Newport Thomson

Today, the Competition Bureau of Canada released a landmark report, “Your Data, Your Control,” and the numbers are impossible to ignore. The report estimates that introducing data portability in the insurance sector alone could generate up to $3.83 billion in value for Canadians annually.

But for businesses, the headline isn’t just the savings, it is the massive shift in power.

We are moving from an era of data ownership to an era of data stewardship. As we look toward the rollout of Consumer-Driven Banking (Open Banking) and potentially Open Insurance, Canadian organizations face a binary choice: build the infrastructure to compete for ported data now, or watch your customers, and their data, walk away to a competitor who did.

The Core Shift: From “Stickiness” to Trust

Historically, banks and insurers relied on “friction” to keep customers. It was simply too annoying to switch providers, so customers stayed put. The Competition Bureau’s report makes it clear: that friction is being legislated away.

With the move toward Level 3 Interoperability (secure, read/write APIs), the barrier to switching will vanish.

However, the report highlights a critical behavioural barrier that technology cannot solve: Trust.

The Bureau’s survey found that privacy is the single biggest concern for Canadians. 93% of individuals are worried about data protection. If a consumer does not trust that you can ingest their sensitive financial or health data securely, they will not port it to you, regardless of the money they might save.

The Newport Thomson Perspective: Governance is Your Growth Engine

At Newport Thomson, we advise clients not to view data portability as a compliance burden, but as an architectural challenge. To win in a data-portable economy, you must demonstrate “Privacy by Design & Default.”

Here are the three strategic pillars Canadian executives must address immediately:

1. The End of Screen Scraping The report takes a hard stance against “screen scraping” (using bots to log in as the user), calling for a shift to standardized APIs.

• The Governance Challenge: If you are currently relying on screen scraping for data aggregation, your risk profile is about to skyrocket. Organizations need to transition to secure, tokenized API frameworks that align with the incoming Consumer-Driven Banking Framework.

2. Dynamic Consent Management The old model of “click once and forget” is dead. The report emphasizes continuous transfers and dynamic consent.

• The Governance Challenge: Can your current data systems handle a user revoking access to their data in real-time? If a user ports their data to you, and then leaves six months later, do you have the automated governance in place to segregate or delete that data as required by Law 25 and PIPEDA?

3. Interoperability vs. Security The report notes that “a weak or less secure system can introduce risk… into the entire network.”

• The Governance Challenge: It is not enough to secure your own house. You must rigorously vet the security posture of the partners you connect with. Vendor Risk Management (VRM) is no longer a back-office function; it is a frontline defense.

The Road Ahead

The Competition Bureau has laid out the case: Data portability drives competition. But it also exposes vulnerabilities.

The winners in 2026 and beyond will not be the companies with the most data; they will be the companies with the most trusted data. They will be the organizations that can look a customer in the eye and say, “We don’t just use your data; we protect it.”

Is your organization ready for the portability shift?