada, compared with 53 percent in the U.S. But -- and here's the but -- American shoppers are twice as likely to shop on line: 17 percent of U.S. households, compared with 9 percent of Canadian households. The percentage of total shopping dollars spent on line, according to Ernst and Young, is 15 percent in the U.S., 6 percent in Canada. A quote from that Ernst and Young report, which, as I say, is only days old: "The e-tailing market in Canada has been slow to ramp up, and right now the e-tail business community lacks drive and momentum."

Another couple of statistics -- this is from our own study that we co-sponsored with IBM and released last June. Only 26 percent of Canada's top retailers are selling on line, compared with 50 percent of U.S. retailers. Here's a really startling figure -- at least, that's our view: 63 percent of the dollars that Canadian e-shoppers spent on line in 1998 went not to Canada but to the U.S. The quote from our report reads as follows: "Canadians are shopping U.S. sites in spite of having to deal in a foreign currency and the uncertainty of such issues as cross-border shipping and customs charges. . . . Where are the Canadian retailers -- and why aren't they entering the race to reach Internet shoppers?"

What's the story here in B.C.? The Retail Council has not -- to date, at least -- statistically quantified the growth of e-tail in B.C. But I can tell you, based on the anecdotal evidence -- and I talked to a lot of retailers -- that traditional retailers have been reluctant to invest in even a basic Web presence, let alone actually make on-line transactions possible. There are several dozen of what we call "pure play" merchants -- and that's on-line only -- in British Columbia, but very few, to use the term I introduced to you earlier, clicks and bricks, the traditional retailers who are also on line.

Why is this a concern, when you consider that Canadians have a rich and varied history of trailing the Americans in implementing new business models? In the past we seem to have often succeeded in catching up and sometimes even beating the Americans at their own game. But with e-commerce there is a different dynamic at play here. We run the risk of permanently losing business market share by falling too far behind. It's clear that the onus is on Canadian retailers to provide consumers with more compelling choices to shop on line if Canada is to remain globally competitive in this new marketplace.

[1335]

No. 1 is security. People want to know that when they issue their credit card, it's not going to go any further. We were having a conversation at the back of the room about this. I think I'll elaborate on that story, because it illustrates the perception issue with consumers. Many consumers still are obviously reluctant to share their credit card information on line. However, how many of you on this committee have, without a thought, handed your credit card to a waiter at a restaurant, and that waiter has disappeared for two or three minutes? How many people have had a chance to take a look at that credit card potentially in that period of time? Whereas with the encryption technology that is now available on line, the chances are far, far less. I don't know what the statistical chances of your security being violated are, but they are far less. Nevertheless, security remains a number one issue with consumers.

No. 2 -- and these are kind of obvious -- is that they want good content on the Web. Competitive prices -- no surprise. "Easy to use" was No. 4. Good selection. Fast. No. 7, in order of priority, was privacy. No. 8 was "easy to navigate," No. 9 was "easy to find," and No. 10 was the credibility of the business brand.

So privacy rates seventh in a list of ten. It is not, as I said earlier, the magic bullet. However, it is important, because it's the one area that provides an opportunity for industry, government, consumers and privacy advocates to work together to promote the development of e-commerce. However, it is imperative -- and I'm going to be saying this a couple of times this afternoon -- to re-emphasize the global nature of the information marketplace. Our submission is that any and all efforts to address consumer privacy protection issues need to reflect that macro-reality. We wish to underscore, in the context of the special committee's deliberations, that attempts to microsolve intranationally will be ineffective and counterproductive.

So what is the public saying about on-line privacy? Well, there's a lot to be learned about consumers' views on the collection and use of personal information in the on-line environment, and a lot of research is currently being done. But it is possible to discern some general trends. In the U.S., for example, survey research consistently indicates that roughly one-quarter of the American public is intensely concerned about privacy in general. Another quarter has little or no concern, and the remaining 50 percent views the issue pragmatically. In other words, they approach it on a case-by-case basis.

[ Page 55 ]

However, we believe that the right of individuals to the privacy and security of their information needs to be balanced with the reasonable needs of organizations for information in today's high-technology- and information-based economy. There's a bit of a paradox here, and it's kind of difficult to express it. But I'll attempt to do so, because it requires some delicacy as well. Consumers now expect the vendor to anticipate their needs and their wishes so that they can extract full value from the benefits that advancements in information technology provide. For example, they want the convenience. They like the customization, which, when you dial up, says: "Hello, Mr. Calendino. How are you today, and are you happy with your Hugo Boss purchase from last week?"

P. Calendino: You know my taste.

[1340]

The Retail Council of Canada supports, again, a statement in the preamble of "Principles of Consumer Protection for Electronic Commerce -- A Canadian Framework." This is going to really outline the remainder of my submission.

"The rapid evolution of the electronic marketplace requires an adaptable framework for consumer protection that is subject to ongoing review and modification in light of changing technologies and market practices. This framework should include a blend of voluntary and regulatory approaches and, given the global reach of electronic commerce, should be consistent with approaches to consumer protection agreed to by the international community."

Also on the voluntary side, I think we have to look at the role that market dynamics will play. We believe that market pressures will contribute to defining the best privacy protections, as consumers increasingly flex their muscles and make known their preferences regarding information privacy on line. The on-line medium is continually evolving, and it can be shaped to create electronic privacy protections in pretty short order. Retailers are already competing to provide superior security and privacy policies, because they have become a key competitive edge.

So as we say, an effective voluntary response will depend on a blend of solutions, including privacy-enhancing technologies, codes of practices and standards, and consumer and business education. This point is important; I just want to underline it, although I won't go into it in depth. The Retail Council has strongly encouraged its members to develop and to post on-line privacy policies consistent with the principles of the CSA code. Many have added a privacy section to their web sites. I would encourage you to shop at those on-line retailers, frankly, who have an expressed privacy policy posted on their web sites. Most of the progressive leading retailers do now, as a matter of course. That outlines your rights as a consumer and their practices and policies with respect to the collection, the use and the distribution of your personal information.

That comes back again to the responsibility balance. I think it's up to consumers to be taking the initiative here, as well, and to be seeking out this kind of information and to be applying pressure not only on retailers but on all businesses that deal with your personal information to be transparent in their policies and practices in this regard.

[1345]

Bill C-6 strove to represent the core characteristics of consumer protection in the e-commerce context and to build

[ Page 56 ]

However, we do have some concerns. We would wish to note that our members remain concerned that the eventual costs to retailers of implementation and maintenance of the bill's provisions are largely unknown and may be onerous, particularly for smaller independent retailers. That remains to be seen.

We also have concerns about the lack of clarity on the issue of what constitutes consumer consent. Bill C-6, as you know, provides for an oversight mechanism in the office of the commissioner. While we recognize the need for a consumer to have recourse outside of dealing with the agency or company with whom it may have an information dispute, we are concerned that the federal government maintain a light regulatory touch rather than shift to a more onerous regulatory approach. Industry minister John Manley has referred to this bill as "legislation-lite," and we hope that it remains that way. But it does remain unclear whether enforcement will be complaint-based or random audit-based.

Finally, the Retail Council is still looking for clarification on a number of technical issues; in the interests of time I won't go into those, but they are in the written submission.

So while these and other issues are warranting, in our view, ongoing discussions, we believe that these issues should be addressed within the framework of Bill C-6. Our primary reason -- and this is the thrust of my submission -- is the vital need for harmonization across this country. That's the final area of my submission: harmonization. I think it gets to the crux of what your committee is going to have to grapple with. The OECD, the Organization for Economic Cooperation and Development, recently noted: "The inherently international nature of the digital networks and computer technologies that comprise the electronic marketplace requires a global approach to consumer protection as part of a transparent and predictable legal and self-regulatory framework for electronic commerce."

If provinces legislate independently in this area, there is a probability that they might legislate in different ways. The temptation here, in our view, to be forthright -- is for each government to demonstrate it's more caring about privacy than the last one. That could lead to a patchwork of regulations throughout the country, which is contrary to the development of e-commerce in Canada. With the Internet promoting a macro-marketplace, does it really make sense to develop a series of separate micro-markets?

In addition, comprehensive privacy protection will be more difficult to attain as companies attempt to adjust to compliance issues where the rules vary from province to province. In other words, you're going to have mistakes made. There are going to be gaps in protection, particularly in the earlier stages. So our position is that disparate provincial policies will impede the development of e-commerce and provide inferior consumer privacy protection.

[1350]

Now, under which jurisdiction would that company fall, for example, if it were to extend its customer information reach beyond B.C.'s borders? We're all encouraging B.C. companies to grow and to prosper; that's the name of the game in an information-based economy. The mind-numbing myriad of possibilities -- that's just one of the jurisdictional possibilities in a wired world -- simply underscores the necessity for simplicity and for harmonization at least at the national level but hopefully and perhaps eventually at the international level.

Now, the Retail Council of Canada recognizes the constitutional dimension to the provision of Bill C-6 that would see federal law intrude into provincial jurisdiction if within three years a province has not passed its own "substantially similar legislation." We see no compelling public interest reason for a constitutional showdown over this issue, particularly when it can be avoided and nothing lost. We believe that the public interest, in terms of both privacy protection and the promotion of e-commerce development, would be best served by the Legislature of B.C. drafting and adopting provincial legislation that mirrors Bill C-6.

In conclusion, deciding how to respond to Bill C-6 is going to challenge the ability of not only B.C. but of all provinces to adequately address issues of consumer protection in the context of e-commerce. It is a new and different paradigm, and it's going to require different thinking -- big thinking -- about jurisdiction.

Now, you're doing what you must do, and as I said earlier, we applaud you for that. You are performing due diligence to ensure that through your work the interests of British Columbians are protected. But we submit that the privacy interests of British Columbians do not differ sufficiently from the interests of other Canadians to warrant unique legislation and the counterproductive impact that would have.

So on behalf of the Retail Council and the members that we represent, thank you for this opportunity. Good luck in your deliberations. These are issues which are complex and in a state of perpetual motion, and they do not lend themselves to easy answers. I remind you of Yogi Berra's maxim: "Prediction is very hard, especially when it's about the future." So good luck to you and thank you.

R. Kasper (Chair): Thank you very much, Mr. Evans. Now we're open to questions from members. I'll go with Mr. Calendino.

P. Calendino: Kevin, thanks for the presentation and for giving us an idea of what we should include in it. Just one question. You were talking about the jurisdictional issue, transborder issues, etc. In your opinion, in your e-tailing business -- this is a new term for me -- what do you think we should include in there? Should it be left open? Should we not touch it at all? If your business is based in Vancouver, and in your e-tailing business you do business with people in Washington -- well, let's not talk Washington -- in Alberta or in

[ Page 57 ]

K. Evans: I'll answer the question two ways. Number one is to take a look at Quebec, which is the only province that has legislation that addresses that jurisdiction issue. I think it illustrates the problems of a province attempting to solve this problem. In Quebec, when there's a dispute, the jurisdiction is in that of the customer. So in other words, if a Quebecker were to purchase on line from, again, someone in Washington State, and there's a dispute, the dispute resolution will be heard in Quebec. As a result of that, on-line companies and e-tailing in Quebec are nowhere. Most e-tailers are not prepared to go into Quebec. There are some other issues also. But the venture capitalists are not prepared to invest money in Quebec. So I think that illustrates the hazards of being too specific. This is an area where there are no clear answers yet. This is an area that's going to require a great deal of thought. We're going to have to see e-tail in action, I think, for a period of time before all of the possibilities reveal themselves.

[1355]

P. Calendino: Let me now narrow that question that I asked you, because we're talking about a business contract on the Internet, and that's probably not under the scope of the legislation that we would bring in. Our legislation, if we bring one in, will regard the information that's connected to that transaction of yours. Obviously retailing businesses, if they're large enough, do gather information about customers' preferences, etc. Our concern is what we do with that information that you collect -- not you but your businesses that are in your association. What concerns us is: will they keep that information in their domain, or will they then, through the Internet, use that for commercial purposes? That's what they're about; it's not necessarily the business transaction of selling an item or not.

K. Evans: Sure. But the personal information gathered. . . . When you swipe your Air Miles card, they know what you purchased.

P. Calendino: Exactly. Or your preference for certain products, etc. -- you can sell that information to other companies that are similar businesses.

R. Kasper (Chair): Yeah -- that nice suit you're wearing.

P. Calendino: Exactly. It's my Hugo Boss, yeah.

K. Evans: Well, our position is that those questions are answered by Bill C-6. For example, under Bill C-6 that company (1) would have to get your consent to collect your personal information and would have to explain to you the reasons and the purposes for which that information is being collected. And (2) it would have to seek your consent if it were to use that information for any purpose other than that which was initially explained. A corollary of that, of course, is that if they were to share that information with anyone, they would need your consent. Finally, the protection for the consumer is that you have access. You could go to Safeway, under Bill C-6, and say: "I'd like to see what my purchase profile is." Safeway would be obliged to provide you with access to your personal information.

This is also the spirit of the CSA code. While I indicated that this may provide an additional cost and a burden upon some retailers -- and we have some nervousness about that, because we don't know the extent of it -- in principle we regard that as the price of entry into the e-commerce arena.

P. Calendino: So you're satisfied with C-6; it will cover that. But if business is done within British Columbia alone, then we should cover that.

K. Evans: Well, yes. But I think that in the interests of harmonization and consistency and simplicity, there needs to be, we can see, some provincial legislation. As I indicated, rather than get into a constitutional scrap with the feds and have them come in and intrude in the commercial activity here in B.C., it would be in the interests of everyone to pass provincial legislation that covers those areas where B.C. has jurisdiction, but legislation that is consistent with Bill C-6. The consumer doesn't know whether you're a provincially regulated business or a federally regulated business; they just know that they're doing business with you. From the consumer's point of view, it's in their interest to have consistency.

P. Calendino: How would you address, then, the airline industry -- for example, Canadian Airlines? You purchase a ticket in Vancouver, but through the ticketing systems that they use, etc., it's now controlled in Dallas, Texas. We don't know what happens with our information that's being collected.

K. Evans: Yeah. Well, first of all, the airlines are a federally regulated industry. So you don't have to be too concerned with having to devise regulations or legislation that's going to unscramble that egg.

P. Calendino: Good point.

K. Evans: But the other point you raise is that Canadians will be doing and are doing all sorts of business outside of our national boundaries. As I indicated, 63 percent of our on-line activity is with the Americans. The Americans have been a lot less willing to embrace the concept of regulatory protection of consumers' privacy. Right now more than half of Canadians are doing business with companies that. . . . They don't know what they're doing with the information. They don't have any recourse. They're trusting that the company is going to be a good and responsible corporate citizen and that the company recognizes the value that a consumer places on dealing with a company that protects and values their privacy.

[1400]

[ Page 58 ]

K. Evans: I'm not sure what you're driving at with your question.

P. Calendino: How do we manage to maintain privacy in the information collected? The airline industry is only one example.

K. Evans: Information that comes from outside, originates from outside of Canada?

P. Calendino: No, collected here -- collected within Canada or within B.C.

K. Evans: Right, sure.

P. Calendino: You know, it can end up anywhere. But obviously whoever collects that information has a responsibility toward their client.

K. Evans: Absolutely -- and needs to be accountable. Fortunately, we don't have to start from scratch. Fortunately, many years of work have gone into the development of the CSA code and of the Industry Canada working group and, I think, the consensus that has emerged in Bill C-6.

My answer to your question would be that the principles embodied in the CSA code and the legislative manifestation of that in C-6 will adequately, for now, protect the privacy interests of Canadians wherever they may be. But I also say that there is a need to be regularly reviewing the question. With the creation of an office of commissioner at the federal level and with the variety of working groups that have been struck at the Industry Canada level, I'm sure that it's going to take place.

Certainly, as I said earlier, the target is constantly moving in this area. If we take a snapshot today and put together a legislative prescription for that situation today, tomorrow it could very well be different. So there needs to be flexibility. Again, I think that comes back to the need for, rather than having 11 different sets of rules in this country. . . . Try to imagine updating 11 of them; I mean, it simply would not be possible or efficacious.

P. Calendino: Thanks.

G. Abbott: Thank you for a thorough and, I think, very persuasive presentation. I share the concern that I think is the central theme in your paper, about the province-to-province disparity with respect to legislation and regulation. I think, you know, given the nature of e-commerce, that it is right on the mark, that we can't be parochial in the sense of how we're going to deal with this from a regulatory perspective.

I was also struck, and would like to have your thoughts on this, by the information that you set out on the second page of your presentation, where you note -- I guess it's from Maclean's magazine -- that we actually have more computer penetration, as I think it's phrased in your presentation, in Canada than they have in the U.S., but markedly less and indeed half of what the level of e-commerce is in the United States.

To then take your central theme, province-to-province disparity and the potential adverse impacts of that, is it the view of the Retail Council of Canada that we have country-to-country disparity in terms of the regulation of e-commerce? Does that have anything to do with the disparity in which e-commerce has been utilized in Canada and the United States respectively?

K. Evans: We clearly do have international disparities. You can see right now, with the European Union directive and the way in which the Americans have been fighting back on that, that we're going into a big international tussle over the development of global standards for e-commerce privacy protection. So clearly that's on. We're hopeful that eventually the dust will settle and that we will see common standards, at least in trading blocs.

I do not believe that that is a factor contributing to the slow pickup or takeup of e-tail in Canada, however. I think the factors on the e-tailers' side are more like scarcity of venture capital in that regard. I think, frankly, talking with some retailers, that they're not prepared yet to make the leap, to make that gamble, because it does require a tremendous outlay. I think that their strategy was to watch the development in the States. If it flies in the States, then they'll get on. But we could be permanently losing market share to the States.

[1405]

G. Abbott: The second question and I guess the final question that I have is this. It's always a challenge when looking at potential new legislation to try to achieve a balance that takes account of everyone's diverse interests in this province. I think that in this case we have a particularly big challenge in terms of striking the right balance. We have, of course, not only large and small, but we have for example the one that you just mentioned, Chapters.ca, versus the corner store in Quesnel that probably does zero percent of their business on-line. Striking the appropriate balance is going to be tough.

It's clear from your presentation that in the view of the Retail Council, C-6 strikes as fair a balance, I gather, as you can imagine legislation could. But correct me if I'm wrong on that point. The question here really is: is there anything in C-6 that you think we can improve on at the provincial level without seeing us move to that province-to-province disparity which has been noted at a number of points?

K. Evans: Thank you for the question, Mr. Abbott. Frankly, that is the danger that we're most concerned about. To clarify our position on C-6, there are a number of issues that we have outstanding with C-6. No one walks away from

[ Page 59 ]

I think the temptation is going to be for people who didn't get what they wanted in Ottawa to pack up their bags and come to Victoria or wherever across the country and revisit C-6 and encourage the legislators provincially to embrace their agenda. While that may be appealing on one level, again it's going to lead us to this patchwork that is going to be very serious. I think it's a very shortsighted approach. So while, yes, there are some areas that I have concerns about with Bill C-6, no, I would not suggest that the Legislature of B.C. attempt to provide C-6 plus.

G. Abbott: Thank you for that.

R. Kasper (Chair): Or C-6 minus?

K. Evans: Or C-6 minus.

J. Weisbeck (Deputy Chair): I guess that I'm definitely concerned about this harmonization thing. I think we're hearing now that Alberta, for example, is not even going to deal with this bill. They're going to allow the federal act to come into place, and they're just going to sit back and watch. So obviously this is going to create a huge discrepancy between the two provinces. So what do you say about that?

K. Evans: Well, thank you for the question, because I think it just underscores our argument that if our next-door neighbour is going to be embracing the federal legislation, there is all the more reason that we do so. Imagine the cross-border headaches that we're going to have in terms of companies that are doing business in both jurisdictions. I think that perfectly illustrates the concern that we have.

At the same time, it's interesting. . . . Saskatchewan, I believe, in December passed some e-commerce legislation that was silent on some aspects of Bill C-6 which had to do with electronic signatures and so forth. So it's unclear whether Saskatchewan is going to be moving forward and filling that vacuum or allowing the federal legislation to kick in. I think that it very vividly illustrates the concern that we have and, I think, underscores the need for B.C. to be in harmony with the rest of the country.

J. Weisbeck (Deputy Chair): So what are you suggesting? Are you suggesting that we should sit back as well, along with Alberta and. . . .

K. Evans: Not at all. No. I'm sorry. I thought my submission made that clear. Rather than set the precedent of allowing the feds to intrude into provincial jurisdiction and rather than ceding any of that, and to ensure that there are no gaps -- that all areas of provincial jurisdiction are covered by provincial law but with substantially the same prescription, the same kind of legislation. . . .

[1410]

K. Whittred: Actually, no. My colleague, George, asked my question, so I'm happy. Thank you.

R. Kasper (Chair): Okay. I have a couple of questions. Do you feel that if the province of British Columbia brought in legislation that mirrored Bill C-6, it would assist retailers in winning back consumers -- due to the statistical information you presented about their concern about private information: where it's going, credit card use. . . ? And would that be of assistance for retailers to win back the market share and to build, over a three-year period. . . ? There is a delay. Bill C-6 won't cover all the provinces for a three-year period.

K. Evans: Well, I'm not sure about the transition provisions, frankly, but clearly one of the problems we've identified for the slow development of e-commerce is the perception by retailers that there aren't a lot of e-commerce buyers out there. The reason for that is a lack of consumer confidence. The concerns they have relate to security and privacy. We do feel that the rules enshrined in Bill C-6, applied equally across the country, will go a long way to raise consumer confidence about shopping on the Internet.

R. Kasper (Chair): Do you think that that would be a good marketing strategy or marketing tool for e-tail in Canada?

K. Evans: Absolutely. I think that particularly in the domestic market, competition is already occurring. Retailers are vying for position to be the most secure e-tailers, the most respectful of your private information. Now, with respect to transborder, that's less clear. Would Canadians be less inclined to shop at Amazon.com, as opposed to a Canadian equivalent, because of the privacy regulations? I don't know. Like Yogi Berra said, the future is tough to predict.

If I could, Mr. Kasper, I just want to respond to one point that Mr. Abbott made.

R. Kasper (Chair): Yes, go ahead.

K. Evans: He asked a question about big versus small. I think he used the Quesnel example versus Chapters.ca. What we're seeing is that the Internet is, to some extent, equalizing the big and small differential. The fantastic potential of this for business and for the need for us to produce products here in British Columbia is that the person in Quesnel now literally has a global reach. Practically speaking, it's within reach of the distribution where they can send the product and fulfil the order. But it now goes far beyond central Quesnel. That's good for the economy. We now have retailers. . . . Unfortunately. . . . I suppose I should have brought you some success stories of some cottage industries -- right in Vancouver, right here in Richmond -- that are now doing extremely well on line. They previously were, perhaps, Saltspring Island craftspeople who are now distributing their product all over the world. That's one of the great potentials of e-commerce.

R. Kasper (Chair): I just have one question. I guess this is where there's a huge contradiction. In the U.S., you know, they've embraced "safe harbours" -- no legislation. They all sort of get together in a room and work out a policy, a procedure, a code. There's no legislative backup. By your statistics, Canadians are purchasing. . . . Over 60 percent of their dollar goes to the U.S. e-commerce retailer, as opposed to the Canadian e-commerce retailer. Isn't that more of a case of marketing and other factors rather than the fact that the safe-

[ Page 60 ]

[1415]

K. Evans: I guess a couple of quick responses to that. The first is: is this a case of superior marketing or exemplary marketing? Yeah, you bet. We are exposed to American media, obviously, to a tremendous extent. So we all know about Amazon.com and Barnes & Noble. It's hard to watch an American football game without seeing some dot-com advertisers. Clearly they've done a good job of getting their message into Canada. As I indicated in my submission, there are a number of web site attributes that rate far higher than privacy with many consumers. Again, I said that's up to the retailer in Canada -- to be competitive and to address those issues like good content, competitive prices, easy to use, etc.

With respect to the States, I'm not familiar with the safe harbour concept, but I am familiar with what the Federal Trade Commission is doing. They are getting, I think, far more aggressive at attempting to regulate and at prosecuting. There was a prosecution -- the dot-com URL escapes me right now -- of a fairly large, significant California e-tailer. They misrepresented the manner in which they were going to use the information that they collected. They were prosecuted. They were fined, and there was a prescriptive action that they needed to take by way of posting a privacy policy on the web site and so forth. The FTC is starting to flex its muscle in this area, so I don't think it would be fair or accurate to characterize the United States e-tail market right now as a sort of Dodge City -- the untamed frontier.

R. Kasper (Chair): I don't know of your story, but I do know this: individual states have brought in legislation. Virtually nothing's been done at the federal level in the U.S. It's sort of the exact opposite of what's being done in Canada. I guess my last question is: when you talked about the fact, through your presentation, that your organization would support. . . . If this committee were to recommend that the government adopt or bring in legislation that mirrored Bill C-6, will it enhance the ability for retail business to take advantage of selling their wares with a competitive edge?

K. Evans: Absolutely. It would not only do that, but it would also provide consumers with superior privacy protection.

R. Kasper (Chair): Okay. Are there any more questions? Okay, Mr. Evans, thank you very much. It was an excellent presentation.

K. Evans: Thank you very much. Good luck.

R. Kasper (Chair): We're just going to have a five-minute break, and then our next presenter is Mr. Joseph Edwards.

The committee recessed from 2:19 p.m. to 2:34 p.m.

R. Kasper (Chair): Our next presenter is Mr. Joseph Edwards. It's now your time to give us an overview of what you have to say about this matter.

J. Edwards: Thank you very much. Mr. Kasper, ladies and gentlemen and panel, I'd have to thank you for giving me this opportunity to speak to you in regard to issues of privacy. I'll just introduce myself. My name is Joseph Edwards. I live at 17112 61A Avenue in Surrey-Cloverdale. My phone number is 604 576-1805.

R. Kasper (Chair): Now remember, that's personal information.

J. Edwards: But I'm giving it out willingly.

P. Calendino: You'll have to sign a waiver. [Laughter.]

J. Weisbeck (Deputy Chair): Carry on.

[1435]

It started off last summer -- June or July -- when she was registering for her fall courses. They were offered an extended health care benefit at the school. She approached me, saying: did she need it? I said: "No, you're covered under my benefits and your mother's benefits. We don't need it, so just tell them you don't need it." She said: "Well, they want proof." I said: "Well, just give them your medical card and tell them you're covered, and that should be it." She said: "Well, they want a waiver signed." I said: "Well, just sign the waiver, saying that you don't want it." Then she came to me later on and said: "No, they need something to the effect of. . . . They want your plan number and the company that carries your plan and covers us before they'll allow me to register for courses." I said: "Well, basically they don't need it."

This started the ball rolling. I contacted the student association, and they were adamant that yes, I must provide this personal information before my daughter would be allowed to continue her education. My thinking was that a waiver is a waiver, saying: "I do not wish to take your coverage." That's all it should be. In the true sense of the word, waiver. . . . When you go to get car insurance when you're renting a car, they ask you if you want extended coverage for collision, etc. You just say no. They say, "Initial here," and that's the end of it.

My daughter brought home an article from her local school paper which, if you look at the handout I gave you, only consisted of basically the middle portion, where it says, "Student Information" -- last name, first name, student ID number, address -- and then "Existing Coverage Informa-

[ Page 61 ]

My next question was: "Why do you need this information?" I asked him four times. He was doing the green apple two-step all around it and wouldn't provide it to me. He just said: "Well, we need it to reduce our liability of any claim."

I said to the gentleman: "If I don't have insurance with you, what claim do I have?" He said: "It's to reduce our liability."

I said: "Well, in business your liability can be only as judged upon -- the next judge that decides on who's liable in any case." He just said: "We are going to rewrite the waiver form, and you'll probably be happy with it." I said: "Oh, okay. Will you send me a copy?" He sent me a copy of it, and this is the one you're holding.

Instead of getting better, it got worse. Whereas if you see where. . . . You know, if you don't provide it, it says under "Authorization": "I understand that the information provided above is required in order for me to waive the dental and/or extended health care coverage, as applicable. I hereby authorize and consent to the use, release and exchange of the above information between the institution, student organization, the student benefits plan administrator and the insurance carrier(s) to be used solely in connection with the student benefits plan."

I said: "Well, gee, if I don't want it, why am I giving you all this information?" Then I asked him: "What security measures have you put in place to ensure that it's secure? What background checks have you done on the students that are going to have access to this?" His answer was: "None."

I said: "The student body changes every year as people enter and people graduate. You're only as good as your weakest link. What securities are in place?" They couldn't come up with an answer. I know, myself, I just got stung over the holidays by my credit card, by giving my information in good faith to a retailer I purchased some stuff from. Lo and behold, one of their unscrupulous employees provided this information to the criminal element, and there are charges pending on that.

[1440]

So I sat back and thought. Then I contacted her, and I said: "Well, hold on a minute. Kwantlen College is a public body. My daughter is entitled to an education, but she's sort of being held to ransom because Kwantlen is collecting most fees directly associated with her registration fees for courses."

Ms. Hamberg got back to me in another letter and advised me on October 12, 1999 that the office has decided to open a primary investigation into this matter to determine whether it has jurisdiction into investigating this matter further. The case has been opened as of August 27, 1999, and it has been assigned to Mark Grady. At present, Mark Grady from the privacy commissioner's office is investigating it.

I was informed that maybe I would like to. . . . That's when I heard about this panel. I said that yes, I would like to address it, because I am very concerned about my privacy. In fact, if they get a hold of this information -- at least the telemarketing -- then God knows where it's going to go. Later on if I, myself. . . . Now, this is not just my daughter's but my information, because she's covered under myself. As I get older, if I want private insurance as I retire from my job. . . . If I go to get it, and I am denied, I won't know where it came from if I'm denied. Or if I have any disease or some condition, it's all there, because computers talk, information flows. I've given them the authorization, but I haven't given it freely. I've been coerced into giving it for my daughter's education.

I also contacted the office of the Education minister, the Hon. Andrew Petter. I was talking to Andrew Petter's office. I got a letter from Robin Ciceri. This is how the student body is also duping provincial government ministries. When I received the letter, their reference number 19525, dated December 14, 1999. . . . The second paragraph is:

"I understand your concerns over a possible misuse of the information that is requested on the Student Benefits Existing Coverage Waiver Form. The minister's staff contacted Tyler Runquist, the plan administrator for the Kwantlen students'association and clarified that while a student who wishes to opt out of the plan must provide acceptable proof of existing coverage, it is not necessary to make a record of the existing insurer's name or policy number. The blanks reserved for this information on the form are optional, although it is not stated."

Why? If I don't want your coverage, I don't want it -- bottom line. It's still in the process of being investigated, and I hope for an outcome on it. My son is attending Kwantlen College now, but he's only taking one or two courses at night, and this doesn't really kick in until you hit three subjects or more. I feel for the people that are just giving them the information -- signing it, giving it to their children. They're going. . . . All of a sudden some Calgary insurance company has their private information -- has access to every test you went under, every complaint or illness you ever had and every medication that's been prescribed to you. That's private to me. If I don't want your service, all I have to say is: "No." I shouldn't have to sign this form, because I'm being coerced out of my privacy.

I guess that's all I have to say. Thank you.

[ Page 62 ]

[1445]

Now, are there any members who have any specific questions?

G. Abbott: I too am glad that you have made this presentation to the committee. It's interesting that my daughter, who is a first-year student at UBC, has just gone through this. She recently received notice from the institution that unless she signed, sealed and delivered this waiver form, she was no longer going to be able to continue at UBC. I didn't take as much interest in this as I should have. I know my wife did, and she was absolutely incensed that, you know, this would be required.

Really, when you look at it, it is a kind of weird variation of negative-option billing. You've got the channels, and you're going to be paying for them unless you tell us that you don't want them. Here is, I think, just a strange twist, where it's not good enough to say, "No, I don't want it; I'm already covered," which I guess would be an acceptable and practical and commonsense way to deal with it. Instead, we get this, and you've identified it very aptly as an intrusion into personal privacy that's entirely unnecessary and certainly most unfortunate.

So I think it's just an excellent point you make here, and I think it's right on the mark in terms of identifying where -- I'm sure with the best of intentions -- an institution has, wittingly or unwittingly, gone into an area of personal privacy that they have no business being in and no need to be in. Surely the signing away of the opportunity to participate in the program is sufficient, without having to generate the personal information that's required here to supposedly substantiate that. That's not a question; that's an observation. I'm saying I agree, and I'm really glad you brought this very important case forward.

K. Whittred: I too would like to thank you, Mr. Edwards, for bringing this forward. It is very interesting, and I am intrigued by it. One of the things I wanted to add. . . . I was going to make the point about it being a form of negative billing, but that point has already been made. In your conversation with the college, did you ever ask them what business it is of theirs, anyway, whether or not your daughter in fact has dental coverage and/or extended benefits? That is also of some interest to me.

[1450]

The whole concept of the coverage, at its outset, is good: to provide single mothers and students working on their own with a good coverage of medical benefits that they might require. I think the whole process was good until they were overstepping their bounds. They've gone over that guideline. I think it's just to limit their liability for anybody that takes it. Like, if you have a prime server who provides you with 80 percent, then they're going to say: "Well, we're only culpable for 20 percent, and taking out the deductible, we're only going to pay 5 percent." So you see how they're playing with the figures.

They put it to a vote at Kwantlen College. There was only 16 percent of the student body that voted on it, and thus they were all compelled to go with it. But when you talk about a student body, you're not talking about a student body of full-time students. You're talking about everybody that goes to that school; mature students and continuing education are also included in this vote. But for not being there on that night -- family commitments, they're just taking one. . . . You know, given what their situation is, only 16 percent voted on it. That's why that passed with 16 percent instead of 75 or 80 percent.

I would just like to reiterate that I think it was a good thing in the first instance, but my privacy is my privacy. For any reason down the road, you could get refused for something strictly because you had a hangnail in 1967 or something, you know, and they don't want to insure your nails -- whatever. But all your private information is out there. Once it's out, it's like shooting a gun. Once you pull the trigger, that bullet doesn't come back, no matter what kind of niceties and everything else; it's gone. You're subject to anything that comes back.

J. Weisbeck (Deputy Chair): So it's your understanding that when you sign this existing coverage information or give the information, they have access to your medical records.

J. Edwards: Yes, because you're giving your. . . .

J. Weisbeck (Deputy Chair): You're giving the above information, which just gives the insurers a name and a policy number. But does that give the access to your medical information?

J. Edwards: Yes, but if you look at the bottom part, it says "Authorization: I understand that the information provided above is required in order for me to waive the dental. . . ." And it says: "I hereby authorize and consent to the use, release and exchange of the above information between the institution, student organization, the student benefits plan administrator, and insurance carrier(s) to be used solely in connection with the Student Benefits Plan."

[ Page 63 ]

J. Edwards: Yes, that's my understanding.

J. Weisbeck (Deputy Chair): That's your understanding. Did you ask the insurance company if they could actually access your medical information?

J. Edwards: Yes. He says: "Oh well, we're not going to use it; we just need it." Well, if you're not going to use it, then why do you need it?

J. Weisbeck (Deputy Chair): Yeah. As I said, all this is giving them is their name and the policy number, so it's not really saying that they're actually having access to your medical records.

J. Edwards: But knowing how today's computers talk to each other -- all right? That's how I got duped over the holidays. They had all my information, and some guy passing himself off as a bank service manager had all the buttons to push when they asked. He had all the information, and they just gave it to him. Some clerk just said: "Here." They got an extra card on my account. It's the same here. Once they have pertinent information. . . . "You must submit this waiver prior" to the application deadline. You must. . . . You know, all these buzzwords of "you must. . . ." You will not be covered; you will not do this. So you get someone like Mr. Abbott's wife, who is concerned, or students who are giving this out and are led to believe that if you don't sign and provide us with this, you're no longer in college or UBC. In other words, a lot of people would just say, "Oh, here" -- indifferently give it away. Well, I'm pretty private on my private information.

J. Weisbeck (Deputy Chair): You never did tell us if your daughter did eventually go to university.

J. Edwards: She's finished; she's graduating.

J. Weisbeck (Deputy Chair): But you never did sign this, so she's still. . . .

[1455]

R. Kasper (Chair): Okay. Are there any other questions?

J. Edwards: No. I'd just like to say thank you again for hearing me out. I hope that some good comes of my concerns and that the insurance company is told: no, we don't have to provide this. A waiver is a waiver, and it's just a yes or no.

R. Kasper (Chair): If it's possible, after your presentation, if you could perhaps consent to photocopy those, I will give you an undertaking to make sure that all of the information that you've presented to us that you have in written form is actually conveyed to the minister's office responsible for post-secondary education.

J. Edwards: Mr. Petter's office?

R. Kasper (Chair): Yes.

J. Edwards: Would you like a copy?

R. Kasper (Chair): Yes.

J. Edwards: Okay. Do you have a fax number or a photocopy. . .or some place where I can drop it off?

R. Kasper (Chair): Yeah. We can get it copied here, and then I could give you the undertaking to make sure his office gets this. . .

J. Edwards: Good. Thank you.

R. Kasper (Chair): . . .because I think there's a priority here.

J. Edwards: Thank you very much.

R. Kasper (Chair): Thank you for the presentation.

The committee is going to stand recessed. We don't have any other presenters scheduled, so we will stand down and reconvene when required. So that's what we'll do right now. Thank you.

The committee adjourned at 2:57 p.m.

[ Return to: Legislative Assembly Home Page ]

Copyright © 2000: Queen's Printer, Victoria, British Columbia, Canada