E10 – David Goodis Privacy Commissioner Canada
Your browser doesn't support HTML5 audio
Data Diva David Goodis
38:57
SUMMARY KEYWORDS
privacy, data, people, Canada, privacy protection, fines, legislation, happening, adequacy, FTC, organizations, regulator, terms, big, businesses, consumer, information, privacy legislation, comprehensive, Europe
SPEAKERS
David Goodis, Debbie Reynolds
Debbie Reynolds 00:07
Hello, my name is Debbie Reynolds. This is "The Data Diva Talks" Privacy Podcast, where we talk with leaders around the world about issues and Data Privacy that businesses need to know right now. My special guest today is David Goodis, who's the Assistant Commissioner of Information and Privacy of Ontario, Canada. David and I had the pleasure of meeting many years ago on a panel that we both spoke on for COGEL, which is the Council on Governmental Ethics and Laws. It was a fascinating panel. And actually, on that panel, we were talking about the prospect of having a Federal Data Privacy law or legislation in the US. So this is definitely an evergreen topic because we're still talking about this. And I'm very happy to welcome David Goodis to the show. I'd love for you to tell us a little bit about you and your background and your interests and sort of how you got into this position in privacy.
David Goodis 01:05
Well, first of all, thank you for having me, Debbie. Great. Great to chat with you. My background, I'm a lawyer. So that's kind of my starting point is, you know, statutes and, you know, court decisions when it comes to privacy and access. So our office deals both with the protection of privacy and access to information that freedom of information. So we kind of have that dual role. And I've been at the office for, believe it or not, over 30 years. And I kind of really just stumbled on it. I was in I was a lawyer of private practice doing personal injury litigation. And I just happened to see this ad for a brand new office that was opening up that was going to be, yeah, regulating privacy and access to information. And I thought it sounded really interesting and really cool. And they were looking for a lawyer, and I thought, well, what a great opportunity to kind of get him on the ground floor in a really a brand new area. You know, in the 80s. We were just starting to think about privacy as technology was starting to grow. And I thought it really had a bright and interesting future. And I was right on because our office has grown, our jurisdiction has grown. And, of course, we're seeing privacy as part of the legal landscape and part of just the general culture, cultural conversation now. So it's just really been fantastic—kind of being somewhat, you know, at the center of privacy protection and privacy laws.
Debbie Reynolds 02:33
Yeah, so you've definitely had a front-row seat over the last 30 years to see how these things are developing. Also, just being the closest neighbor to the US and being so different in terms of the way that we approach privacy, I'm sure you have plenty of stories to tell about that. I had the pleasure of chatting with a lot of people in Canada, a lot about privacy, and my listeners need to forgive me because I don't do enough stuff about privacy in Canada. You know, I think it's fascinating, but what types of things that you think people need to know and understand about privacy and Canada now? Like what's happening right now?
David Goodis 03:11
What's happening right now? Well, I'll start off by saying, Canada's kind of interesting, we're in an interesting position, because obviously, we're, we're much smaller than the US much, much smaller than the EU. But it's funny, we sort of think of ourselves as somewhere in the middle, we're a little bit like Europe in some ways. And we're a little bit like the US in some ways, both culturally and legally. So when it comes to privacy protection, it's really the same thing in terms of work. We are a little bit like the US. We're a little bit like Europe. So just as kind of a background, the way Canada has approached privacy protection is really from the point of view of saying, you know, let's regulate privacy and the handling of personal information on a sector basis. And when I say sector, I mean, the entire business sector, the entire health sector, we have a law that handles Child and Family Services, Child Protection, so we kind of take a sector by sector approach, but you know, and impose kind of blanket rules on that sector. So that's maybe a little bit more like Europe than it is the US. So that's, that's kind of our background. And in the 80's privacy legislation developed, or I should say the other sector, the sector that we cover in Canada is government. So all of government, Federal, Provincial, even local municipalities. So we do these kinds of very broad blanket privacy legislation, and turning to kind of what's happening now. So about 20 years ago, around the year 2000. Canada, in response to the sort of international trade pressures, needed to enact private sector privacy legislation to ensure the flow of personal data across borders to enhance trade. So we had to step up and bring in private sector privacy legislation much like they had done throughout Europe at the time. So we enacted this statute called PIPEDA, Personal Information Protection, and Electronic Documents Act. And for the time, it was a. It was a very good piece of legislation, very principle-based. But over the past couple of decades, it's really fallen behind, mainly in the area of handling our connected world. And that the technology that we're, that's come into all of our lives and businesses and individuals are using. So we've fallen behind Europe, of course, brought in the GDPR a couple of years ago, and in light of that, Canada has realized that we need to raise the bar for privacy protection in the private sector. And at the moment, there's actually a very major comprehensive sweeping bill that's going to do away with our old legislation and bring in an entirely new framework. Again, privacy rules for the private sector, all across Canada. So there is this new Act, or sort of proposed Act, called the Consumer Privacy Protection Act. And I can talk to you a little bit about kind of the important elements of that legislation if you want or we can,
Debbie Reynolds 06:32
Oh, yeah, I would love to hear that. We're jealous. I am jealous that you guys are doing this because we very much want to see more comprehensive privacy legislation instead of having so many different states have their own thing. I don't know. I think I always knew that the states were very different. But I think because of COVID. It's like every state feels like a different country. So being able to, you know, everyone is really putting pressure, you know, there's consumer pressure, there's business pressure for different reasons, obviously, about doing comprehensive Data Privacy legislation. So we're just watching you guys find out what you're trying to do. So I would love to hear the features of this proposed law is happening.
David Goodis 07:19
Sure, yeah. And I will say that, in creating this law, the Canadian government was looking certainly looking to Europe in the GDPR. But they were also looking elsewhere. And one of the laws that they I know, that they looked at carefully, was the California consumer Privacy Act CCPA, because that's a quite a recent modern approach to privacy protection, and has a lot of good, good parts to it. I think that Canada took notice of this new legislation. So just in terms of, you know, what are the differences? What, you know, what are the modernization steps that they've, that they are going to be taking? One of them is, I think that the privacy issue of our time, the biggest issue that we're all facing when it comes to privacy, and that is Artificial Intelligence and automated decision making. They knew they had to grapple with that in some manner. And they've taken, I think, a pretty good step in ensuring greater transparency for individuals in automated decision making, you know, how, how did these decisions get made? What is how do the algorithms work? So it may not be perfect, but it's certainly a big step forward in terms of allowing individuals a little more insight into how these decisions are getting made. And we know this is the future. The right decisions are going to be made about you, me, and all of us on an automated basis because there are incredible efficiencies to be gained by that. But at what cost, of course, and we worry about discrimination in these decisions getting made. We've heard lots of horror stories about that. And we worry, of course, about not having little or no understanding about how these important decisions that can impact our lives are getting made. So that I think that's fantastic, and maybe perhaps the most important modernization piece of this bill. Another element is data portability. So the idea from the GDPR that individuals should be able to say, okay, if I'm, if I'm a customer of Bank A and I want to move my business over to Bank B, then I should be able to ask my bank, oh, can I have my data? Can you give me my data on a memory stick or in a downloadable file or something of that nature that I can then bring over to the competitor bank? Because right now, consumers, I would say, often feel very locked in because their data is being held by one organization, and it's very difficult to move and bring that data over. So and that can be very difficult. So that's another important step in terms of individual's ability to control what happens to their personal information, including PII, being able to move their information to another provider, the right to be forgotten. A lot, there's been a lot of talk about this over the years, sort of starting in Europe, the idea that you can or should be able to at least request that your data be removed from, say, from a website, or something of that nature. Or perhaps even more importantly, having web search engine engines like Google delist or, you know, remove the data so that it's not searchable data that could be inaccurate or harmful in some way or out of date in some way. So Canada's proposing to bring in a, what they're calling a right to delete, right to deletion, which of course, is not absolute. It's going to have its limitations. But there is an established right there. There's also this quite interesting piece that I wonder if you've been doing some thinking about this idea of a socially beneficial purpose of data use. So the bill has this, I guess you would call it permission to, for organizations to be able to use and share de-identified information, the identified data for a socially beneficial purpose. So quite interesting to kind of open that open up that idea. And I guess the idea being to look, if the information is de-identified, and sharing it will, again, have some socially beneficial purpose will, will help society in some significant manner, then, then that kind of sharing should be allowed to take place, which under current legislation may not be permissible, really interesting. And I think we can talk a lot about that—just that one.
Debbie Reynolds 11:57
Oh, yeah. Yeah, well, that's really interesting. Well, especially, I guess, part of that, that is sort of determining the norms of the society in determining what is socially, you know, what fits in that category, in terms of what's socially acceptable to be shared, or how beneficial that is, I love that you all are looking at artificial intelligence and automated decision making because that is, that's something that is it needs to be talked about a lot, there needs to be a lot more visibility for individuals to see what these things are, I feel like even like you think back to like the way credit agencies work, and how they sort of score people, you know, that process is even not as transparent as it should be. So I think having more transparency in terms of how this data is being used, and what decisions are made about people, especially, you know, you know, I'm obviously concerned very much about bias. And that, for obvious reasons, I guess, because I want to make sure that the information is correct. And we're not making the wrong assumptions or trying to, you know, I guess the date, the term, or the way I would describe it, in a data sense, would be proving a point or maybe a fraction of a data set, and then trying to push a process or procedure, and try to make it fit on other data more broadly, where it really doesn't fit. So, you know, people do that a lot, like, oh, let's test this thing. It works for this little group of people, but it doesn't work for other people. So I think that's really interesting. One thing that you have talked about, and this is something that I talk to businesses about quite a lot, and it's about transparency. So there are, you know, as you can see, in the US, and even in Europe, there are a lot of these new antitrust cases that are coming out. And you know, they're hitting on a lot of different topics. But transparency comes up quite a lot in terms of being able to have people understand what they agree to. I'm saying sending the privacy policies, you know like you said, AI and automated decision making, I feel like businesses need to understand that transparency is like, you know, the New Black. Okay, so, there, if you're not trying to be transparent with data that you collect from people, you are swimming upstream, as far as I'm concerned. So that is the way of the future, so if you're trying if you're collecting data from individuals, you can't be transparent with them. You're going to have a huge problem in your business in the future. What are your thoughts?
David Goodis 14:52
Yeah, I agree. I think I think you're right, and your businesses are going to have a trust problem. Consumers are getting more wary, more savvy. I agree with you that they want to see organizations that are open and transparent and honest, just honest with them. This is what we're going to do with your data. This is why we're collecting. This is why we need it. I think their concerns for organizations around reputation around competitiveness if your competitor is more open than you are, I think people are going to vote with their, you know, vote with their feet over their wallet. So it is something to be very wary of, I think, again, I think people funny on the one hand, I think people often feel very powerless. On the other hand, and in some ways, people are getting more savvy. And they're starting to think about these things a little more. And, again, organizations should really pay attention to this and do what they can to be more forthright and open with their consumers with their customers or potential customers. All of that, I think it is critically important,
Debbie Reynolds 15:59
Especially with things like the onward transfer of data. So I will say, I patronize a bank account there, I share my data with them, and then you don't want them to share your data was someone else that you don't know about? And you don't know what's going to happen with that data. So I think the idea that you have to get the consent of the consumer to do that, or at least be transparent about what you're planning to do with that data, I think that's going to change a lot of the way people think about stuff, because it's like, I gave it to you for one purpose, and you were using it for a different purpose. I think it, unfortunately, it should be a no brainer. But obviously, it's not that you should let the person know what exactly it is that you're doing. And then they should be agreeing with what that purpose is.
David Goodis 16:50
That's right. And there's a big difference between, you know, what I consider a benign purpose. So my bank, let's face it, in our modern world, banks, and other even larger organizations, they outsource certain things, right? So so they bring in a provider to, let's say, store the information in the cloud, something, something like that. That's probably fine. But I agree with you that they should be open, they should tell me. Oh, by the way, you know, we retain the services of company x, can they store our data on our behalf in this manner? And that to me, Well, first of all, it'll give you it'll give you some degree of choice. So if you understand that's what's happening, maybe you don't like that. Maybe you don't want to be a customer of theirs. Because you don't like that, but that's to me that's more benign. As far as you know, in that case, the bank is saying, well, we retain this third party to help us do our essential business. That's a service that we need. And that's different from saying, Oh, we disclose your data to a third party. And we sell it to them, so they can do marketing. I mean, that's, that's completely different. That's, that's not a purpose that you would say, oh well, the thing, you know, they have to do that. Well, that's, that's not really their service provider. That's something very, very, very different. It's something that many people would find highly objectionable, right. But again, the key is to be transparent. Maybe I look at that and say, well, they de-identify my information. Maybe I don't care. But I don't really want them keeping like identifiable information to some third party marketer. Right. Yeah. So it kind of all loops back to transparency
Debbie Reynolds 18:37
It does loop back to transparency. So I always am curious about well, let me back up. So we did a panel that we did for COGEL that was related to the US having a Federal Data Privacy law, which has not happened. So I think that we could have literally replayed that session right now. And it has still been very evergreen, in terms of the conversations that we're having. But I'm always curious because you're our closest neighbor in Canada. So what are your thoughts? What are your feelings? What are you know? How does? How does what's happening to us and talk to you if at all related to privacy regulations?
David Goodis 19:18
We find it really interesting. I think, in some ways, the US has been very good. Boy, in one sense. I would say when it comes to Privacy Breach Notification legislation. You guys were out ahead of us. I mean, we've finally caught up, but you are ahead of us. I know that all 50 states have that Privacy Breach Notification law, which is fantastic that you've got that full coverage. You've been ahead of us in other senses, too, as far as the children's online legislation. That's excellent. Something we were failing at even this new bill, nothing about the particular vulnerabilities of children, which is a real disappointment. Who knows? Maybe that'll change. But right now not so good. And you've got the California statute that we talked about before. And that's a very, I think, very progressive piece of legislation. It's interesting for us, I think, for Canadians, or for me, as somebody interested in privacy, I think it'd be, I think it'd be a good thing if the US moves towards kind of a Federal approach to privacy protection. I think that could be helpful. I think Canadians feel that we can benefit from strong privacy legislation, even in other countries, because it can put reasonable restraints, reasonable limits on what some of these, especially these big tech organizations, some of their practices, we can indirectly, I think, benefit from strong privacy legislation for us based organization. So it's something we'd like to see. I know there is a pretty big debate about what is the right approach. If you're going to do Federal privacy legislation, there are different models. I know that what we're comfortable with is this idea of kind of a Federal regulator. We have a Privacy Commissioner. Now we have Provincial regulators too. I know, I like the idea of a kind of a centralized regulator, rather than saying simply, well, we'll leave it to the courts, you know, if you have a problem of some kind, right? You've been affected by a breach? Well, you know, you can go to your courts, which is great, but maybe not good enough. And I think there are real advantages to having a regulator, but I will mention, you know, you have the FTC in the US. And they've gone, I think, go a long way towards fulfilling that kind of role, as a big kind of overseer of consumer practices, and especially consumer practices that might affect privacy. The FTC has the ability to investigate and issue guidelines and issue very substantial fines. So I, I like that kind of model. However, I know that there are differences of opinion about whether that's the right way to go. Is it the FTC? Is it some other privacy regulator? Is it No? No regulator at all? I got to help. What is the oversight model that's best?
Debbie Reynolds 22:23
I would love to see, first of all, I think if we the lowest of the low hanging fruit is Data Breach Notification. So if we could unify that on the Federal level, since we've all agreed, all 50 states, that is important. Now, we have rate regulations for that, and we can harmonize that across the Federal government. I think I'd be super happy to see that happen. You know, not to say that the FTC isn't doing a good job. But I think the FTC, I feel like they have their hands full already. And I think that it will be nice to have an agency that focuses just on privacy because the FTC doesn't cover all industries, either. So I think we're if we're going to talk about privacy as a human, right, it should cover all industries, in my opinion. So being able to sort of taking it out of FTC, kind of maybe elevate it more as and take it out of kind of like a consumer thought process into more of a human process, because not every human is a consumer. So I think if we can get past that hurdle, I think we'll be pretty good. And I like the way that California is doing it. Because as you know, as you see what Canada can't just, you know, in one day create, like this huge, comprehensive framework, this bam, you know, okay, we have prior to liberation. I mean, we've seen the EU, you know, they have the GDPR, but it took them, you know, 25 years to get there. So that is, you know, a lot of passing maybe smaller laws, maybe passing frameworks that, you know, weren't as stringent and then sort of building on it. So I feel like we have a ways to go in terms of building on, you know, put something down first as a foundation and kind of building on it. And that doesn't happen overnight. So I'm, I would love to see more comprehensive law, and I would love to see it not be so reactive, in a way because I feel like, you know, a lot of people are looking at courts and judgments and trying to read the tea leaves where, you know, really, the court shouldn't be making laws in that way. In my opinion. I think we say, you know, we need to, we need a framework, we need a strategy. And I think, even though I wouldn't hold my breath about privacy legislation, I think that it's having an impact base covered like the Privacy Shield, and validation is impacting commerce now. So I think when it starts to impact commerce, you know, just like you said 20 years ago, that's the reason why you all had enacted, one of the reasons why you started to enact privacy regulation because of trade issues. So I think that that's going to be a big issue around the world. And so I feel like, again, countries that are not thinking about creating those frameworks for privacy will end up swimming upstream because that's just the way the world is going right now. I would love to talk to you about adequacy. People famously always talk about the adequacy that the people in Canada have for the EU. But I would love to talk about the kind of status on that right now. We have an interesting conversation yesterday about this, and you were illuminating about just updating us on what's happening with adequacy in Canada.
David Goodis 26:00
Yeah. So right now, you may know that our PIPEDA again, 20 years old, does enjoy adequate adequacy status with the EU. And they, you know, they do they have a process. They do a comprehensive, rigorous review of all the elements of the legislation, including, you know, what are the fundamental rules and principles? How and how are they enforced? And those are kind of two equally important aspects. And, yeah, as I said, at the moment, we enjoy that adequacy status. But since GDPR, excuse me came since GDPR, came into law that has put big question marks over our very own legislation. And, in my personal opinion, pitted, our statute right now would stand very little chance of successfully passing an adequacy test. But with these new proposed changes, I think we would be in a much stronger position, both in terms of comprehensive monitor privacy rules, and in terms of strong oversight and strong penalties and, you know, remedial powers available to both our Privacy Commissioner and our courts. So it's a slow process. I haven't heard any updates. I think it's. It's ongoing. Their review is ongoing. It could be another year. It could be another two years before we even know what the result of that adequacy review is. And again, one would hope for Canada's sake that we get this, this modernized piece of legislation on the books, and we should be in a much better position to say that look where we are, we're on par with, we're on a par with Europe and with other countries around the world that have modern comprehensive privacy laws.
Debbie Reynolds 28:11
Yeah, well, everyone says, well, there's always Canada, you know, you can take the name of the camera or something like that. And you guys, let us over the border, let us out. If it was the world, according to David, okay, and any privacy law regulation movement in the world? What would you like to see happen? Either in Canada or globally related, or even the US about privacy, legislation, or regulation?
David Goodis 28:43
I always like to talk about enforcement. It just so happens, it's something that's really fascinating for me, how does what kind of framework to bring in? And do you have we're talking about this for do you let the courts kind of handle disputes? Or do you have a regulator or not, you know, where I come from, you know, close to home, for me is having an oversight body that has a full array of powers, statutory powers, to investigate, to mediate, to have legally enforceable orders. So you know, there's let's say there's, there's been a big breach, the organization did not have adequate cybersecurity protections in place. Like all the regulators should be able to, after an investigation, say, you need to fix this, and you need to fix this now, and we're giving you, you know, three months to do ABCD and E, you know, you got to do, and you've got to do it now. And if you don't comply, you know, you're, you may be subject to penalties to fines. So that's, that's what I'd like to say, you know, I think that's something that we should see globally. You know, Europe pretty much has it. Canada is getting there. The US has some aspects of that, but not complete or comprehensive. So, to me, what I would like to see is a strong oversight regime with the strong investigation and enforcement powers, penalty powers. And I'll just indicate here that in our proposed Canadian bill, there's going to be fines up to 10 million or 3% of global revenue for some offenses, or breaches of the law, and in others 25 million or 5%, of global revenue. So these are, these are big, strong, eye-opening levels of potential fines, which will, I think, very strongly encourage good behavior, and maybe put to rest this idea that Well, we'd like to have strong privacy protection, but we can't afford it. Right, this sort of this added to that, yeah, it's important, but it's not our top priority or not a high priority. That needs to change. And legislation like this, I think, will move privacy and cybersecurity up put up the list of priorities for all organizations.
Debbie Reynolds 31:15
I think, you know, as much as people hate the five, you know, businesses don't like to finance with, you know, GDPR these other regulations, you know, that was really the only way to get make privacy a C suite issue, because, you know, these laws, you know, as you said, you guys have had a privacy law for 20 years, you're updating now, before the GDPR, the EU had their data directive, so not that different, actually, from GDPR, GDPR, some updates, but, you know, the issue was privacy wasn't really taken it seriously, I don't think for some company, so being able to elevate that conversation, to a C suite level and making it something that, you know, countries are saying we're really, really serious about this, I think has elevated it. And I think it's elevated in a good way. And I think, you know, I've not seen yet any regulators around the world, like totally like body slam anybody, in my opinion, about the things that they're doing, really, what you want is compliance. So you want the companies to know, it's important to be proactive, you want them to, obviously follow the regulations. But you know, a lot of that following the regulation is about planning beforehand and having a story that you can tell if you ever get into hot water, about how you handle your data, how you handle your customers' data, as opposed to it being like a reaction. Like, oh my God, a terrible thing happened. Let's go to court, you know, I'll throw you a bucket of money, and then I'll go back to doing what I was doing before. So I think, for me, it can't just be fine. It has to be changing behavior, and it has to be changing the way businesses think about the importance of the individual and their data, or your thoughts.
David Goodis 33:14
I agree. Yeah, no, you're absolutely right. It's happening. And fines are not the be-all and end-all. That's not the goal. The goal is, is changing behavior. But arguably, you know, increasing, having increased fines, or bringing in fines, is one method of changing behavior and making privacy a priority. It's that, you know, walk softly and carry a big stick. You know, that, that can change behavior, but I agree with you that in many cases, you know, there's no bad faith or ill will, organizations just don't think about it. And they, they may feel that, oh, let's just hope that we don't get hit by an attack, you know, and they, and they truly feel they can't afford to bring in, you know, the most expensive cybersecurity experts, they'll cost a lot of money, all of that. But when you bring in the fines, then that kind of changes the calculation, but you're, you're right at the end of the day, what the goal is changing behavior. And there are a number of ways to do that. And, and again, the big stick is only one way to do that. And I think there are other methods available to regulators, in terms of a lot of it is really about education. Right? You know, taking positive steps to protect privacy isn't necessarily more expensive.
Debbie Reynolds 34:35
Right? It's not. It just takes more proactive thinking about planning and, yeah, not doing bad things. So it's not, you know, it's not a to me, it's not a super high bar, right. It is a bar it is it is a bar, probably higher than most people have. But one of the reasons why I want to talk to you besides the factor you're brilliant is that I feel like people who work in government, you understand the problems more deeply because everybody is your customer, right? So it's not like a business where they say, oh. Well, this segment of the population is my customer, where every, you know, you have come up with a plan that works or for everybody. So I think, because that that makes it, that's a harder problem to solve than to, you know, oh, this is my customer that I have my blinders on. And I can only look at this segment of people where you're saying. This is a problem for all people. We need to make it fair in a way that it doesn't encumber anyone, you know, in your country from being an exercise their privacy rights.
David Goodis 35:45
Yeah, that's interesting. I really thought very much about that. But you're right, that we do have kind of this really high-level view, and we see different populations, some of them, you know, the people that are protected by our legislation are some of the, you know, the most vulnerable people, people who, who don't have much means of unsophisticated children, students moving over to patients in the healthcare setting, because we have specific health privacy legislation, to very, very small organizations, like a tiny little, you know, a township of 100 people or a village, you know, with one person that runs their so-called government to very large organizations like, you know, the City of Toronto, like Chicago, we have three, 4 million people. It's a gigantic organization, we have any, you know, big government organizations, we have, in Canada, something called Crown Corporations, which are kind of a hybrid between public like publicly owned corporations that operate in the private sector, for example, they own casinos, they own our liquor retailer, these kinds of things. So yeah, we do we really see kind of all aspects, aspects of society, and how privacy laws impact them, and how privacy concerns or breaches impact them. So yeah, I guess we're fortunate in a way, and I, and I guess that can be difficult for others who are in a much sort of narrower field and narrow or sector. Yeah, you're right. They worry about their own environment, their own situation, they don't think in a big way, as we often do. But on the other hand, you know, we don't we're always learning, right? We always don't necessarily know what's going on in a highly specific kind of environment. So that's the challenges you have to kind of have to learn and get a better understanding of every different kind of situation and different kinds of people with different kinds of needs and problems.
Debbie Reynolds 37:47
Correct. Excellent. That's, that's amazing. I'm glad that we had this talk today. So we're at the end of our time, and I want to thank you so much. You know, you've jumped through some hoops to get this interview with me here, though, we can do this together. And I'm really happy to do it. And I'm happy to share kind of your voice and what you're doing. Because I think it's really fascinating. I think I'm hoping that we can learn a lot from what you guys are doing in Canada and maybe implement some of the things that we talked about. So that'd be great.
David Goodis 38:19
Well, thank you, Debbie. This is really fun. And thanks for inviting me. And I hope we can learn a lot as well. But what happens in the US we're going to be looking closely,
Debbie Reynolds 38:29
Yeah, maybe we'll talk, maybe we'll talk like later in 2021. Let's see what happens.
David Goodis 38:34
That would be great. I love to reconnect and see what's changed. Yeah.
Debbie Reynolds 38:40
Great. That will be great. Well, thank you so much for the call. I really appreciate it, and I'll talk to you soon.
David Goodis 38:45
Great. Thanks, Debbie. Cheers.