Safeguarding Canadians' Personal Information Act

An Act to amend the Personal Information Protection and Electronic Documents Act

This bill was last introduced in the 40th Parliament, 3rd Session, which ended in March 2011.

Sponsor

Tony Clement  Conservative

Status

Second reading (House), as of Oct. 26, 2010
(This bill did not become law.)

Summary

This is from the published bill. The Library of Parliament often publishes better independent summaries.

This enactment amends the Personal Information Protection and Electronic Documents Act to, among other things,

(a) exclude, in certain circumstances, business contact information from the application of Part 1 of that Act;

(b) specify the elements of valid consent for the collection, use or disclosure of personal information;

(c) permit the disclosure of personal information without the knowledge or consent of the individual for the purposes of

(i) identifying an injured, ill or deceased individual and communicating with their next of kin,

(ii) performing police services,

(iii) preventing, detecting or suppressing fraud, or

(iv) protecting victims of financial abuse;

(d) clarify the meaning of lawful authority for the purpose of disclosures to government institutions of personal information without the knowledge or consent of the individual;

(e) permit organizations, for certain purposes, to collect, use and disclose, without the knowledge or consent of the individual, personal information

(i) contained in witness statements related to insurance claims, or

(ii) produced by the individual in the course of their employment, business or profession;

(f) permit organizations, for certain purposes, to use and disclose, without the knowledge or consent of the individual, personal information related to prospective or completed business transactions;

(g) permit federal works, undertakings and businesses to collect, use and disclose personal information without the knowledge or consent of the individual to establish, manage or terminate employment relationships;

(h) provide a framework for organizations to notify individuals proactively about disclosures of their personal information made in certain circumstances to government institutions; and

(i) require organizations to report material breaches of security safeguards to the Privacy Commissioner and to notify certain individuals and organizations of breaches that create a real risk of significant harm.

Elsewhere

All sorts of information on this bill is available at LEGISinfo, provided by the Library of Parliament. You can also read the full text of the bill.

Safeguarding Canadians' Personal Information Act
Government Orders

October 26th, 2010 / 4:15 p.m.
See context

Parry Sound—Muskoka
Ontario

Conservative

Tony Clement Minister of Industry

moved that Bill C-29, An Act to amend the Personal Information Protection and Electronic Documents Act, be read the second time and referred to a committee.

Mr. Speaker, it is my pleasure to rise in my place today to begin second reading of Bill C-29, the safeguarding Canadians' personal information act.

I would like to thank those following me on Twitter for being so patient. I have been telling them I was going to be rising to speak on this bill for about an hour now. They can rest assured that I am fulfilling my responsibilities as industry minister as I debate this bill.

This bill is about privacy in the digital age and is, therefore, an important element of Canada's emerging digital economy strategy.

Internet technology has brought many benefits and has changed our society in sometimes profound ways. It has made distance irrelevant for many and improved our overall quality of life. It has changed the way we communicate with one another, how we network, how we socialize with another. It has revolutionized our economic models, transforming how businesses, large and small, manage their supply chains and expand their reach. Businesses use the Internet to customize their products and manage relationships with their customers.

However, the digital economy has challenges as well as benefits. The Internet can be used to broaden a company's marketing base and collect a great deal of information. Most of this information is personal, and many would prefer that it remain private. There is basic information such as names, addresses and dates of birth. There is also very personal information about health, criminal records and credit card numbers.

So in the wrong hands any of this information could be used for malicious purposes, such as identity theft or bank fraud. But even when not used for malicious or illegal purposes, the unauthorized revelation of personal information to outside third parties constitutes an invasion of the privacy that most Canadians value highly.

We want to ensure that concerns about privacy and the protection of personal information do not undermine the potential of the digital economy to continue to change our lives for the better. After all, some 80% of Canadians use the Internet and 88% of businesses are online. The total value of online commerce in Canada in 2007 was $62.7 billion. We want to grow that business, and to do so we need to establish an environment of confidence and trust in online transactions.

Currently in this place Bill C-28, the fighting Internet and wireless spam act, is under consideration as well. It would provide a solid foundation for combating spam and various forms of malicious Internet activity. That bill, together with the bill I rise to support today, is part of our agenda for putting Canada at the forefront of the digital economy.

PIPEDA, as it is called, has codified in law a set of privacy principles that had already been well established. The Canadian Standards Association model code for the protection of personal information provides the foundation for privacy protection, no matter what the technology.

The standard was developed through careful consideration among government, industry, consumers and privacy advocates and has been recognized internationally. In fact, international recognition was an important concern when building the PIPEDA regulatory regime.

One of the early tests PIPEDA faced was whether the European Commission would recognize that it provided adequate privacy protection for the purposes of the EU data protection directive. The European Commissioner has recognized PIPEDA's regime. As a result, organizations subject to PIPEDA can receive personal data from EU member states. I point this out as an example of how framework laws such as PIPEDA, our privacy protection legislation, are essential for the competitiveness that we need for the digital economy.

PIPEDA's flexible, principles-based approach has allowed the Privacy Commissioner of Canada to examine challenges to our privacy posed by new technologies that collect and store massive amounts of personal information. We have become international champions of privacy in the age of social media.

PIPEDA is a very effective component of the legislative framework. But a good law can always be made better. Thus, it must be reviewed every five years.

The first such review was completed by the Standing Committee on Access to Information, Privacy and Ethics in May 2007. I want to reiterate the thanks to the committee that were given at that time by my predecessor as industry minister, the current Minister of the Environment.

The committee heard from 67 witnesses and considered 34 submissions from individuals and organizations. The report concluded that PIPEDA does not require major changes at this time, but at the same time it presented 25 recommendations addressing issues raised during review.

In October 2007, the government tabled its response to the report; it dealt with each of the 25 recommendations. Even though no substantive changes are required, our government made a commitment to amend the act in keeping with a number of the report's recommendations. We will also work with stakeholders to ensure that the changes made are as effective as possible.

To guide the government's approach to this commitment, Industry Canada organized more than 25 meetings with stakeholders. It met with businesses, consumer and privacy advocates, Canada's Privacy Commissioner, the provincial governments and enforcement agencies. The department also received 76 written representations in the Canada Gazette after the consultation process.

The bill before us responds to the recommendations of the committee and to what we learned from the Industry Canada consultation. The amendments contained in the bill will further enhance Canada's reputation as a world leader in privacy protection. We will maintain one of the world's most effective regimes for the protection of personal information in the digital age.

The amendments before us can be divided into four broad categories designed to do the following: protect and empower consumers, clarify and streamline rules for business, support effective law enforcement and security investigations and address technical issues.

Let me summarize. First, to protect and empower consumers we have added new provisions to the act and amended existing ones. To protect the privacy of minors online, we have enhanced the consent provisions.

Under the amendments before us, consent is only valid when obtained from an individual who can reasonably be expected to understand the nature and consequences of the transaction or the communication being proposed.

To help deter financial abuse, locate injured, ill or missing persons and to help identify the deceased, the act will be amended to allow for disclosure of personal information to the relevant authorities or the next of kin. Financial organizations, for example, would be able to contact law agencies, friends or family members of individuals who are suspected to be victims or potential victims of financial abuse. This is in response to situations commonly referred to as elder financial abuse.

Even more important, this bill will introduce new requirements. Organizations will have to report significant breaches to the commissioner and notify the people affected when a breach poses a risk of harm.

This is a risk-based approach to providing notifications of privacy breaches. It recognizes that not all breaches pose a risk to consumers. It also recognizes the risk of too many notifications. In fact, consumers might not respond appropriately when a breach poses a real risk. With this approach, the commissioner is informed of the nature and extent of privacy breaches so that she can monitor and defend privacy issues.

The second broad category of amendments will clarify and streamline rules for businesses. We are making these changes in response to calls from business to help clarify their responsibilities under PIPEDA. They will help businesses comply with the law.

These amendments will ensure access to information that is critical to the regular conduct of business. This will facilitate such functions as managing employment relationships and conducting due diligence for business transactions, such as mergers and acquisitions.

The amendments would also allow employers to disclose, as required, professional information, including emails, that their employees produce in the course of their daily activities. The new provisions will facilitate the legitimate activities of the public and private sectors, in the financial sector, for the purposes of investigations and fraud prevention. In accordance with the government's paper burden reduction initiative, these provisions will replace a tedious regulatory process.

The third broad category of amendments will support effective law enforcement and security investigations. These amendments remove barriers to investigations that were unintended by Parliament when PIPEDA was enacted. They will clarify that the act allows organizations to collaborate with law enforcement in situations where there is no warrant.

Amendments will also prohibit organizations from notifying individuals, without prior approval from law enforcement, that the police have requested information about them. This will help prevent the disappearance of suspects and the destruction of evidence.

PIPEDA of course, the current privacy legislation, is a good act. It has put Canada at the forefront of online privacy protection, but we can and we should make a good act even better. The House of Commons Standing Committee on Access to Information, Privacy and Ethics created a road map for us in its report. We are following that route, and with the further help from the advice of the Privacy Commissioner and the many individuals and organizations who have consulted with Industry Canada over the past two years, we will do so.

Taken in a broader context, these amendments are part of a much bigger initiative to put Canada at the forefront of the digital economy. Our economic performance in the 21st century will depend in large part on the trust and confidence Canadians have in online transactions. From the foundation of that trust and confidence, we can build a digital economy that will bring prosperity and quality of life to Canadians for generations to come.

With this in mind, I encourage all hon. members to join me in supporting the bill.

Safeguarding Canadians' Personal Information Act
Government Orders

October 26th, 2010 / 4:30 p.m.
See context

NDP

Claude Gravelle Nickel Belt, ON

Mr. Speaker, I would like to ask the minister a question. I want to read something from the bill. The bill permits organizations to collect, use and disclose information without the knowledge or consent of the individual if the personal information is contained in witness statements related to insurance claims, or was produced in employment or business, or to establish or terminate employment relationship. or required to communicate with next of kin, or disclosed to prevent, detect or suppress fraud or financial abuse and used to identify injured, ill or deceased persons; and finally, for policing services.

We will support the bill to send it to committee to make some changes. Would the hon. member be willing to support changes so we can properly identify lawful authority and policing services?

Safeguarding Canadians' Personal Information Act
Government Orders

October 26th, 2010 / 4:30 p.m.
See context

Conservative

Tony Clement Parry Sound—Muskoka, ON

Mr. Speaker, we are seeking to create the appropriate balance between the rights of individuals to their privacy and also protect society in cases of fraud or crime or to help families of victims or themselves, if they are not capable of helping themselves. That is the balancing act we must play.

As I expressed in my remarks, we think we have achieved that balance, but we are always open to criticism and we are certainly open to constructive criticism. If they are ways we can improve the bill that do not do violence to the intentions of the bill, we would be all ears.

Safeguarding Canadians' Personal Information Act
Government Orders

October 26th, 2010 / 4:30 p.m.
See context

Conservative

Blaine Calkins Wetaskiwin, AB

Mr. Speaker, I thank my colleague, the minister, for the work he does on behalf of all Canadians, protecting our personal privacy and ensuring that we are not going to have to share personal private information with the Government of Canada. These changes he is making through PIPEDA address the issues of personal information in the private sector.

I think Canadians are worried about their information. It was a few years ago where Home Sense or one of those companies had credit card information taken from its system. We have known of banks that have lost critical banking and customer information.

Today, with the new technology, photocopiers with hard drives remember digital information and make digital copies of this information.

With all these different forms of technology, whether it is e-commerce, or a customer walking in and doing a credit card transaction or it is photocopy of information on a hard drive, is the bill technology neutral and is will it do more to protect the private information of Canadians in this sense?

Safeguarding Canadians' Personal Information Act
Government Orders

October 26th, 2010 / 4:30 p.m.
See context

Conservative

Tony Clement Parry Sound—Muskoka, ON

Mr. Speaker, I appreciate the member's remarks on this topic. The intention of the bill is to be technology neutral, as the hon. member has suggested. One of the strengthening clauses or improvements from the current legislation is designed to create an obligation on behalf of the private sector when there is a large breach of privacy, a legal obligation to in fact inform customers and inform the Government of Canada that there has been a major privacy breach.

Under the current rules, there is no such obligation. There might be a moral obligation, but there is no legal obligation to do so. We want to ensure that if there has been a large scale breach, there is an obligation to report that.

Safeguarding Canadians' Personal Information Act
Government Orders

October 26th, 2010 / 4:35 p.m.
See context

NDP

Jim Maloway Elmwood—Transcona, MB

Mr. Speaker, the previous questioner seemed to be concerned about the privacy of Canadians. Yet we debated for several hours today Bill C-42, An Act to amend the Aeronautics Act. It would allow Canadian carriers to give private information on the PNR to the American security.

How does the minister reconcile this whole effort to update the privacy legislation of the country with Bill C-42, in which we will give information away to American entities without reciprocity? The Conservative government could have demanded the same treatment. The Americans have 2,000 flights a day flying over Canadian airspace. We have 100 flights flying over American airspace.

Surely the government could have said that if the U.S. demanded the information from it, the Canadian government would demand the same information on those 2,000 flights. Did the government do it? I do not believe so.

Safeguarding Canadians' Personal Information Act
Government Orders

October 26th, 2010 / 4:35 p.m.
See context

Conservative

Tony Clement Parry Sound—Muskoka, ON

Mr. Speaker, I feel like I am in a bit of a time warp here. I believe this place was discussing that very bill awhile ago, so I will not rehash that. If the hon. member had a comment at that time, he could have put it on the record.

This deals with is the protection of personal information in the private sector context. We were talking about bank records and transactions, credit card information, all this type of personal information that is now available to private sources, which Canadians are willing to give to be part of the online universe and to be part of a modern economy.

However, at the same time, we have to ensure there are adequate protections that Canadians can reasonably rely on and have confidence in so they can take part in the normal transactions that we do nowadays online or with our banks, or with other private sector institutions. We need to have the faith that the system is designed, in most cases, to protect our privacy, unless there are extraordinary circumstances as outlined in the bill.

Safeguarding Canadians' Personal Information Act
Government Orders

October 26th, 2010 / 4:35 p.m.
See context

Conservative

Tony Clement Parry Sound—Muskoka, ON

Mr. Speaker, there are sanctions. It would not be much of a bill if there were no sanctions to ensure these rights are enforced appropriately. We have been working with the Privacy Commissioner to ensure that she is fully cognizant of this legislation. She has been an active interlocutor in the drafting of the bill to ensure it has teeth and to ensure it can actively do what it intends to do. This has been a most collaborative process with the Privacy Commissioner as well as with other deponents, including consumer rights groups, who have particular expertise in this area. Again, I believe we have the appropriate balance.

Safeguarding Canadians' Personal Information Act
Government Orders

October 26th, 2010 / 4:35 p.m.
See context

Liberal

Joe Volpe Eglinton—Lawrence, ON

Mr. Speaker, the closing comments by the minister, when he referred to bites, et cetera, reminded me of a statement made by our colleague from Montmorency yesterday. So much of the government legislation is sound bite legislation, “safeguarding Canadians' personal information act”. It almost as if we had a guard dog on site. The only problem is that the guard dog has a bark like a sheep dog and a bite like a chihuahua. When is the government going to get away from sound bite legislation and actually do something worthwhile?

The minister justifies it all by saying we have an Internet economy that is worth some $62.7 billion and so we will ensure we can grow that. The government is not going to do anything about that at all.

What is going to happen is companies that want to get on the Internet for the purposes of expanding their commerce are going to do so. They are not going to worry about whether the government wants to jaw-jaw its way into this. They are going to take a look at this legislation and say that the member from Montmorency is right, that those guys have a bite and a bark like a chihuahua.

This is especially so after the industry committee has made some recommendations to the minister. With the benefit of those recommendations, he still goes ahead and presents legislation that he himself acknowledges requires further study from the committee and make the kinds of suggestions to improve the bill that he knows he must put in place if this will be acceptable legislation.

All of us are desirous of maintaining our privacy, in keeping what is ours to ourselves, keeping our security safeguarded at all times, to ensure that anything that pertains to our person, our businesses, our interests is released only when we think it is appropriate for our sake, for our interest.

For the government to come forward and say that it will safeguard all of that, except in certain circumstances, does not make safeguarding personal privacy interests very secure. What it does is introduce exceptions to kinds of privacy and security that it claims to be support.

Its sound bite title is, like everything else the government does, smoke and mirrors, deception and manipulation.

One can easily applaud the fact that there are amendments to PIPEDA, the Personal Information Protection and Electronic Documents Act, and notice that there is nothing in that title that sounds like a sound bite that it is actually a factual issue, but the government decides to take this legislation and make it look like it has done something else with it. That might enhance its opportunities to sell itself as something proactive.

It took the government four and a half years to discover that 80% of businesses are on the Internet, that means they have a website, and that 88% of Canadians are Internet savvy, that means they can browse the net. All of these things do not a business make, but they are the fertile ground for businesses interested in making their commerce more time sensitive, more immediate and more global.

Bill C-29 amends PIPEDA to, among other things, permit the disclosure of personal information without the knowledge and consent of the individual who possesses that for certain purposes. Some of the purposes will make sense. It is a little bit like the Trojan horse that gives access to a treasure trove in somebody else's domain.

The first of these does sound as if it makes sense. Number one is for identifying an injured, ill or deceased individual, communicating with their next of kin. There are very few people who would say that is bad.

Second is for performing police services. There are no other qualifiers. There are a lot of people who want to know what that means.

Third is for preventing, detecting or suppressing fraud. Successfully or unsuccessfully? What is the intent? Which organization?

Fourth is for protecting victims of financial abuse. How so? By releasing their information?

Another series of amendments is to permit organizations, any organization, for certain purposes not specifically outlined, to collect, to use, to disclose without the knowledge and consent of the individual, his or her personal information, number one, contained in witness statements related to insurance claims. Whose commercial interests are we looking at there? Second is information produced by the individual in the course of his or her employment, business or profession. That is virtually anything. Everybody in this place is producing information literally on a minute-by-minute basis, but some organization is going to have access to that.

Members might say that in a great, open and transparent environment such as the Parliament of Canada, such as the House of Commons, anybody who is engaged in this ought to so admit. It is something that we might have asked the Minister of Defence, for example, who today talked about the complexity of the procurement process and military hardware acquisition as being a little too complicated for the simple-minded public that wants to find out whether it is transparent and whether it meets the test of value for money, as being a bit of an intrusion and just barely tolerable.

This is hardly accountability. It is hardly transparency and it certainly does not lead to the business of openness, but under PIPEDA, everybody else has to operate that way.

A third set would require organizations to report material breaches of security safeguards to the Privacy Commissioner and to notify certain individuals and organizations of breaches that create a real risk of significant harm. Somebody is going to make a judgment. I will come back to that in a moment.

As I go through this, I ask how we can safeguard Canadians' personal information. I am a consumer like everybody else in this House. As an individual and like many people in this House, excluding all those who serve the House, I am a legislator, and I do not believe that my personal information will be any safer, believe it or not, under the current drafting of Bill C-29.

The Government of Canada prepares a piece of legislation by which I, as a member of Parliament, as a consumer, as a private citizen, just like the Minister of Immigration, who is really listening to this, think that my information is easily protected by some of these measures that have gaping holes, in a legislation that did not exist before. It is going to need a lot of amendments in order for me to feel comfortable.

Why do I focus on me, Mr. Speaker? Just like you, we represent the general public and the general public expects us to feel what they feel, to see what they see, to experience what they live every day. There is not a Canadian out there who is not thinking, “Hold up. Is this legislation really designed to protect my privacy, or are they beginning to insinuate some sort of little loophole for others who are involved in business or whatever, to use to my disadvantage?” There are a lot of them out there already.

It is interesting that this legislation did not have this sound bite title that said, “We are going to go after all the crooks. We know they are out there but they are not being reported. We are going to build jails for them so that when we catch them, if we ever put police on the beat and if we ever sustain the court system enough that they will be able to process all of these accused and alleged criminals, we will actually be able to house them”.

That is not what this is about. If that is the kind of intention they have, I do not see that intention in the legislation. Primary in this kind of assessment relates to the requirement that I mentioned a moment ago to report a “material breach of security safeguards involving personal information under its control” to the Privacy Commissioner. That is what is going to happen. All of this is going to be reported to the Privacy Commissioner.

First, the threshold for determining that requirement for that disclosure is ambiguous. I noted that the minister did not make any effort to be specific to give us an indication of where the intent is. He did not give us any indication of the precision of the language. Not only is it ambiguous; it is confusing, quite frankly. As I said a moment ago, it has more holes in it than a retaining wall that has been breached by an invading army.

Second, there is no enforcement provision included in the bill to ensure that this will be done. When my colleague from Montmorency—Charlevoix—Haute-Côte-Nord says that the sound-bite legislation that the Conservatives put in place is a little bit like a chihuahua barking away and trying to bite, he is right. If there is no enforcement mechanism, what is the purpose of making all of these statements? Who are they playing for fools? Do they really think Canadians do not look, do not listen, do not watch, do not critique?

I took a look at what the bill states and under proposed section 10.1:

(1) An organization shall report to the Commissioner any material breach of security safeguards involving personal information under its control.

It does not tell us how it got there in the first place or whether the organization had the right to get it there. It goes on:

(2) The factors that are relevant to determining whether a breach of security safeguards is material include:

Here is a definition for them, and so when I say it is ambiguous, confusing, wide open, it says, first of all, the “sensitivity of personal information”. Who is the best judge of whether personal information is sufficiently sensitive? Is it going to be the organization? Is it going to be the Privacy Commissioner? Is it going to be the person about whom that information is rendered? The proposed section continues:

(b) The number of individuals whose personal information was involved...

This reminds me of days gone by when priests in a confessional were trying to explain to penitents the significance of lies. One of the penitents said, “Father bless me for I have sinned, but it is no big deal; I just told a lie”.

The priest did not know any other way to get the penitent to understand the severity of that lie and said, “I tell you what. Here is a pillow full of feathers. Go up to the top of the hill. It is rather windy right now. I want you to open that pillow.”

The penitent went to the top of the hill, opened the pillow full of feathers and, behold, the wind blew them all over the place.

The penitent went back to the confessional and said, “Father I did what you asked me to do”.

The priest said, “Good, go pick them all up”.

The penitent said, “I cannot do that. Those things have gone for miles and miles now”.

Members can understand what the priest said then. That is the gravity of personal information about which one spreads lies, but the bill does not say that the person about whom information is being supplied has any control over it. Somebody else is shaking that pillow at the top of the hill. The proposed section continues:

(c) An assessment by the organization that the cause of the breach or a pattern of breaches indicates a systemic problem.

Yes, that will happen. Every organization is willing to beat its chest and say, “Mea culpa, mea culpa, mea maxima culpa”. It is not going to happen. Very few people did it in times when people spoke Latin, and now that English has replaced Latin as the lingua franca, there are even fewer people.

So who makes the determination? Mr. Speaker, I guess you are like me. If it were my personal information that was being breached, I would want to report it to the commissioner. Yet Bill C-29 leaves that decision up to the organization that is supposedly making the report if not, in fact, the breach.

Bill C-29 also states that under proposed subsection 10.2(1), “Unless otherwise prohibited by law,” and look at that loophole:

an organization shall notify an individual of any breach of security safeguards involving the individual’s personal information under the organization’s control if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to the individual.

As the hon. member for Elmwood—Transcona said a few moments ago, so now the Americans, under Bill C-42 that the House had discussed before, can ask any of our domestic airlines, our carriers, to give them every piece of information in their possession, including everything one can name from there on in, everything one has to lay bare when one goes to buy a plane ticket. Bill C-29 essentially says that organization can do all of that.

What is the definition of significant harm under proposed subsection 10.2(2)? It is:

For the purpose of subsection (1), “significant harm” includes bodily harm, humiliation, damage to reputation or relationships, loss of employment, business or professional opportunities, financial loss, identity theft, negative effects on the credit record and damage to or loss of property.

Now one has to prove how significant that was. There are not very many people who are going to be better defenders of one's character and one's interest than oneself.

Real risk of significant harm and the factors that have to be included are those that are relevant to determining whether a breach of security safeguards creates real risk of significant harm to the individuals, and have to include the following. Listen to this. They have to include this:

(a) the sensitivity of the personal information involved in the breach;

Who is making the decision on the sensitivity? Somebody else.

It goes on:

(b) the probability that the personal information has been, is being or will be misused.

I am just thinking of Bill C-42. Any foreign state can ask of a Canadian carrier information that it will say is not going to be a problem and it is not going to do anything nasty with it, so the probability of that personal information being used or misused is practically nil, so it will take it all. Oh, good.

Again, while the conditions are defined, the interpretation is wide open and even includes variables that are impossible to determine. For example, how can an organization assess the probability that the personal information will be misused?

Most critical is that there is no enforcement and there are no penalties if the organization does not disclose a breach. This is untenable.

Other jurisdictions with similar laws have very high penalties for non-prompt disclosure. Let me see. I wonder where those other jurisdictions are.

Well, for example, right here in Canada, under the Alberta Personal Information Protection Act, PIPA, individuals and organizations can be fined up to $10,000 and $100,000 respectively for failing to notify the commissioner of a breach. There is an onus of responsibility. There is none in Bill C-29.

In Florida, which is just down the road, there are penalties of up to $500,000 for similar breaches. I mention Florida especially since our carriers are going to have to reveal everything to the Americans anyway; it is about a three-hour flight from Pearson Airport in Toronto. In Michigan, penalties run up to $750,000. Bill C-29 has no penalty. Why would these jurisdictions, including Alberta, have penalties and not the federal act that the government wants us to believe is the best thing since sliced bread?

Safeguarding Canadians' Personal Information Act
Government Orders

October 26th, 2010 / 4:55 p.m.
See context

NDP

Jim Maloway Elmwood—Transcona, MB

Mr. Speaker, the minister made his speech with a lot of flourish and he answered a couple of questions. He talked about $62 billion in e-commerce in Canada. The question comes down to the nature of the government's role in e-commerce and government online.

We have seen a big change in the last five years, in comparison with the previous government. The Conservative government has no vision when it comes to e-commerce. It has no vision when it comes to government online programs and broadband development.

I would like to know how much money the government is collecting on a transactional basis. Under the old Liberal government, there were a number of e-government programs that provided services to the public. They were transactional, and they contributed to the general revenues.

I would like to know what the Conservatives have done in the last five years to expand e-government services to the people of Canada. How much of it is transactional?

Safeguarding Canadians' Personal Information Act
Government Orders

October 26th, 2010 / 5 p.m.
See context

NDP

Jim Maloway Elmwood—Transcona, MB

The minister says they have done lots, Mr. Speaker. I would like to know how much money is being brought in on a year over year basis from government online programs. What is the government's vision for the future?

It is fine for the government to address these matters piecemeal, with a bill on spam and a bill making changes to PIPEDA, but what is its vision on e-commerce, government online, and broadband issues? Governments like those in Australia and England have a vision for these areas.

Safeguarding Canadians' Personal Information Act
Government Orders

October 26th, 2010 / 5 p.m.
See context

Liberal

Joe Volpe Eglinton—Lawrence, ON

Mr. Speaker, I find myself ill-equipped to defend the Conservative government. There was a time when I would defend the Government of Canada because it was a Liberal government that had a vision on governance and on providing a future for Canadians. It did not matter what part of the country they were in. For my colleague's information, he may wish to ask one of the government members sitting here listening to the debate.

He will know that one of the first things that the Conservative government did when it came to power was to put over to one side, first, the initiatives of its predecessor in delivering government services online, and second, all the initiatives designed to provide greater service to Canadians at a reduced cost. For example, all the initiatives associated with Service Canada were put on hold, even though the system had been up and running for a year, because the Conservatives needed to see whether there was efficiency in service.

In addition, the Conservatives cut back on all kinds of services associated with immigration. They needed to bring the number of applicants down, and the best way to do that was to reduce the services provided in posts abroad, so that fewer applications would be received. When fewer applications are received, less revenue is being generated.

As for the revenues the Conservative government has generated from an e-commerce perspective, or what it has done to develop e-governance and government online, I can only say that the short answer is nothing.

If the member does not believe me, he could go to the trouble of reading today's Auditor General's report. The Auditor General looked at a series of departments and said that over the last five years there has been a reduction in efficiencies and direction. A reduction was seen in the parameters that are put in place to manage efficiencies. Her department saw a reduction in accountability and an increase in waste.

If my colleague were to ask if there is a correlation between a having a vision and the wasting and squandering of opportunities, I would say there is. The government opposite has chosen the chihuahua approach to governance: to be a little pipsqueak and do nothing.

Safeguarding Canadians' Personal Information Act
Government Orders

October 26th, 2010 / 5:05 p.m.
See context

Port Moody—Westwood—Port Coquitlam
B.C.

Conservative

James Moore Minister of Canadian Heritage and Official Languages

Mr. Speaker, I want to respond to the member from the New Democrat Party. I know that the member for Eglinton—Lawrence was on a roll about chihuahua governments, but I will bring him back to the issue at hand.

The member from the NDP asked what the government was doing about e-commerce. What 1995 language. It demonstrates a gap between what is actually happening in the digital field versus what was happening in the 1990s. I will speak on my own portfolio, as Minister of Canadian Heritage. We are proud of digitizing government content and ensuring that Canadian content is being supported as never before in the new media.

First, we put forward Bill C-32, a good-faith, comprehensive effort to modernize copyright legislation. We are prepared to work with all opposition parties to ensure that this legislation is effective. We have a stand-alone legislative committee, and this bill is going to go forward and help to advance in the digital economy. The first thing that the government has to do is protect people from those who want to harm Canada's creators by stealing from them, ripping them off and legitimizing piracy. We are going to do that.

There are other things that we have done in my department. We have created the Canada media fund. Previously, we had the Canada television fund and the Canada new media fund. To support digital products by Canada's creators, we merged the two to create the Canada media fund. We wanted to ensure that these products are available on the platforms that our media creators choose, not only to support television content but also to support new media, video games, stuff that is streaming online, and stuff that is available for download. We wanted to ensure that Canada's creators have access to more money than ever before to support the creation of content in the digital platform that they choose.

Although we were in a recession, we made a commitment in the last election campaign to maintain or increase funding for the CBC. We have kept our word. The reason is that the CBC has modernized itself. It has become a true pan-Canadian multimedia platform for Canadian content. We have worked with the CBC to ensure that this is the role that it performs. The National Film Board has iPad and iPhone apps that for the first time make it possible to stream Canadian digital content online. Tens of thousands of Canadian films and shorts, children's shows, and documentaries are available online, free, through the web, through iPad apps. We have gone across the board. There is a publications fund to support the digitization of magazines.

No other government in Canadian history has made a more comprehensive and aggressive effort to ensure the digitization of Canadian content and government information.

Safeguarding Canadians' Personal Information Act
Government Orders

October 26th, 2010 / 5:05 p.m.
See context

Liberal

Joe Volpe Eglinton—Lawrence, ON

Mr. Speaker, I am so happy that we gave the Minister of Canadian Heritage an opportunity to toot everybody else's horn. That is in effect what he did. He said the creativity component in Canada is not resident in the Conservative government, unless it involves hands-off, backing away, not encouraging, and perhaps productively, not stepping on toes.

What he said was that right up until now, the Conservatives have not recognized the creative and commercial value that culture brings to the Canadian marketplace.

I accept his Confiteor. That is okay. But he did not answer the question from my colleague from Elmwood—Transcona. My colleague asked what the government was doing to generate commerce through the new media. He asked this because the Minister of Industry said he was able to measure the level of commerce at $62.7 billion, exactly. Up until he said that, everything took place without the help of the Conservative government. So my colleague from the NDP asked what the government was doing, and whether it was doing it with this sound bite legislation.

The true answer is that the government does not know anything about commerce, does not care about the economy, and has no clue how wealth is created. All we have to do is look at the waste it has created and the debt it has incurred, which has put the country on its knees.

Safeguarding Canadians' Personal Information Act
Government Orders

October 26th, 2010 / 5:10 p.m.
See context

Bloc

Carole Freeman Châteauguay—Saint-Constant, QC

Mr. Speaker, as the Bloc Québécois privacy critic, I am pleased to speak today to the government's Bill C-29, which the Minister of Industry introduced in May.

The Bloc Québécois will vote against Bill C-29 because it is yet another bill that shamelessly interferes in an area under provincial jurisdiction.

The Bloc Québécois vigorously opposed the adoption in 2000 of the Personal Information Protection and Electronic Documents Act, which this Bill C-29 seeks to amend.

Of course, we played an active and responsible role in the study of part 1 of the Personal Information Protection and Electronic Documents Act, and we even proposed some changes in an attempt at damage control.

But the Bloc Québécois has always made it very clear that it definitely does not support the legislation that came into force in January 2001. And it was not alone.

In Quebec, the government, businesses, consumers, the Conseil du patronat, editorial writers, constitutional law experts and many others loudly criticized this renewed assault on Quebec's exclusive areas of jurisdiction.

In May 2007, the Bloc Québécois voiced its opposition to this new intrusion into provincial areas of jurisdiction in its dissenting report appended to the Standing Committee on Access to Information, Privacy and Ethics' report on the Personal Information Protection and Electronic Documents Act. Apparently, the recommendations in that report resulted in Bill C-29, which was introduced in the House today.

Both the Personal Information Protection and Electronic Documents Act and this bill, C-29, which would amend the act, are perfect examples of the federal government preying on Quebec's powers yet again.

Basically, the Government of Quebec and the provinces have been arguing since 2000 that, despite the federal government's attempt to justify its bill based on its power to regulate trade and commerce, personal information protection is within the jurisdiction of Quebec and the provinces because of constitutional powers in the areas of property and civil rights.

Constitutional law expert Jacques Frémont of the Université de Montréal was very clear about this when he commented on the original bill that Ottawa was trying to pass. This is what he said:

[This bill] violates both the spirit and the letter of the division of powers, as we must understand it in this country. It denotes an arrogant approach and constitutes an intrusion on the part of the federal government in areas of provincial jurisdiction. Protection of personal privacy is essentially a provincial power. In Quebec, for example, in the area of property and civil rights, it is the Quebec Civil Code that applies, as well as the Canadian and Quebec Charters.

Personal information is very well protected in Quebec. The federal legislation simply overlaps provisions that are already in place. First, section 5 of the Quebec Charter of Rights, adopted in 1975, explicitly states that every person has the right to privacy. Second, chapter 3 of the Civil Code, in particular sections 36 to 40, contains privacy provisions. Third, Quebec's Act respecting the Protection of Personal Information in the Private Sector has also been protecting Quebeckers' personal information since 1993.

In addition, companies under federal jurisdiction that operate in Quebec are already covered by Quebec laws. Quebeckers' privacy rights are fully protected by Quebec law, whether they do business with a company under provincial jurisdiction or a company under federal jurisdiction.

In September 2009, the task force on the future of the Canadian financial services sector published a report that focused on protecting personal information in which it states the following about Quebec's legislation:

On a literal reading, the Quebec law applies to banks as well as other financial institutions. … In the absence of federal legislation on a particular subject matter, validly enacted provincial law may apply to a federal undertaking unless the law prevents the federal undertaking from managing its operations or generally accomplishing its ends.

Moreover, the report stated that Quebec law already applied to interprovincial and international trade as well.

Moreover, the effects of the Quebec law will not be confined to the province. National institutions will face the Act's restriction on the extra-provincial transfer of personal information (about Quebec residents).

The Personal Information Protection and Electronic Documents Act gives the federal government the power to render a Quebec law invalid. That is too much.

The federal act applies to all financial activities unless the Governor in Council orders, if satisfied that a province has adopted similar legislation, that it be exempted in whole or in part. In December 2003, the federal government issued an exclusion order applicable to organizations in Quebec. Unfortunately, not only is the power set out in paragraph 26(2)(b) left to the government’s sole discretion, but it applies only to information within Quebec and held by companies under provincial jurisdiction.

Pursuant to this paragraph, the Governor in Council could therefore, if it wished, order that the laws of Quebec be declared partially or wholly invalid, without even referring the matter to Parliament. This is unacceptable to the Bloc Québécois. It cannot subscribe to any law that goes against the interests of Quebec and it believes that Bill C-29 should not even be discussed in the House: civil law comes under provincial jurisdiction.

Need I remind this House that the concepts of privacy and confidentiality are extremely important in the 21st century, as their application in daily life is becoming especially difficult? Privacy and confidentiality are, in fact, concepts tied to basic rights such as freedom and personal autonomy. Protecting privacy and confidentiality is simply recognizing every individual's right to a private life.

In other words, people have the right to determine when, how and in what way they will communicate information to other people. What I call the right to private life is being threatened today, more than ever, by problems stemming from new information technology, and every privacy protection measure has to take that into account.

The Big Brother George Orwell created in 1948 in his novel 1984 is alive and well among us, and I will not be the last person to talk about that.

Any privacy initiatives, today and in the future, must cover not only the monitoring of information about us, but also protection against unwanted access to our personal information by other people. In fact, that is why our governments have had to create organizations and legislation to protect privacy.

Quebec has been a true pioneer in North America in the area of access to information and protection of privacy, and serves as a reference for all western countries. The Quebec access to information commission was created in 1982, but as early as 1971, with the passage of the Consumer Protection Act, Quebec's lawmakers broke new ground by ensuring all persons the right of access to their credit records.

In 1975, the National Assembly passed the Quebec Charter of Human Rights and Freedoms, recognizing the right of all persons to respect for their privacy and their right to information. This was a historic legislative step that would lay the legal foundations for fundamental principles.

On June 22, 1982, the Quebec National Assembly passed an act respecting access to documents held by public bodies and the protection of personal information, thereby creating the Commission d'accès à l'information du Québec. The National Assembly continued its efforts to protect privacy by adopting the act respecting the protection of personal information in the private sector, which came into force on January 1, 1994.

In Canada during that time, part IV of the Canadian Human Rights Act created the position of Privacy Commissioner in 1977. The commissioner is an officer of Parliament who acts as a privacy ombudsman.

The federal government then passed two pieces of legislation, the Privacy Act in 1983 and the Personal Information Protection and Electronic Documents Act in 2000. The first basically governs the federal public sector and the second, which is of special interest to us here today, has to do more with the private sector in all of Canada, except in provinces that have “substantially similar” provincial legislation.

Alberta, British Columbia and Quebec have their own legislation, since the activities of the private sector generally fall under provincial jurisdiction. However, since the Personal Information Protection and Electronic Documents Act gives the federal government the power to invalidate a Quebec law, there is no way that we can support it.

The two federal acts dedicated to protecting personal information duplicate the Quebec legislation that was passed by the National Assembly to allow individuals to decide for themselves with whom they will share their personal information, as well as for what purposes and under what circumstances. In fact, we must always remember that what constitutes an invasion of privacy for one person, is not necessarily an invasion for another. We all know it is very difficult to ensure that our privacy is respected these days.

At the dawn of the 21st century, the globalization of information and transformation of means of communication have taken great leaps forward, thanks to recent technological advances. However, all these advances present just as many threats to human rights, in particular our right to privacy, and our right to control the distribution and use of our personal information.

Governments and corporations have an insatiable thirst for our personal information. The current Conservative government even believes that collecting a huge quantity of personal information will solve issues of national security and public safety. Under the pretext of implementing new anti-terrorist initiatives, it runs roughshod over the issue of privacy.

Need I emphasize that the private sector's appetite for information is just as great?

It wants to know our names, addresses, purchases, interests and preferences in order to classify, analyze, record and use them in marketing studies, marketing approaches, and to come up with marketable goods. The private sector's lust for our personal information is even more disturbing given that most companies that specialize in collecting this information do not adequately protect it. This information becomes vulnerable to hacking and identity theft.

Bill C-29 that we are examining today concerns the Personal Information Protection and Electronic Documents Act, which establishes the rules governing the collection, use and disclosure of personal information in the private sector, but only in the course of commercial activity

As I mentioned at the start of my speech, the Bloc Québécois will not support this bill, which essentially entails new intrusions into an area of Quebec's jurisdiction. The Bloc Québécois has always clearly indicated that it does not support the federal law, which has been in effect since January 2001. Remaining true to itself and to the interests of Quebeckers, the Bloc will maintain this position.