Bill C-29 (Historical)

Mr. Speaker, I would like to ask the minister a question. I want to read something from the bill. The bill permits organizations to collect, use and disclose information without the knowledge or consent of the individual if the personal information is contained in witness statements related to insurance claims, or was produced in employment or business, or to establish or terminate employment relationship. or required to communicate with next of kin, or disclosed to prevent, detect or suppress fraud or financial abuse and used to identify injured, ill or deceased persons; and finally, for policing services.

We will support the bill to send it to committee to make some changes. Would the hon. member be willing to support changes so we can properly identify lawful authority and policing services?

Mr. Speaker, we are seeking to create the appropriate balance between the rights of individuals to their privacy and also protect society in cases of fraud or crime or to help families of victims or themselves, if they are not capable of helping themselves. That is the balancing act we must play.

As I expressed in my remarks, we think we have achieved that balance, but we are always open to criticism and we are certainly open to constructive criticism. If they are ways we can improve the bill that do not do violence to the intentions of the bill, we would be all ears.

Mr. Speaker, I thank my colleague, the minister, for the work he does on behalf of all Canadians, protecting our personal privacy and ensuring that we are not going to have to share personal private information with the Government of Canada. These changes he is making through PIPEDA address the issues of personal information in the private sector.

I think Canadians are worried about their information. It was a few years ago where Home Sense or one of those companies had credit card information taken from its system. We have known of banks that have lost critical banking and customer information.

Today, with the new technology, photocopiers with hard drives remember digital information and make digital copies of this information.

With all these different forms of technology, whether it is e-commerce, or a customer walking in and doing a credit card transaction or it is photocopy of information on a hard drive, is the bill technology neutral and is will it do more to protect the private information of Canadians in this sense?

Mr. Speaker, I appreciate the member's remarks on this topic. The intention of the bill is to be technology neutral, as the hon. member has suggested. One of the strengthening clauses or improvements from the current legislation is designed to create an obligation on behalf of the private sector when there is a large breach of privacy, a legal obligation to in fact inform customers and inform the Government of Canada that there has been a major privacy breach.

Under the current rules, there is no such obligation. There might be a moral obligation, but there is no legal obligation to do so. We want to ensure that if there has been a large scale breach, there is an obligation to report that.

Mr. Speaker, the previous questioner seemed to be concerned about the privacy of Canadians. Yet we debated for several hours today Bill C-42, An Act to amend the Aeronautics Act. It would allow Canadian carriers to give private information on the PNR to the American security.

How does the minister reconcile this whole effort to update the privacy legislation of the country with Bill C-42, in which we will give information away to American entities without reciprocity? The Conservative government could have demanded the same treatment. The Americans have 2,000 flights a day flying over Canadian airspace. We have 100 flights flying over American airspace.

Surely the government could have said that if the U.S. demanded the information from it, the Canadian government would demand the same information on those 2,000 flights. Did the government do it? I do not believe so.

Mr. Speaker, I feel like I am in a bit of a time warp here. I believe this place was discussing that very bill awhile ago, so I will not rehash that. If the hon. member had a comment at that time, he could have put it on the record.

This deals with is the protection of personal information in the private sector context. We were talking about bank records and transactions, credit card information, all this type of personal information that is now available to private sources, which Canadians are willing to give to be part of the online universe and to be part of a modern economy.

However, at the same time, we have to ensure there are adequate protections that Canadians can reasonably rely on and have confidence in so they can take part in the normal transactions that we do nowadays online or with our banks, or with other private sector institutions. We need to have the faith that the system is designed, in most cases, to protect our privacy, unless there are extraordinary circumstances as outlined in the bill.

Mr. Speaker, the minister and other members of Parliament are always concerned about privacy issues. Has the government taken into account people or companies that might abuse the bill, if it passes, and are there any penalties for that?

Mr. Speaker, there are sanctions. It would not be much of a bill if there were no sanctions to ensure these rights are enforced appropriately. We have been working with the Privacy Commissioner to ensure that she is fully cognizant of this legislation. She has been an active interlocutor in the drafting of the bill to ensure it has teeth and to ensure it can actively do what it intends to do. This has been a most collaborative process with the Privacy Commissioner as well as with other deponents, including consumer rights groups, who have particular expertise in this area. Again, I believe we have the appropriate balance.

I would like to inform the House pursuant to Standing Order 38 that the question to be raised tonight at the time of adjournment is as follows: the hon. member for London—Fanshawe, Aboriginal Affairs.

Resuming debate, the hon. member for Eglinton—Lawrence.

Mr. Speaker, the closing comments by the minister, when he referred to bites, et cetera, reminded me of a statement made by our colleague from Montmorency yesterday. So much of the government legislation is sound bite legislation, “safeguarding Canadians' personal information act”. It almost as if we had a guard dog on site. The only problem is that the guard dog has a bark like a sheep dog and a bite like a chihuahua. When is the government going to get away from sound bite legislation and actually do something worthwhile?

The minister justifies it all by saying we have an Internet economy that is worth some $62.7 billion and so we will ensure we can grow that. The government is not going to do anything about that at all.

What is going to happen is companies that want to get on the Internet for the purposes of expanding their commerce are going to do so. They are not going to worry about whether the government wants to jaw-jaw its way into this. They are going to take a look at this legislation and say that the member from Montmorency is right, that those guys have a bite and a bark like a chihuahua.

This is especially so after the industry committee has made some recommendations to the minister. With the benefit of those recommendations, he still goes ahead and presents legislation that he himself acknowledges requires further study from the committee and make the kinds of suggestions to improve the bill that he knows he must put in place if this will be acceptable legislation.

All of us are desirous of maintaining our privacy, in keeping what is ours to ourselves, keeping our security safeguarded at all times, to ensure that anything that pertains to our person, our businesses, our interests is released only when we think it is appropriate for our sake, for our interest.

For the government to come forward and say that it will safeguard all of that, except in certain circumstances, does not make safeguarding personal privacy interests very secure. What it does is introduce exceptions to kinds of privacy and security that it claims to be support.

Its sound bite title is, like everything else the government does, smoke and mirrors, deception and manipulation.

One can easily applaud the fact that there are amendments to PIPEDA, the Personal Information Protection and Electronic Documents Act, and notice that there is nothing in that title that sounds like a sound bite that it is actually a factual issue, but the government decides to take this legislation and make it look like it has done something else with it. That might enhance its opportunities to sell itself as something proactive.

It took the government four and a half years to discover that 80% of businesses are on the Internet, that means they have a website, and that 88% of Canadians are Internet savvy, that means they can browse the net. All of these things do not a business make, but they are the fertile ground for businesses interested in making their commerce more time sensitive, more immediate and more global.

Bill C-29 amends PIPEDA to, among other things, permit the disclosure of personal information without the knowledge and consent of the individual who possesses that for certain purposes. Some of the purposes will make sense. It is a little bit like the Trojan horse that gives access to a treasure trove in somebody else's domain.

The first of these does sound as if it makes sense. Number one is for identifying an injured, ill or deceased individual, communicating with their next of kin. There are very few people who would say that is bad.

Second is for performing police services. There are no other qualifiers. There are a lot of people who want to know what that means.

Third is for preventing, detecting or suppressing fraud. Successfully or unsuccessfully? What is the intent? Which organization?

Fourth is for protecting victims of financial abuse. How so? By releasing their information?

Another series of amendments is to permit organizations, any organization, for certain purposes not specifically outlined, to collect, to use, to disclose without the knowledge and consent of the individual, his or her personal information, number one, contained in witness statements related to insurance claims. Whose commercial interests are we looking at there? Second is information produced by the individual in the course of his or her employment, business or profession. That is virtually anything. Everybody in this place is producing information literally on a minute-by-minute basis, but some organization is going to have access to that.

Members might say that in a great, open and transparent environment such as the Parliament of Canada, such as the House of Commons, anybody who is engaged in this ought to so admit. It is something that we might have asked the Minister of Defence, for example, who today talked about the complexity of the procurement process and military hardware acquisition as being a little too complicated for the simple-minded public that wants to find out whether it is transparent and whether it meets the test of value for money, as being a bit of an intrusion and just barely tolerable.

This is hardly accountability. It is hardly transparency and it certainly does not lead to the business of openness, but under PIPEDA, everybody else has to operate that way.

A third set would require organizations to report material breaches of security safeguards to the Privacy Commissioner and to notify certain individuals and organizations of breaches that create a real risk of significant harm. Somebody is going to make a judgment. I will come back to that in a moment.

As I go through this, I ask how we can safeguard Canadians' personal information. I am a consumer like everybody else in this House. As an individual and like many people in this House, excluding all those who serve the House, I am a legislator, and I do not believe that my personal information will be any safer, believe it or not, under the current drafting of Bill C-29.

The Government of Canada prepares a piece of legislation by which I, as a member of Parliament, as a consumer, as a private citizen, just like the Minister of Immigration, who is really listening to this, think that my information is easily protected by some of these measures that have gaping holes, in a legislation that did not exist before. It is going to need a lot of amendments in order for me to feel comfortable.

Why do I focus on me, Mr. Speaker? Just like you, we represent the general public and the general public expects us to feel what they feel, to see what they see, to experience what they live every day. There is not a Canadian out there who is not thinking, “Hold up. Is this legislation really designed to protect my privacy, or are they beginning to insinuate some sort of little loophole for others who are involved in business or whatever, to use to my disadvantage?” There are a lot of them out there already.

It is interesting that this legislation did not have this sound bite title that said, “We are going to go after all the crooks. We know they are out there but they are not being reported. We are going to build jails for them so that when we catch them, if we ever put police on the beat and if we ever sustain the court system enough that they will be able to process all of these accused and alleged criminals, we will actually be able to house them”.

That is not what this is about. If that is the kind of intention they have, I do not see that intention in the legislation. Primary in this kind of assessment relates to the requirement that I mentioned a moment ago to report a “material breach of security safeguards involving personal information under its control” to the Privacy Commissioner. That is what is going to happen. All of this is going to be reported to the Privacy Commissioner.

First, the threshold for determining that requirement for that disclosure is ambiguous. I noted that the minister did not make any effort to be specific to give us an indication of where the intent is. He did not give us any indication of the precision of the language. Not only is it ambiguous; it is confusing, quite frankly. As I said a moment ago, it has more holes in it than a retaining wall that has been breached by an invading army.

Second, there is no enforcement provision included in the bill to ensure that this will be done. When my colleague from Montmorency—Charlevoix—Haute-Côte-Nord says that the sound-bite legislation that the Conservatives put in place is a little bit like a chihuahua barking away and trying to bite, he is right. If there is no enforcement mechanism, what is the purpose of making all of these statements? Who are they playing for fools? Do they really think Canadians do not look, do not listen, do not watch, do not critique?

I took a look at what the bill states and under proposed section 10.1:

(1) An organization shall report to the Commissioner any material breach of security safeguards involving personal information under its control.

It does not tell us how it got there in the first place or whether the organization had the right to get it there. It goes on:

(2) The factors that are relevant to determining whether a breach of security safeguards is material include:

Here is a definition for them, and so when I say it is ambiguous, confusing, wide open, it says, first of all, the “sensitivity of personal information”. Who is the best judge of whether personal information is sufficiently sensitive? Is it going to be the organization? Is it going to be the Privacy Commissioner? Is it going to be the person about whom that information is rendered? The proposed section continues:

(b) The number of individuals whose personal information was involved...

This reminds me of days gone by when priests in a confessional were trying to explain to penitents the significance of lies. One of the penitents said, “Father bless me for I have sinned, but it is no big deal; I just told a lie”.

The priest did not know any other way to get the penitent to understand the severity of that lie and said, “I tell you what. Here is a pillow full of feathers. Go up to the top of the hill. It is rather windy right now. I want you to open that pillow.”

The penitent went to the top of the hill, opened the pillow full of feathers and, behold, the wind blew them all over the place.

The penitent went back to the confessional and said, “Father I did what you asked me to do”.

The priest said, “Good, go pick them all up”.

The penitent said, “I cannot do that. Those things have gone for miles and miles now”.

Members can understand what the priest said then. That is the gravity of personal information about which one spreads lies, but the bill does not say that the person about whom information is being supplied has any control over it. Somebody else is shaking that pillow at the top of the hill. The proposed section continues:

(c) An assessment by the organization that the cause of the breach or a pattern of breaches indicates a systemic problem.

Yes, that will happen. Every organization is willing to beat its chest and say, “Mea culpa, mea culpa, mea maxima culpa”. It is not going to happen. Very few people did it in times when people spoke Latin, and now that English has replaced Latin as the lingua franca, there are even fewer people.

So who makes the determination? Mr. Speaker, I guess you are like me. If it were my personal information that was being breached, I would want to report it to the commissioner. Yet Bill C-29 leaves that decision up to the organization that is supposedly making the report if not, in fact, the breach.

Bill C-29 also states that under proposed subsection 10.2(1), “Unless otherwise prohibited by law,” and look at that loophole:

an organization shall notify an individual of any breach of security safeguards involving the individual’s personal information under the organization’s control if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to the individual.

As the hon. member for Elmwood—Transcona said a few moments ago, so now the Americans, under Bill C-42 that the House had discussed before, can ask any of our domestic airlines, our carriers, to give them every piece of information in their possession, including everything one can name from there on in, everything one has to lay bare when one goes to buy a plane ticket. Bill C-29 essentially says that organization can do all of that.

What is the definition of significant harm under proposed subsection 10.2(2)? It is:

For the purpose of subsection (1), “significant harm” includes bodily harm, humiliation, damage to reputation or relationships, loss of employment, business or professional opportunities, financial loss, identity theft, negative effects on the credit record and damage to or loss of property.

Now one has to prove how significant that was. There are not very many people who are going to be better defenders of one's character and one's interest than oneself.

Real risk of significant harm and the factors that have to be included are those that are relevant to determining whether a breach of security safeguards creates real risk of significant harm to the individuals, and have to include the following. Listen to this. They have to include this:

(a) the sensitivity of the personal information involved in the breach;

Who is making the decision on the sensitivity? Somebody else.

It goes on:

(b) the probability that the personal information has been, is being or will be misused.

I am just thinking of Bill C-42. Any foreign state can ask of a Canadian carrier information that it will say is not going to be a problem and it is not going to do anything nasty with it, so the probability of that personal information being used or misused is practically nil, so it will take it all. Oh, good.

Again, while the conditions are defined, the interpretation is wide open and even includes variables that are impossible to determine. For example, how can an organization assess the probability that the personal information will be misused?

Most critical is that there is no enforcement and there are no penalties if the organization does not disclose a breach. This is untenable.

Other jurisdictions with similar laws have very high penalties for non-prompt disclosure. Let me see. I wonder where those other jurisdictions are.

Well, for example, right here in Canada, under the Alberta Personal Information Protection Act, PIPA, individuals and organizations can be fined up to $10,000 and $100,000 respectively for failing to notify the commissioner of a breach. There is an onus of responsibility. There is none in Bill C-29.

In Florida, which is just down the road, there are penalties of up to $500,000 for similar breaches. I mention Florida especially since our carriers are going to have to reveal everything to the Americans anyway; it is about a three-hour flight from Pearson Airport in Toronto. In Michigan, penalties run up to $750,000. Bill C-29 has no penalty. Why would these jurisdictions, including Alberta, have penalties and not the federal act that the government wants us to believe is the best thing since sliced bread?

Mr. Speaker, the minister made his speech with a lot of flourish and he answered a couple of questions. He talked about $62 billion in e-commerce in Canada. The question comes down to the nature of the government's role in e-commerce and government online.

We have seen a big change in the last five years, in comparison with the previous government. The Conservative government has no vision when it comes to e-commerce. It has no vision when it comes to government online programs and broadband development.

I would like to know how much money the government is collecting on a transactional basis. Under the old Liberal government, there were a number of e-government programs that provided services to the public. They were transactional, and they contributed to the general revenues.

I would like to know what the Conservatives have done in the last five years to expand e-government services to the people of Canada. How much of it is transactional?

Lots.

The minister says they have done lots, Mr. Speaker. I would like to know how much money is being brought in on a year over year basis from government online programs. What is the government's vision for the future?

It is fine for the government to address these matters piecemeal, with a bill on spam and a bill making changes to PIPEDA, but what is its vision on e-commerce, government online, and broadband issues? Governments like those in Australia and England have a vision for these areas.

Mr. Speaker, I find myself ill-equipped to defend the Conservative government. There was a time when I would defend the Government of Canada because it was a Liberal government that had a vision on governance and on providing a future for Canadians. It did not matter what part of the country they were in. For my colleague's information, he may wish to ask one of the government members sitting here listening to the debate.

He will know that one of the first things that the Conservative government did when it came to power was to put over to one side, first, the initiatives of its predecessor in delivering government services online, and second, all the initiatives designed to provide greater service to Canadians at a reduced cost. For example, all the initiatives associated with Service Canada were put on hold, even though the system had been up and running for a year, because the Conservatives needed to see whether there was efficiency in service.

In addition, the Conservatives cut back on all kinds of services associated with immigration. They needed to bring the number of applicants down, and the best way to do that was to reduce the services provided in posts abroad, so that fewer applications would be received. When fewer applications are received, less revenue is being generated.

As for the revenues the Conservative government has generated from an e-commerce perspective, or what it has done to develop e-governance and government online, I can only say that the short answer is nothing.

If the member does not believe me, he could go to the trouble of reading today's Auditor General's report. The Auditor General looked at a series of departments and said that over the last five years there has been a reduction in efficiencies and direction. A reduction was seen in the parameters that are put in place to manage efficiencies. Her department saw a reduction in accountability and an increase in waste.

If my colleague were to ask if there is a correlation between a having a vision and the wasting and squandering of opportunities, I would say there is. The government opposite has chosen the chihuahua approach to governance: to be a little pipsqueak and do nothing.

Mr. Speaker, I want to respond to the member from the New Democrat Party. I know that the member for Eglinton—Lawrence was on a roll about chihuahua governments, but I will bring him back to the issue at hand.

The member from the NDP asked what the government was doing about e-commerce. What 1995 language. It demonstrates a gap between what is actually happening in the digital field versus what was happening in the 1990s. I will speak on my own portfolio, as Minister of Canadian Heritage. We are proud of digitizing government content and ensuring that Canadian content is being supported as never before in the new media.

First, we put forward Bill C-32, a good-faith, comprehensive effort to modernize copyright legislation. We are prepared to work with all opposition parties to ensure that this legislation is effective. We have a stand-alone legislative committee, and this bill is going to go forward and help to advance in the digital economy. The first thing that the government has to do is protect people from those who want to harm Canada's creators by stealing from them, ripping them off and legitimizing piracy. We are going to do that.

There are other things that we have done in my department. We have created the Canada media fund. Previously, we had the Canada television fund and the Canada new media fund. To support digital products by Canada's creators, we merged the two to create the Canada media fund. We wanted to ensure that these products are available on the platforms that our media creators choose, not only to support television content but also to support new media, video games, stuff that is streaming online, and stuff that is available for download. We wanted to ensure that Canada's creators have access to more money than ever before to support the creation of content in the digital platform that they choose.

Although we were in a recession, we made a commitment in the last election campaign to maintain or increase funding for the CBC. We have kept our word. The reason is that the CBC has modernized itself. It has become a true pan-Canadian multimedia platform for Canadian content. We have worked with the CBC to ensure that this is the role that it performs. The National Film Board has iPad and iPhone apps that for the first time make it possible to stream Canadian digital content online. Tens of thousands of Canadian films and shorts, children's shows, and documentaries are available online, free, through the web, through iPad apps. We have gone across the board. There is a publications fund to support the digitization of magazines.

No other government in Canadian history has made a more comprehensive and aggressive effort to ensure the digitization of Canadian content and government information.

Mr. Speaker, I am so happy that we gave the Minister of Canadian Heritage an opportunity to toot everybody else's horn. That is in effect what he did. He said the creativity component in Canada is not resident in the Conservative government, unless it involves hands-off, backing away, not encouraging, and perhaps productively, not stepping on toes.

What he said was that right up until now, the Conservatives have not recognized the creative and commercial value that culture brings to the Canadian marketplace.

I accept his Confiteor. That is okay. But he did not answer the question from my colleague from Elmwood—Transcona. My colleague asked what the government was doing to generate commerce through the new media. He asked this because the Minister of Industry said he was able to measure the level of commerce at $62.7 billion, exactly. Up until he said that, everything took place without the help of the Conservative government. So my colleague from the NDP asked what the government was doing, and whether it was doing it with this sound bite legislation.

The true answer is that the government does not know anything about commerce, does not care about the economy, and has no clue how wealth is created. All we have to do is look at the waste it has created and the debt it has incurred, which has put the country on its knees.

Mr. Speaker, as the Bloc Québécois privacy critic, I am pleased to speak today to the government's Bill C-29, which the Minister of Industry introduced in May.

The Bloc Québécois will vote against Bill C-29 because it is yet another bill that shamelessly interferes in an area under provincial jurisdiction.

The Bloc Québécois vigorously opposed the adoption in 2000 of the Personal Information Protection and Electronic Documents Act, which this Bill C-29 seeks to amend.

Of course, we played an active and responsible role in the study of part 1 of the Personal Information Protection and Electronic Documents Act, and we even proposed some changes in an attempt at damage control.

But the Bloc Québécois has always made it very clear that it definitely does not support the legislation that came into force in January 2001. And it was not alone.

In Quebec, the government, businesses, consumers, the Conseil du patronat, editorial writers, constitutional law experts and many others loudly criticized this renewed assault on Quebec's exclusive areas of jurisdiction.

In May 2007, the Bloc Québécois voiced its opposition to this new intrusion into provincial areas of jurisdiction in its dissenting report appended to the Standing Committee on Access to Information, Privacy and Ethics' report on the Personal Information Protection and Electronic Documents Act. Apparently, the recommendations in that report resulted in Bill C-29, which was introduced in the House today.

Both the Personal Information Protection and Electronic Documents Act and this bill, C-29, which would amend the act, are perfect examples of the federal government preying on Quebec's powers yet again.

Basically, the Government of Quebec and the provinces have been arguing since 2000 that, despite the federal government's attempt to justify its bill based on its power to regulate trade and commerce, personal information protection is within the jurisdiction of Quebec and the provinces because of constitutional powers in the areas of property and civil rights.

Constitutional law expert Jacques Frémont of the Université de Montréal was very clear about this when he commented on the original bill that Ottawa was trying to pass. This is what he said:

[This bill] violates both the spirit and the letter of the division of powers, as we must understand it in this country. It denotes an arrogant approach and constitutes an intrusion on the part of the federal government in areas of provincial jurisdiction. Protection of personal privacy is essentially a provincial power. In Quebec, for example, in the area of property and civil rights, it is the Quebec Civil Code that applies, as well as the Canadian and Quebec Charters.

Personal information is very well protected in Quebec. The federal legislation simply overlaps provisions that are already in place. First, section 5 of the Quebec Charter of Rights, adopted in 1975, explicitly states that every person has the right to privacy. Second, chapter 3 of the Civil Code, in particular sections 36 to 40, contains privacy provisions. Third, Quebec's Act respecting the Protection of Personal Information in the Private Sector has also been protecting Quebeckers' personal information since 1993.

In addition, companies under federal jurisdiction that operate in Quebec are already covered by Quebec laws. Quebeckers' privacy rights are fully protected by Quebec law, whether they do business with a company under provincial jurisdiction or a company under federal jurisdiction.

In September 2009, the task force on the future of the Canadian financial services sector published a report that focused on protecting personal information in which it states the following about Quebec's legislation:

On a literal reading, the Quebec law applies to banks as well as other financial institutions. … In the absence of federal legislation on a particular subject matter, validly enacted provincial law may apply to a federal undertaking unless the law prevents the federal undertaking from managing its operations or generally accomplishing its ends.

Moreover, the report stated that Quebec law already applied to interprovincial and international trade as well.

Moreover, the effects of the Quebec law will not be confined to the province. National institutions will face the Act's restriction on the extra-provincial transfer of personal information (about Quebec residents).

The Personal Information Protection and Electronic Documents Act gives the federal government the power to render a Quebec law invalid. That is too much.

The federal act applies to all financial activities unless the Governor in Council orders, if satisfied that a province has adopted similar legislation, that it be exempted in whole or in part. In December 2003, the federal government issued an exclusion order applicable to organizations in Quebec. Unfortunately, not only is the power set out in paragraph 26(2)(b) left to the government’s sole discretion, but it applies only to information within Quebec and held by companies under provincial jurisdiction.

Pursuant to this paragraph, the Governor in Council could therefore, if it wished, order that the laws of Quebec be declared partially or wholly invalid, without even referring the matter to Parliament. This is unacceptable to the Bloc Québécois. It cannot subscribe to any law that goes against the interests of Quebec and it believes that Bill C-29 should not even be discussed in the House: civil law comes under provincial jurisdiction.

Need I remind this House that the concepts of privacy and confidentiality are extremely important in the 21st century, as their application in daily life is becoming especially difficult? Privacy and confidentiality are, in fact, concepts tied to basic rights such as freedom and personal autonomy. Protecting privacy and confidentiality is simply recognizing every individual's right to a private life.

In other words, people have the right to determine when, how and in what way they will communicate information to other people. What I call the right to private life is being threatened today, more than ever, by problems stemming from new information technology, and every privacy protection measure has to take that into account.

The Big Brother George Orwell created in 1948 in his novel 1984 is alive and well among us, and I will not be the last person to talk about that.

Any privacy initiatives, today and in the future, must cover not only the monitoring of information about us, but also protection against unwanted access to our personal information by other people. In fact, that is why our governments have had to create organizations and legislation to protect privacy.

Quebec has been a true pioneer in North America in the area of access to information and protection of privacy, and serves as a reference for all western countries. The Quebec access to information commission was created in 1982, but as early as 1971, with the passage of the Consumer Protection Act, Quebec's lawmakers broke new ground by ensuring all persons the right of access to their credit records.

In 1975, the National Assembly passed the Quebec Charter of Human Rights and Freedoms, recognizing the right of all persons to respect for their privacy and their right to information. This was a historic legislative step that would lay the legal foundations for fundamental principles.

On June 22, 1982, the Quebec National Assembly passed an act respecting access to documents held by public bodies and the protection of personal information, thereby creating the Commission d'accès à l'information du Québec. The National Assembly continued its efforts to protect privacy by adopting the act respecting the protection of personal information in the private sector, which came into force on January 1, 1994.

In Canada during that time, part IV of the Canadian Human Rights Act created the position of Privacy Commissioner in 1977. The commissioner is an officer of Parliament who acts as a privacy ombudsman.

The federal government then passed two pieces of legislation, the Privacy Act in 1983 and the Personal Information Protection and Electronic Documents Act in 2000. The first basically governs the federal public sector and the second, which is of special interest to us here today, has to do more with the private sector in all of Canada, except in provinces that have “substantially similar” provincial legislation.

Alberta, British Columbia and Quebec have their own legislation, since the activities of the private sector generally fall under provincial jurisdiction. However, since the Personal Information Protection and Electronic Documents Act gives the federal government the power to invalidate a Quebec law, there is no way that we can support it.

The two federal acts dedicated to protecting personal information duplicate the Quebec legislation that was passed by the National Assembly to allow individuals to decide for themselves with whom they will share their personal information, as well as for what purposes and under what circumstances. In fact, we must always remember that what constitutes an invasion of privacy for one person, is not necessarily an invasion for another. We all know it is very difficult to ensure that our privacy is respected these days.

At the dawn of the 21st century, the globalization of information and transformation of means of communication have taken great leaps forward, thanks to recent technological advances. However, all these advances present just as many threats to human rights, in particular our right to privacy, and our right to control the distribution and use of our personal information.

Governments and corporations have an insatiable thirst for our personal information. The current Conservative government even believes that collecting a huge quantity of personal information will solve issues of national security and public safety. Under the pretext of implementing new anti-terrorist initiatives, it runs roughshod over the issue of privacy.

Need I emphasize that the private sector's appetite for information is just as great?

It wants to know our names, addresses, purchases, interests and preferences in order to classify, analyze, record and use them in marketing studies, marketing approaches, and to come up with marketable goods. The private sector's lust for our personal information is even more disturbing given that most companies that specialize in collecting this information do not adequately protect it. This information becomes vulnerable to hacking and identity theft.

Bill C-29 that we are examining today concerns the Personal Information Protection and Electronic Documents Act, which establishes the rules governing the collection, use and disclosure of personal information in the private sector, but only in the course of commercial activity

As I mentioned at the start of my speech, the Bloc Québécois will not support this bill, which essentially entails new intrusions into an area of Quebec's jurisdiction. The Bloc Québécois has always clearly indicated that it does not support the federal law, which has been in effect since January 2001. Remaining true to itself and to the interests of Quebeckers, the Bloc will maintain this position.

Mr. Speaker, I know my colleague has difficulty with this legislation and has made a very strong case for its intrusion into the jurisdiction of Quebec.

I have a couple of questions for her about how the Quebec legislation deals with some of the issues that are dealt with in Bill C-29, particularly the situation around a material breech. When a material breech of personal information has occurred, what sorts of notification requirements does the legislation in Quebec require?

This is one of the areas where this bill that is before the House today is seen as failing by a number of newspaper commentators and by people who follow the questions of protection of personal information in Canada. The question of what corporations are required to do when personal information has been breeched is an important one and maybe she could tell us what the legislation in Quebec requires in those kinds of instances.

Mr. Speaker, in Quebec, we have laws that cover all the provincial jurisdictions. Anything to do with personal information—names, addresses, etc.—is covered by the laws that I mentioned in my speech.

Currently, this jurisdiction is a civil matter and is protected by the Civil Code. The very fact that we are discussing Bill C-29 in the House is inappropriate. This bill encroaches on provincial jurisdictions, and I am shocked that the provinces, like Ontario for example, are not reacting more and are allowing inappropriate laws that intrude into their jurisdictions to be imposed on them like this. I am completely shocked to see that.

However, I am reassured that two other provinces, Alberta and British Columbia, have also implemented legislation similar to what is done federally. To date, when a provincial law exists, the federal government has let the provincial law take precedence, which is why Bill C-29 would not currently be applicable in Quebec, Alberta or British Columbia. Provincial laws govern this data in the private sector.

I would like to thank my colleague for this question, which allowed me to clarify this.

Mr. Speaker, I will try again with another angle because I suspect there are things that we can learn from the experience of Quebec when it comes to passing legislation in this area and administering that legislation.

I know the member is not supporting Bill C-29 and that she sees it as an intrusion into the jurisdiction of Quebec, but the bill exempts business contact information from the provisions of PIPEDA, which means that any information an organization or business collects, uses or discloses solely for the purposes of communicating or facilitating communication with the individual in relation to their employment, business or profession is exempt.

I am just wondering if there is a similar exemption for business contact information in the Quebec legislation, which is now being contemplated in the bill that we have before us today here in the House.

Mr. Speaker, I have already answered that question. We have similar legislation that covers these exemptions and this information. In any case, the legislation we have in Quebec is valid and is part of our jurisdiction. We provide precisely those protections. In many western countries, Quebec has always been regarded as a leader, an innovator and a model when it comes to its legislation.

This legislation truly comes under provincial jurisdiction. It is ours. It comes under civil law. In Quebec, we have all the bases covered when it comes to personal information.