Interventions in Committee
 
 
 
RSS feed based on search criteria Export search results - CSV (plain text) Export search results - XML
Add search criteria
View David de Burgh Graham Profile
Lib. (QC)
Earlier, we were talking about passwords. Nowadays, we see two-factor authentication being used a lot more for bank accounts. Could the same thing be done for social insurance numbers?
View Michel Picard Profile
Lib. (QC)
View Michel Picard Profile
2019-07-15 14:23
I'd like to revisit the issue of a unique identifier.
Other models exist. On other committees, we've talked about the popular Estonian model, I believe. It's a system that's in line with our discussions on open banking. All the information is centralized and people can access it using a unique identification number.
At the end of the day, no matter what you call it, a social insurance number is a unique identification number, so it's important to understand the system's limitations. It's all well and good to have the ultimate ultra-modern system, but if a single unique identifier is assigned to an individual, the information will always be vulnerable if someone gets a hold of it.
View Francis Drouin Profile
Lib. (ON)
Thank you very much, Mr. Chair.
I thank all witnesses for appearing before the committee on short notice.
I should mention that I am one of the victims of the data breach at Desjardins, as are many of my constituents.
Ms. Boisjoly, you referred to the online petition asking that the social insurance numbers of those affected be changed. Can you explain to the committee why that would not be done and why it would only complicate things without providing better security for Canadians?
View Francis Drouin Profile
Lib. (ON)
In other words, changing our social insurance number does not necessarily protect our personal information.
Why is another social insurance number issued in cases where fraud has been proven?
View Francis Drouin Profile
Lib. (ON)
Here is a more practical question.
Like everyone in the same situation as myself, I see a risk of fraud. How then can I advise the authorities, whether at Revenue Canada or Service Canada, that my social insurance number may perhaps be used fraudulently? Can I call Service Canada to advise them of that? Is there an internal process that allows the public to do that?
View Francis Drouin Profile
Lib. (ON)
Okay.
The website lists 29 cases in which Canadians are allowed to give out their social insurance numbers. To banking institutions and other entities, for example.
What does Service Canada do so that Canadians know when they should give out their social insurance number and when they should not? What recourse is possible when an organization asks for a social insurance number when it should not do so?
View Pierre Paul-Hus Profile
CPC (QC)
The investigation has nothing to do with it because we know how the data breach happened. We also have an idea of where the data was sent, but, at the moment, that is not what we are interested in. We know that someone, somewhere on the planet, has our information and is in a position to harm us by stealing our identity. So we want to know whether our agencies can become proactively involved or, if not, what can be done.
You have a solution in my case, so that is already something that the public could be told about. It is important to do that quickly because people are not in a very good mood during their holidays. Then we will have to see if something else can be done.
The issue of the social insurance number has come up everywhere. A number of suggestions have been made. You are responsible for that file and you are saying that nothing can be done, at least not in that way. These are the answers that people need to hear. But the fact remains that we have to leave here telling people what the government can do to help, first Desjardins and second, the 2.9 million people who have been affected. We are hearing a lot about internal protocols, but, for the Canadians listening to us, that does not mean a lot. This is why I want to hear clear answers. I know that you are giving them when you can, but basically, when we leave here, we will need to know what can be done.
View Matthew Dubé Profile
NDP (QC)
Thank you, Mr. Chair.
Thank you all for taking the time to come here today.
Ms. Boisjoly, I was struck by one point in your reply to Mr. Drouin. You said that a personal data breach does not lead to identity theft. That is basically what brings us here today. Canadians want to avoid identity theft, of course; it’s their main concern. I have some questions about it.
You said that people should report suspicious activities associated with a social insurance number. I am a federal lawmaker and I don’t know what a suspicious activity associated with a social insurance number is. I have never been a victim of fraud, thank heavens, and the same goes for the people around me, touch wood. However, I do know people who have been victims. They find out when they receive a bill for a cellphone they do not have, or for a Canadian Tire credit card that they never applied for. They end up with debts and obligations that are not theirs.
Can you tell me exactly what a suspicious activity associated with a social insurance number is?
View Matthew Dubé Profile
NDP (QC)
As for getting a new social insurance number, I have a little difficulty understanding. Basically, the argument is that it becomes complicated for people. In principle, a social insurance number is issued for reasons of efficiency. A unique identifier makes transactions with government agencies easier.
Forgive me if this analogy may not be an exact one. If I see a problem with my credit card today, the bank or the company that issued it is still able to transfer a balance or to link the legitimate transactions on my credit card that has been used fraudulently and the new one it sent to me.
Why would a financial institution be able to do that, while you are not able to say that someone’s social insurance number has been compromised and to give them a new number? A former employer, for example, might have to take care of questions about that person’s pension. Knowing that is the same person, why are you not able to link the previous social insurance number to a new one? You may perhaps have to do some additional checking, given that the number has been compromised. But I am still having a little difficulty understanding why you can’t do it.
View Matthew Dubé Profile
NDP (QC)
I am sorry to interrupt you, but, if I lose my credit card, it does not necessarily mean that it has been stolen. It may have fallen down a sewer somewhere, meaning that it will never be seen or used again. I would still call my bank, Visa or whomever, to ask them to cancel the card. I would still keep checking and I would have some peace of mind, knowing that I am protected.
Why not use the same logic for victims of breaches of personal data, especially ones that are all over the news? To make sure they are protected, people want to dot all the i's and cross all the t's that they can. They change their credit cards and everything, as they do when they lose their wallets. Why not proceed in the same way?
View Alupa Clarke Profile
CPC (QC)
Fine.
In your introduction, you mentioned very humbly and respectfully that you had some questions. Personally, I would have liked to know your answers as an expert in your field. I don't remember your first question very well, but it was still interesting. You were wondering if Canada had an adequate system for social insurance numbers, for example. I would like to know your perspective on this.
View Alupa Clarke Profile
CPC (QC)
I have a supplementary question, which will probably be the last one. I am addressing Mr. Cormier, the citizen.
You made a very important announcement this morning. You said that the protection applies to all members, whether or not they are affected by this unfortunate event. You said all they have to do is call you and you can take care of them. You will establish contacts, take action and take the necessary steps.
Do you think that's exactly the kind of attitude that the government, the federal state, should have right now towards the 2.9 million Canadian citizens?
Citizens are being asked to contact us, and I think it is the federal government that should contact citizens. Let's say that citizens are communicating with the federal government, shouldn't the federal government have the same approach as you and say that it takes care of everything?
The representative of Employment and Social Development Canada said that, if citizens' social insurance numbers were changed, they would have to call all their former employers. That's not what you're doing. You, incredibly, say you're going to take care of everyone at the last minute.
As a citizen, would you like the federal government to act in the same way towards the affected members?
View David de Burgh Graham Profile
Lib. (QC)
Thank you.
Ms. Boisjoly, earlier you heard the people from Desjardins talk about the need to rethink the social insurance number system. Is research being done on the future of the social insurance number?
View David de Burgh Graham Profile
Lib. (QC)
Among the data that was taken, we know that there was a lot of information, not just social insurance numbers. There were also addresses, phone numbers, and so on. You have spoken several times about additional information to authenticate the social insurance number. Is all this information included in the data that was taken?
View David de Burgh Graham Profile
Lib. (QC)
Is there a way to indicate somewhere that the social insurance number is no longer valid and then remove the liability associated with it?
If I change my social insurance number and I am still responsible for the old one, in my opinion, it doesn't make sense. Can you tell us more about this?
Results: 1 - 15 of 19 | Page: 1 of 2

1
2
>
>|