Bill C-12 (Historical)

Very well.

Bill S-4 could force private sector organizations to report any losses or breaches of personal information. However, unlike what is set out in Bill C-12, the test proposed for this mandatory reporting is subjective since it enables the organizations themselves to determine, and I quote:

if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to the individual.

In your view, is that test reasonable?

Your time is pretty much up; there are about 10 seconds left. But I would like to clarify, perhaps, Mr. Jenkin's response.

The PIPEDA act is up for review. It was due to be reviewed about two years ago. It was reviewed once about seven years ago, and the government's response to that review was Bill C-28, which died on the order paper, and Bill C-12, which died on the order paper. So if there was a government response, none of those elements was ever implemented; the act was never amended or changed.

I don't want Mr. Ravignat to think that a review led to amendments to the act. It did not.

Or did you mean something else?

Mr. Speaker, I have a great crowd behind me, because this is a really important bill. There is such a great response. I really want to thank my colleague from Terrebonne—Blainville for working on this important piece of legislation. She deserves congratulations for a lot of reasons. It is a great piece of legislation.

My colleague was elected in 2011. She is proof positive than an individual MP can advocate for constituents, give a caucus important advice in a critic role, represent NDP values in a critic area, and make concrete legislative suggestions to the House. The fact that we have such a good piece of legislation before us speaks volumes about her ability to make a difference here in Parliament.

The former CEO of Google, Eric Schmidt, said that as of 2010, we create more information in just two days than was ever created up to and including 2003. That is an incredible statistic. It is massive. We create about 2,000 years' worth of information every couple of days. That is just one way of measuring how the digital world we live in today is different even compared to just 10 years ago.

Change is happening quickly when it comes to technology, innovation, and information sharing. It is increasingly an issue for Canadians, because in the last 10 years, with the growth of the digital economy, social media, and Internet access, greater amounts of personal data are shared. They are collected, used, and disclosed.

This bill identifies a problem. The problem is that our privacy laws are not built for a digital age when we create and share so much personal information.

PIPEDA was adopted in 2000. I remember it quite well, because I was a law student, starting in 2001, and we talked about what the implications would be for the groups, organizations, and communities we worked with. At that time, there were almost no social networking sites, microblogging sites, or video-sharing sites. Tumblr and YouTube did not exist, and there was no such thing as Facebook. I remember the first time I ever googled something, and it certainly was not a verb at that time.

Now over 18 million Canadians have a Facebook account, including many of us here in the House. A lot of us use this form of social networking. That number of 18 million Canadians is more than half of Canada's population, which is incredible.

Can anyone remember a time when they could not YouTube a viral video or find an old friend on Facebook? It was a completely different world 10 years ago. Now we are light years ahead of where we were in 2000.

What we are talking about here would transform the digital world in Canada. It is the type of change that affects Canadians on a huge scale. As Canadians, we are incredibly connected. We are the second-greatest Internet users in the world. More than 80% of us access the Internet regularly. Approximately 70% of us think that our personal data is less secure and less protected than it was 10 years ago, and 97% of Canadians would like to know when their personal information has been exposed because of a data breach.

It is worth noting these statistics, because most Canadians agree with the goals of this bill. It is absolutely unthinkable that we would expose so many Canadians to risks to their online privacy, especially when many people are aware of and concerned about these risks.

We need to update our privacy laws to recognize these changes and keep up with them; otherwise, we risk leaving Canadians unprotected. Canadians have moved on from 2001. It is time that our privacy protection laws moved on as well.

I would like to stress the importance of taking advantage of the opportunity this bill presents. We know that the Conservatives presented a privacy bill, Bill C-12, that came out of the 2006-2007 review of PIPEDA. However, it has been languishing on the order paper since 2011. That is far too long. Not one but two PIPEDA reviews are overdue.

We need privacy protection for the 21st century, but we also need it in the 21st century. Bill C-475 responds to these pressing challenges for protecting our privacy in a new digital age.

In a May 2013 review of PIPEDA, the Office of the Privacy Commissioner of Canada identified pressure points where PIPEDA needed to be changed. The first two of these pressure points, and arguably the most important ones, are addressed in Bill C-475.

The first pressure point identified in the report was enforcement. The report points to the fact that under PIPEDA the Privacy Commissioner is limited to the role of an administrative investigator, and that while she may seek resolution through negotiation, persuasion, and mediation, she actually has no enforcement powers.

The report says:

The days of soft recommendations with few consequences for non-compliance are no longer effective in a rapidly changing environment where privacy risks are on the rise. It is time to put in place financial incentives to ensure that organizations accept greater responsibility for putting appropriate protections in place from the start, and sanctions in the event that they do not. Without such measures, the Privacy Commissioner will have limited ability to ensure that organizations are appropriately protecting personal information in the age of Big Data.

Bill C-475 answers this recommendation in giving enforcement powers to the Privacy Commissioner to order organizations to comply with privacy legislation and to fine them if they refuse to take action within an established time period.

The second pressure point in the Privacy Commissioner's report was to “shine a light on privacy breaches”. It recommended that PIPEDA should:

require organizations to report breaches of personal information to the Commissioner and to notify affected individuals, where warranted, so that appropriate mitigation measures can be taken in a timely manner.

This is really common sense. First of all, we want to know when our personal information has been put at risk. As I said before, 97% of Canadians agree that they want to know when there has been a breach in their privacy. The harm that comes from these breaches can include identity theft, financial loss, negative credit ratings, and even physical harm. We should be aware that we have been exposed to a higher level of these risks when our privacy has been breached.

I will wrap up by saying that the Privacy Commissioner stressed that too often the rights of individuals are displaced by organizations' business needs and that it is becoming increasingly clear that the balance between these rights and needs is no longer there.

I would like the House to know that New Democrats are not stuck in the past. We recognize the imbalance, and with the bill we will take the first steps to make sure to protect the interests of businesses and consumers in the new digital age.

Mr. Speaker, it is a pleasure to contribute to this debate today. I listened to the parliamentary secretary speak to the bill. He left out a few interesting facts.

Bill C-12, which was the government's bill, was introduced in 2007. Five long years have passed since then, and the government has not kept its commitment to changing PIPEDA and making the necessary changes. Twice the bill has fallen off the order paper. The government has not been taking PIPEDA very seriously at all.

I commend the member for bringing forward the bill. It would deal with two small measures. First, it talks about reporting the loss or disclosure of unauthorized access to personal information. Where a reasonable person would conclude that there exists some possible risk, the commissioner would have to be notified. The other part would give the commissioner some actual teeth to dig in and fine when personal information is lost.

We, as a government, are falling behind the rest of the world when it comes to protecting people's privacy.

I find it comical that the parliamentary secretary says that PIPEDA has kept its relevance. I am going to quote Commissioner Stoddart with respect to its relevance. She stated:

Back in 2001, when PIPEDA began coming into force, – and even when I became Privacy Commissioner in 2003 – there was no Facebook, no Twitter and no Google Street View. Phones weren't smart. “The cloud” was something that threatened picnic plans. And predictive analytics was largely the domain of tarot card readers.

A lot has changed since 2001, and our PIPEDA legislation just has not kept up.

This is a good start. It would give the commissioner more enforcement powers. Currently the commissioner can only publicly shame a company for breaching PIPEDA. It is time for the commissioner to have the strong enforcement powers needed. Some of that may have been contained in the government's bill, Bill C-12, but that bill has not seen the light of day.

Bill C-475 is with us now. It is something we need to refer to committee. We need to update our privacy laws, and we will be supporting the bill.

Mr. Speaker, I am pleased to speak to private member's Bill C-475 as presented by my hon. colleague from across the aisle.

Bill C-475 proposes to amend the Personal Information Protection and Electronic Documents Act known as PIPEDA, a law that has been in place for over a decade. PIPEDA has proven its value and retained its relevance in the face of unprecedented technological change.

At its core, PIPEDA gives individuals control over whether and how their personal information can be collected, used or disclosed during commercial activity. This protection fosters trust and confidence in the online marketplace, an important part of the Canadian economy that is growing by leaps and bounds.

The government is committed to updating PIPEDA. In fact, the Minister of Industry met with the Privacy Commissioner only yesterday. However, any changes that are proposed should have been discussed thoroughly with business, consumer advocates and academics or fall within the framework of the existing legislation, as is the case with the former Bill C-12. The proposed new measures put forward in Bill C-475 were not. The proposed amendments in Bill C-475 give the Privacy Commissioner new powers and present a major change to PIPEDA and the role of the commissioner. The impact of such a change on all stakeholders has not been considered.

The Privacy Commissioner's role as defined in PIPEDA is to serve as an ombudsman, a role she has performed impressively to the great benefit of Canadians. Indeed, the commissioner has been internationally recognized and applauded for her success. It was in recognition of this that her term was extended to three years in 2010.

As the commissioner's term enters its final months, the government is pleased to have this opportunity to express its gratitude for the commissioner's dedication to the protection of the privacy of Canadians.

Let us begin by highlighting some of the successes so far. PIPEDA's ombudsman model has proven very successful in setting a high standard for the protection of personal information in Canada. PIPEDA allows for mediated solutions to privacy conflicts that can give both individuals and companies a clear understanding of their rights and responsibilities. A less formal dispute-resolution mechanism is far less intimidating for individuals and easier for them to navigate.

PIPEDA's current oversight and redress regime reflects a deliberate decision by Parliament to adopt a mechanism that avoids litigation when resolving privacy disputes. PIPEDA also provides the Privacy Commissioner with a range of powers to address privacy issues. She can investigate, enter premises and compel evidence, mediate a settlement, make recommendations, publish the names of those who contravene PIPEDA and take matters to the Federal Court.

Bill C-475 would give the Privacy Commissioner new, quasi-judicial enforcement powers. Unfortunately, the enforcement regime proposed by the private member's bill is fraught with procedural failings. As my colleagues will note, the bill contains a list of consequences for non-compliance. This includes a monetary penalty of up to $500,000, a very significant amount.

However, should penalties imposed on small firms be as large as those for multinationals? Unfortunately, the bill completely overlooks this matter. The size of the firm or its ability to bear the burden of monetary penalty is apparently not a factor to be considered.

Given the potential severity of the monetary penalty, it is also puzzling to observe that this particular remedy only applies to failure to comply with orders. Indeed, organizations that have been found to wilfully violate the privacy of individuals, including those that have profited significantly from the violation, are not subject to this penalty. They are only penalized if they have failed to change their ways after having been caught. There are many outstanding issues and questions with respect to the enforcement measures that are being proposed in Bill C-475.

PIPEDA already provides the Federal Court with the ability to provide any remedy it deems appropriate, including orders to correct practices, award damages, or order offending parties to publish a notice of corrective action. Clearly, PIPEDA establishes a comprehensive process for taking action against privacy violations. Businesses, both large and small, together with individuals, have found much success in the resolution of their disputes.

We must ask, then, how the proposed enforcement measures are going to affect the level of co-operation that exists between organizations subject to PIPEDA and the Privacy Commissioner. Would the enforcement regime of Bill C-475 change the current dynamic between organizations subject to PIPEDA and the commissioner, making the parties more adversarial and the process counterproductive? These are questions that cannot be taken lightly.

Finally, the implications of these new powers on the structure and resources of the Privacy Commissioner's office do not seem to have been considered during the drafting of Bill C-475. The new powers would place an undue burden on personnel within the Privacy Commissioner's office. One cannot simply add new enforcement powers to a law without thorough study and consideration of the impact on its existing oversight regime or on its regulator.

We cannot support Bill C-475. There are too many omissions and fundamental questions left unanswered in this bill.

In spite of the difficulties with this private member's bill, though, the issue of compliance with PIPEDA certainly warrants further exploration. The government will continue to send a strong message about the importance of complying with PIPEDA, given its critical role in building trust and confidence in the online marketplace. Furthermore, there must be an opportunity for all Canadians with an interest in privacy issues to be comprehensively canvassed and thoroughly heard.

To conclude, the government does not support private member's Bill C-475. Instead, the government remains committed to updating PIPEDA in a more considered and comprehensive manner. Our government will have a balanced approach, one that takes seriously the protection of private information while establishing a regulatory framework that is workable for businesses.

moved that Bill C-475, An Act to amend the Personal Information Protection and Electronic Documents Act (order-making power), be read the second time and referred to a committee.

Mr. Speaker, I am having a déjà vu. I feel like I already delivered a speech for the first hour of debate.

I am very pleased to have the opportunity to reopen the debate on an issue that is extremely important for Canadians and our digital industry and that is the issue of protecting personal information.

My Bill C-475 seeks to modernize the Personal Information Protection and Electronic Documents Act, which has not been updated since the arrival of the first generation of iPod. That is an eternity in a modern and ever-changing society like ours. Several million Canadians have never known a world without smart phones. This legislation that governs crucial aspects of our lives does not respond to the challenges of our time.

As I have already mentioned, we use the Internet every day. We use the Web to socialize, share our ideas with others, work, contribute to the Canadian and global economies, participate in democracy and educate ourselves. The Internet is indispensable to our personal, academic and professional development.

The Internet is central to the lives of both children and adults, who use it for entertainment and as a work tool. However, all of our web activities create a digital information footprint, which makes it even more clear that we need to protect our information.

I would like to share some facts that show how big a role the Internet plays in our lives. Quebeckers and Canadians spend about 45 hours a week online More than 70% of Canadians use it daily. Our citizens have more than 18 million Facebook accounts. The digital economy is a sector that is growing exponentially.

Our democracy is becoming increasingly digitized. One example is petitions, which allow our citizens to speak up and become involved in regional, national and international issues. Canada as a country is firmly plugged in.

We are increasingly managing our lives digitally. Because of this major shift, new rules are needed. These rules must take into account the new risks associated with this shift.

Since the beginning of this year, we have seen what a huge impact the loss of personal information has on our communities, for all citizens, regardless of their vulnerability or level of digital literacy. Millions of Canadians are affected by the loss of information, and this is happening more frequently every year, according to the Privacy Commissioner.

A study published in 2011 showed that every publicly traded Canadian company experiences an average of 18 privacy breaches a year. That is a lot.

Two recent reports revealed that 7 million Canadians have lost $3 billion as a result of cybercrimes. The most common crimes are identity theft and privacy and security breaches. Companies should protect against such breaches.

These reports said that 94% of companies say that they have never experienced a privacy breach. These numbers frighten me. In addition, the more information that is shared on the Internet and our smart phones, the more chances there are that our information could be lost or stolen. This only encourages crime groups in the very lucrative phishing market that have managed to scam thousands of Canadians and steal $76 million, last year alone, through 156 million emails sent from all over the world.

This is an international problem and we have to address it immediately. Unfortunately, the current legislation to protect privacy and Canadians' personal information has not been updated to address these risks and put in place appropriate measures for our society.

The current legislation does not provide for Canadians to be notified of a breach of their personal information. In fact, organizations are not required to notify them, regardless of the seriousness of the breach. This means that they cannot take appropriate action to protect their identity or their credit in order to reduce any harm they might suffer.

Compliance with Canadian legislation governing the sharing of personal information is another major problem in Canada. In 2011, the Privacy Commissioner noted that a quarter of the most-visited websites in Canada do not comply with Canadian law; they disclose our data without our consent. What is much worse is that companies that choose to ignore our laws do not currently suffer any consequences.

For more than 10 years, Canadians have been waiting for a better regulatory framework, and they are rightly expecting results. It is in that spirit that I decided to draft Bill C-475.

I would like to quickly remind my colleagues of the two simple and effective mechanisms proposed by Bill C-475 to enhance the protection of Canadians' personal information.

First off, Bill C-475 requires that the Office of the Privacy Commissioner be notified by any organization having personal information under its control when there is a possible risk of harm to users. Experts in the commissioner's office will assess the seriousness of the situation against a criterion for harm that sets a high standard. They will recommend whether or not the organization should notify the users affected. This mechanism allows for an objective analysis of the risk and better management of the risk through an expectation of a high level of security, rather than a subjective analysis based on the interests of the organization, which may differ from the interests of users.

In addition, objective risk analysis will ensure that users are not bombarded with notifications of data breaches that do not affect them at all or present a minimal risk. Indeed, this framework will ensure that users are not bombarded with useless notifications. They will only be notified after a thorough risk assessment by the Office of the Privacy Commissioner. The process will empower Canadians to take steps to protect themselves much more quickly, in addition to reducing the harm done to them.

The second mechanism provided for in Bill C-475 is designed to give the Office of the Privacy Commissioner order-making power when an organization fails to obey the law.

The Federal Court would have legislated authority to penalize organizations that fail to carry out an order issued by the commissioner.

These mechanisms are straightforward and clarify the commissioner's powers. In short, the Office of the Commissioner will now have the power to enforce the law, which unfortunately is not now the case. All too often, the commissioner's recommendations are not being followed, and it is Canadians' privacy that is suffering.

This bill was drafted to address the concerns of Canadians, people in the digital industry, civil liberties organizations, Internet experts and specialists in the protection of privacy, some of whom we heard testify during the study conducted by the Standing Committee on Access to Information, Privacy and Ethics on social networks and privacy.

Bill C-475 is a direct response to requests from the community to adapt the law to suit our digital age by providing some flexibility for people in the industry and protecting the ombudsman's role of the Office of the Commissioner.

The bill therefore takes a very balanced approach, despite what members opposite said last May. On October 9, information and privacy commissioners and ombudspersons from Canada's federal, provincial and territorial governments met in Vancouver for their annual meeting. They voted in favour of a resolution calling for reforms to address a series of measures they are interested in looking at and supporting, including the key principles in my bill. These measures follow up on recommendations Commissioner Stoddart put forward last May with the aim of modernizing the Personal Information Protection and Electronic Documents Act in order to strengthen the authority to enforce the act, including the commissioner's ability to make orders and make it mandatory for organizations to report when information has been compromised.

The bill is also balanced with regard to companies, since clear roles and processes enable them to plan their policies and response. It will be clear for organizations that they are required to report a breach to the Office of the Commissioner, but they will not be responsible for deciding what the ultimate risk is. Companies that are law-abiding will no longer have to compete with companies that are not.

Finally, this bill makes it possible to bring our privacy protection legislation up to the same level as countries such as Germany, Great-Britain, Australia and France, as well as Canadian provinces such as Quebec and Alberta. Canada, as a world leader in technology, must implement international standards. A cross-Canada survey published in April by the Office of the Privacy Commissioner, found that 97% of Canadians would want to be notified if the personal information they had given to an organization were compromised. In addition, 80% of respondents would grant more powers to the Office of the Privacy Commissioner.

The principles defended by my bill have garnered support from all classes of stakeholders affected by these changes, including industry representatives, civil liberties organizations, academics specializing in all areas, consumer protection agencies and even by the Privacy Commissioner and the ombudsman for privacy and information.

This fall, the public consultations I conducted in my riding and the West confirmed the growing interest of Canadians in privacy issues and their support for my bill.

The Union des consommateurs, for example, has stated that:

[it] believes that the implementation of the principles proposed by the NDP, through their private member's bill amending the Personal Information Protection and Electronic Documents Act, constitutes a real advancement to better protect the privacy of consumers.

Michael Geist, the Canada research chair of Internet and e-commerce law at the University of Ottawa said the following:

Bill C-475 is a far better proposal ...Those provisions would do far to ensure a greater respect for Canadian privacy law and give Canadians the assurance of notifications in the event of security breaches.

A few years ago, my colleagues on the other side introduced a bill to modernize the Personal Information Protection and Electronic Documents Act. Therefore, I know they share my concerns about the privacy of Canadians.

Furthermore, in the Speech from the Throne last week, the Conservatives reiterated their willingness to defend the rights of consumers, and the protection of privacy is a crucial part of these rights.

However, Bill C-12 did not receive the serious consideration it needed in the House, and today its principles no longer reflect the reality of our current needs. Moreover, due to the prorogation of Parliament, Bill C-12 has died on the order paper.

My bill is the most up-to-date bill and the only one currently on the table.

I urge my colleagues across the way to reconsider their position on Bill C-475, not only because it meets the current needs of citizens and surveillance authorities, but also because, if we wait for the reintroduction and re-evaluation of an outdated bill, it will take months or even years. Canadians need to be protected now, and Bill C-475 will help restore their confidence in the companies with which they do business, as well as in our institutions.

Canada has a deplorable record on the international front when it comes to privacy, and the increasing costly attacks on our personal information demonstrate beyond a shadow of a doubt that we cannot afford to wait any longer; we must act now.

Canada's Privacy Commissioner, Jennifer Stoddart, said it best on October 9, 2013:

We live in a world where technologies are evolving at lightning speed and organizations are using our personal information in ways previously unimaginable—creating new risks for our privacy. Our laws need to keep up. Canadians expect and deserve modern, effective laws to protect their right to privacy.

By voting in favour of Bill C-475, my colleagues would be meeting Canadians' expectations. If the members of this House truly care about the privacy of their citizens, they have absolutely no reason to vote against my bill.

If the Conservatives take their commitment to consumers seriously, they must vote in favour of Bill C-475.

I would also like to reiterate that I am willing to work with all parties in order to ensure that Canadians have the protection they deserve in this digital age.

We must work together, as parliamentarians, to better protect the privacy rights of our citizens, our youth and seniors.

Mr. Speaker, we thank the Privacy Commissioner for her report, and we indeed have taken measures to have tougher measures. That is why we introduced Bill C-12, which would improve privacy safeguards.

It is unfortunate that the opposition decided to play political games and needlessly delayed the bill.

We seek the support from the opposition. Everything covered in this bill is in response to what was recommended by the committee. I urge the opposition to support Bill C-12 immediately.

Mr. Speaker, it is clear that Conservatives do not take the privacy of Canadians seriously. The commissioner herself has raised concerns about Bill C-12. To paraphrase the Privacy Commissioner, the Conservatives are taking a soft approach when it comes to protecting Canadians' privacy online.

The commissioner made it clear. The present lack of oversight for online snooping is putting Canadians' privacy at risk.

When will the Conservative government agree that we need a tougher law, better oversight, and reporting mechanisms? When will the Conservatives start protecting Canadians' privacy online?

Mr. Speaker, naturally we thank the commissioner for her report. Our government is truly determined to protect Canadians' privacy.

That is why we introduced Bill C-12, which strengthens guarantees to protect personal information and implements the committee's recommendations. With all due respect, the bill introduced by my colleague does not cover all these aspects.

We will take the time to carefully study the commissioner's report. However, I would ask the NDP to support Bill C-12, which addresses the committee's findings.

Mr. Speaker, it is a pleasure to rise this evening to address this bill. I have never had the honour of sitting on the statutory instruments regulations committee. It sounds as if it might be a very interesting committee. I do find it most fascinating that the government has chosen to use this particular bill, given that we are allocated four or five hours, which is probably more hours of debate than for many other pieces of legislation. However, at the end of the day, it is going to be interesting. I suspect that we might see differing opinions. We in the Liberal Party have a great deal of concern with regard to this bill. We cannot see ourselves supporting it at this time, and we will have to wait and see what happens at committee stage and see if the government is going to be able to address the issues.

We were talking about a different bill, Bill C-475, during private members' business, and it dealt with personal information. A government member stood up and made a comment on how wonderful it would be to have Bill C-12 debated, given that all sides of the House seemed to be supportive of Bill C-12. The member made the suggestion that he would even be prepared to see that bill debated right away. Maybe if the Conservatives recognize the importance of that bill, they might also want to call that; the last time it was brought before the House being back in September 2011. We will have to wait and see.

Another concern that was raised was in the form of questions that I asked both Conservative speakers in regard to the whole issue of the French language. I come from the province of Manitoba, and the French language issue in terms of laws and regulations was a critically important ruling that came from the Supreme Court of Canada. The ruling reflected on many of Manitoba's laws and, because of not having appropriate translation, the court had virtually given Manitoba a time schedule to pass all sorts of other regulations and laws in order to keep them in effect. It gave us a bit of a sunset clause in terms of needing to pass this in order to comply. Otherwise, we would have had a series of laws, whether provincial legislation or regulation, that would have become void. Therefore, we take the issue very seriously in terms of some of the things, and that is the reason I posed the questions.

In looking at Bill S-12, there are a couple of things that are really important to note. Quite often, the intent might be clear. Individuals, whether members of Parliament or those assisting in trying to create legislation or regulation, will be fairly clear on what it is they are trying to accomplish, the actual intent. The real challenge is to try to take that intent that is being expressed and put it into words, and in our case also to ensure that the translation is in essence saying the same thing whether in English or in French. That is a very important point.

As an example, one of the first issues that came up was related to Air Canada. It was an important issue, through which I suspect many individuals who might be listening in on the debate might get a better sense of the importance of converting intent into appropriate words. I recall the Air Canada Public Participation Act that was brought in a number of years ago. There is absolutely no doubt that, if we look at the debates and some of the discussions that took place in the committee, we would find that the intent that was being spoken was that communities like Winnipeg, Mississauga and Montreal would be guaranteed their overhaul maintenance positions.

This literally translated into thousands of jobs in Winnipeg, hundreds of jobs that were in essence guaranteed in that law. That was the intent.

If we read the legislation that is there today, I think most Canadians, in reading it, would come to the same conclusion to which I came. I raised that issue shortly after being elected back in December 2011. When I raised it, it was to challenge the government. It was to tell the Prime Minister that we had a law that said these overhaul maintenance bases were supposed to be guaranteed. Air Canada was legally obligated to maintain those bases.

The Prime Minister and the government responded by saying that this was not necessarily their interpretation. Apparently, the government found a lawyer somewhere who said that this was not the case, that there was no legal obligation.

It did not matter what we attempted, whether it was through postcards or petitions. Many different stakeholders and individuals read the law and said that the law was pretty clear.

I raise that because at the end of the day is it very important. When we think of a regulation or a law, we often talk about what we are hoping to achieve by passing it, but what is written down on that piece of paper and translated is what counts.

As legislators, we have to take that responsibility very seriously. In recognizing what this legislation is doing, it is offloading a great deal of responsibility. I know the record will clearly demonstrate that this has not necessarily been a government that wants to take responsibility. By allowing this legislation to pass as it is, we need to recognize that there will be more laws being put into place with less scrutiny from the House of Commons.

That is one of the effects that the passage of this bill will have. We need to be very clear on that point.

Another profound impact the legislation will have is in regard to the whole idea of incorporation by reference and what will happen in regard to that secondary language, whether it happens to be English or French. We are in a bilingual nation and there is an expectation. I will provide a little more comment on that in a few minutes.

The legislative summary that was provided by the Library of Parliament had some interesting information that is worth expressing. One point deals with the amount of regulation versus laws in terms of numbers of pages. It is interesting to note, and this is a quote from the parliamentary library, “There are, at the federal level alone, approximately 3,000 regulations comprising over 30,000 pages”. Compare that to somewhere in the neighbourhood of 450 statutes, which comprise roughly 13,000 pages.

Furthermore, departments and agencies submit to the regulations section, on average, about 1,000 draft regulations each year, whereas Parliament enacts about 80 bills during the same period. The executive therefore plays a major role in setting the rules of law that apply to Canadian citizens.

What we will find is that the number of laws in comparison to regulations is decreasing as we rely more on regulations. When we go into or finish second reading and then it goes to committee stage, how often do we hear from government representatives or policy analysts who say “this is what the clause says and further explanation will be provided via regulation?” We hear a lot of that.

Why then should we be concerned? We have to be careful that we recognize the importance of laws versus regulations and the incorporation of references into regulations.

We start off with our Constitution and our Charter of Rights. These are things that no one would question. We then go on to laws that would be passed in the House of Commons, then to regulations. Finally, we would go to the incorporation of reference.

Look at each stage and how difficult it is to change the Constitution. We do not see too much public will or interest in changing the Constitution. In terms of legislation, the same principle applies. There is a process of changing legislation. There is first reading, second reading, committee, third reading, the Senate and finally royal assent. There is a great deal of scrutiny that takes place.

What about regulations? There is a legal examination and registration that have to take place. Ultimately, publication takes place in the Canada Gazette.

We can see the difference between them. Each level has a different sense of accountability or process that we have to follow. If we take just the one component, the legal examination, the examination for the passage of legislation will come through here. There are all sorts of responsibilities that all members, particularly critics, caucuses, vested interest groups and stakeholders of a wide variety, have in ensuring there is some form of due diligence and a sense of accountability.

What about the regulation? When it comes to legal examination, we know there is an obligation for the Clerk of the Privy Council. There have been four things that were cited again, dealing specifically with this bill, that came from the Library of Parliament. Those four things in passing or ensuring that there is some form of legal examination of that regulation.

The first is, “(a) it is authorized by the statute pursuant to which it is to be made”. Another way of saying it is that if we want to change or pass a regulation, we want to ensure it is in compliance with the legislation or a current law that has been passed by the House of Commons.

The second is, “(b) it does not constitute an unusual or unexpected use of the authority pursuant to which it is to be made”. That would be something that would obviously make a whole lot of sense. After all, it cannot override a law, like a law cannot override our Constitution.

The third is, “(c) it does not trespass unduly on existing rights and freedoms and is not, in any case, inconsistent with the purposes and provisions of the Canadian Charter of Rights and Freedoms and the Canadian Bill of Rights”. We are asking that the Clerk of the Privy Council, in consultation with others, ensure that it does not contradict some of those basic rights. Before, if it was a law, it would be something where members, and in particular the Minister of Justice, would play a much stronger role in ensuring the compliance in that regard.

The fourth is, “(d) the form and draftsmanship of the proposed regulations are in accordance with established standards”. This is something where one would expect our legislative counsel and others that assist us to ensure the wording was correct. That is why at the beginning I commented on the importance of wording, that in fact one can be very clear orally what the intent is, but we have to ensure that this intent is put into proper words because it is the wording that is of critical importance.

I would like to quote from the Library of Parliament because I believe it is stated quite well in terms of what specifically, when we think of regulations, is actually at stake in dealing with Bill S-12. I quote directly from the report that has been provided to us from the Library of Parliament. It states:

When Parliament confers a power to make regulations, the regulation-maker usually exercises this power by drafting the text of the regulation to be enacted. The regulation-maker may also decide that the contents of an existing document are what should be used in the regulation it intends to enact. One way to make the contents of such a document part of the text of the regulation would be to reproduce it word for word in the regulation. Alternatively, the regulation-maker can simply refer to the title of the document in the regulation. The contents of the document will then be said to be “incorporated by reference”. The legal effect of incorporation by reference is to write the words of the incorporated document into the regulation just as if it had actually been reproduced word for word. The incorporation by reference of an existing document is no more than a drafting technique, and a regulation-maker need not be granted any specific power in order to resort to this technique. This is referred to as “closed” or “static” incorporation by reference.

We need to be very careful with that. When we talk about international standards, what we are really saying is that incorporation by referencing says that we are going to take a third party standard, whether international, provincial or it does not even have to be a government agency. It could be any sort of a third party and it could be a one paragraph document or it could be a 500-page document.

I see my time has run out. Hopefully there will be a question and I will be able to conclude my comment on that aspect of it.

Before I begin, Mr. Speaker, I would like to remind the members opposite that Bill C-475 does not represent a comprehensive review of the Personal Information Protection and Electronic Documents Act, and for that reason, it cannot be compared with the government’s Bill C-12, which does in fact constitute a thorough review and is much broader in scope. Therefore I would invite the members to learn more about this bill before criticizing it.

I am especially pleased today to speak to this bill which was introduced by my colleague from Terrebonne—Blainville. Since being elected she has worked tirelessly on various issues related to the digital world. In particular, she fought against Bill C-30 and forced the Conservative government to kill its online spying bill. She also held public consultations on the North Shore on personal information protection as it relates to her bill.

Today, with Bill C-475, my colleague is calling for the Personal Information Protection and Electronic Documents Act to be modernized to take into account the new digital reality. It is hard to believe that this legislation has not been modernized since it was first passed 13 years ago in 2000. Back then, there were no iPods, smart phones, Facebook or Twitter, and I did not even have an email address. It is time for the government to blow the cobwebs away and modernize this legislation to better protect Canadians’ personal information.

The Personal Information Protection and Electronic Documents Act is based on the ombudsman model. The primary duty of the privacy commissioner is to investigate complaints concerning privacy breaches. The privacy commissioner has the power to investigate, to file complaints, to conduct audits and to publicly report on an organization’s personal information management practices. However, the act does not give the commissioner the power to make compliance orders, or in other words, to order organizations to amend their practices or face a fine if they fail to do so.

To clearly grasp the issue here, I would like to give a few examples that illustrate the need to give the Privacy Commissioner more powers. The commissioner recalled that in 2010, the retailer Staples had failed to delete all of the client data stored on devices such as laptops or USB hard drives that had been returned to their stores and were slated for resale. What is most disturbing is that this retailer had been investigated twice before and was still not complying with the commissioner’s orders.

Let us be honest here. The government created a watchdog who in essence has been muzzled. This watchdog does not have the power to enforce the act. This initiative by my colleague from Terrebonne—Blainville would give the Privacy Commissioner the means to do her job.

Another example is Google Street View, which collected personal information such as email addresses, emails, usernames, passwords, telephone numbers and street addresses. The commissioner found that this practice constituted a serious breach of Canadians’ right to privacy. In this instance, the outcome was a little more positive. Google appears to have accepted the recommendations of the commissioner, who observed that the company was on the right track to resolving these major problems.

I should also like to mention the Edmonton-based site Nexopia, which describes itself as the largest social networking site for young Canadians. The site has over 1.6 million registered users, 80% of whom live in Canada. Nexopia.com users create profiles, engage in blogging, create photo galleries and post articles, artwork, music, poems and videos. The problem is that Nexopia does not have any kind of system in place to block public searches of the profiles of young users, and the website does not allow users to shield their profile from the public. You can see the problem.

These facts are troubling, considering that young people are often careless when it comes to their personal information and that they are targeted by many companies and some offenders. The commissioner conducted a thorough investigation, found that this organization was not in compliance with the legislation in a number of areas and issued 24 recommendations.

Following the release of her report, the federal Privacy Commissioner was forced to ask the Federal Court to make an order compelling Nexopia to stop retaining personal information. Since this action was launched, Nexopia has changed hands, and we are still waiting for the new owner to follow up on all of the commissioner’s recommendations.

Bill C-475 introduced by my colleague attempts to resolve much of the problem by amending the Personal Information Protection and Electronic Documents Act in two ways. First, it would give the Privacy Commissioner enforcement powers, the power to order an organization that has failed to comply with the act to take the necessary steps to comply. Any organization that refused to take action within the timeframe set by the commissioner would risk a fine of up to $500,000.

As well, the bill makes it mandatory to signal any data breaches that could harm an individual. If an individual's personal information has been compromised in a way that could harm that individual, the organization responsible must inform the privacy commissioner of the violation. The commissioner can then determine if the violation could harm the individual and may force the organization responsible to inform the individual that their personal information has been compromised. Non-compliance could result in a fine of up to $500,000.

We believe that this will help increase compliance with the law, reduce the cost of the current process, and reduce delays. It will also establish solid case law that will allow individuals and organizations to better understand their rights and responsibilities.

I would like to point out that three provinces already have laws that are basically similar to the federal law concerning privacy in the private sector. Unlike Ottawa, the provinces of Quebec, Alberta and British Columbia empower their commissioner to make binding decisions in certain circumstances.

As my colleague mentioned when she introduced the bill, it seems that there is a consensus among the public to increase fines for offenders. As the Commissioner said, it is important to note that Canadians are the heaviest Internet users worldwide, spending an average of 45 hours a month online.

We are also among the most avid users of networking websites in the world. I was not surprised to hear that half of Canadians are on Facebook. In light of those statistics, it is not surprising that privacy is an ongoing concern for Canadians.

The 2011 Canadians and Privacy Survey found that the vast majority of respondents are in favour of stiff penalties for organizations that fail to protect peoples' privacy. More than 8 out of 10 respondents want to see measures passed to name offending organizations, impose fines or take the organizations to court.

The Commissioner herself is calling for more power to fulfill her mandate. In her 2011 report, she said:

In recent years, we have seen very serious, large-scale data breaches. Data breach notification, in itself, may not be sufficient to create the kind of incentives necessary to ensure that organizations take security issues more seriously in the current environment. Many other countries are taking a harder line on breaches. For example, the United States has been a leader in this area and virtually all states have data breach laws. Meanwhile, a European Commission Regulation proposed in early 2012 included data breach provisions and very significant fining powers for European data protection authorities. Commissioner Stoddart has encouraged the federal government to explore strengthened enforcement options that would create stronger incentives for organizations to ensure personal information is adequately protected.

The report could not have been any clearer.

Why are the Conservatives so soft on those whose business practices are compromising Canadians' personal data?

As a final point, it is important to understand that the Personal Information Protection and Electronic Documents Act and this bill apply to the use of personal information only in the private sector. Ideally, the proposed measures would also apply to government organizations.

I know in the past my hon. colleague has asked the Standing Committee on Access to Information, Privacy and Ethics to examine the possibility of opening up the Personal Information Protection and Electronic Documents Act to resolve this issue.

In closing, it is unfortunate that the Conservatives oppose this, and I hope we can come up with a solution to this serious problem.

Mr. Speaker, I am pleased to rise today to comment on private member's Bill C-475 tabled by my colleague, the member of Parliament for Terrebonne—Blainville.

First, I will correct the record for the hon. member. I think it was February 15, and I do not know if the hon. member was here, when our House leader certainly made very clear that we were willing to move Bill C-12 to committee, but it was obstructed by the opposition party that denied consent for that.

The Internet has become a platform for commerce. More and more online transactions rely on flows of information, including personal information. In fact, personal information is often cited as the lifeblood of the modern economy. It is a key asset and a driver for innovation. However, for information to continue to be an engine of growth and innovation, it is necessary to maintain a solid foundation of trust in the fair and responsible handling of personal information.

As the opposition is well aware, the government already has amendments to PIPEDA before the House in the form of Bill C-12, the safeguarding Canadians' personal information act. The amendments in this bill are the result of extensive public consultations and reflect the work of our parliamentary committee and legislative review process. They reflect the values of Canadian consumers as well as the realities of the marketplace.

Bill C-12 establishes broad-based, balanced, comprehensive improvements to PIPEDA which set out enhanced protections for Canadians' privacy, while ensuring that legitimate business needs for information are met.

By contrast, the opposition's approach to privacy in Bill C-475 introduces only two new measures in PIPEDA. The first of these is a potentially costly and administratively burdensome data breach notification regime.

Bill C-475 would require that organizations report every data breach involving a “possible risk of harm”, no matter how remote to the Privacy Commissioner of Canada. The commissioner must then spend time determining whether each one of those breaches poses an “appreciable risk of harm”, and thereby warrants notification to affected individuals.

In contrast, the government's Bill C-12 proposes an approach to data breach notification that balances the cost to organizations of unnecessary notifications with the needs of consumers.

Bill C-12 would require notification to individuals only in situations where the organization determined that a breach carried a “real risk of significant harm”, which includes both financial harm, such as fraud, and non-financial harm, such as humiliation. This would eliminate the need for costly notification where it was not needed. This would minimize the compliance burden on organizations and reduce the risk of notification fatigue among consumers, while ensuring individuals would get the information they needed to protect themselves.

The opposition's Bill C-475 contains a lengthy list of consequences for non-compliance. This includes a monetary penalty of up to $500,000, which I am sure members will agree is a significant amount. However, should penalties for small businesses in our communities be as large as those of multinationals? The opposition seems to think this should be the case because Bill C-475 is silent on this question.

In contrast, the proposed measures in Bill C-12 reflect the importance of personal information to the smooth functioning of the marketplace. They address barriers to information flows, which were unforeseen when the act first came into force. They clarify and streamline privacy rules for business, while at the same time providing companies with the information they require to continue to grow and prosper.

Consumer information plays a role in many legitimate businesses. Financing transactions and acquisitions that occur in the normal course of development of many businesses require an assessment of business assets. These assets can include databases containing the personal information of customers the businesses intend to keep serving or information about the training and skills of employees who will continue to work with the business. Without the ability to access this personal information, it can be difficult for companies to assess the economic viability of a particular transaction.

Bill C-12 proposes to amend PIPEDA to enable companies to review personal information when necessary to conduct the proper due diligence prior to engaging in business dealings. Before any information can be shared between parties to a business transaction, each party must enter into a formal agreement that constrains the use of the information to purposes related to the transaction itself. In keeping with PIPEDA's existing principles, the agreement must also require the parties to protect that information with strong security safeguards.

Bill C-12 involves amendments that will remove barriers to the availability of information that is necessary to establish, manage or end an employment relationship.

Private sector representatives and the Privacy Commissioner of Canada have recognized that adjustments to PIPEDA were needed to reflect the unique context of the employment relationship.

As a result, Bill C-12 would amend the act to address situations where, for example, employers might need to collect and use the personal information of their employees to issue identification cards and control access to restricted areas.

These measures have been carefully balanced to maintain the protection of employee privacy by limiting the collection, use or disclosure of employees' personal information to that which is absolutely necessary and by ensuring that individuals are notified when their information is being collected, used or disclosed in the employment context.

Bill C-12 also follows up on other key recommendations. For instance, it would provide greater certainty and would clarify rules for business by streamlining private sector investigations. PIPEDA currently allows companies to share personal information with organizations that have a legitimate mandate to conduct investigations into breaches of agreements and contraventions of the law.

However, under PIPEDA, a burdensome and lengthy regulatory process is required in order to render this effective. To date, four separate regulatory processes have had to be launched to allow for the designation of 84 organizations or classes of investigative organizations with more expected.

Under Bill C-12, if passed, Parliament will act to replace this onerous regulatory process with an exception that will enable the information to be shared only in limited circumstances. Indeed, the government will only allow this information to be shared when it is necessary for the conduct of investigations and for fraud prevention.

I believe Bill C-12 provides a better model for the enhancement of privacy protection in Canada. I do not believe Bill C-475 provides the same balanced and comprehensive model.

I call upon members to support Bill C-12 rather than Bill C-475. I would mention for my colleagues from across the way that if they actually want to pass Bill C-12, as they seem to, both parties have mentioned it in the last few minutes, we would be glad to have that discussion and move it to committee tomorrow.

Mr. Speaker, I am very pleased to rise today in support of Bill C-475, put forward by my colleague from Terrebonne—Blainville. This is an extremely important initiative for all Canadians.

Frankly, the question that arises is: Whatever happened to Bill C-12? This was to be the government's showpiece legislation to reform private sector privacy in Canada. That was back on September 29, 2011, and it is missing in action. As my colleagues have said repeatedly, privacy is the victim. Canadians are expecting, in this 21st century world in which we live, this digital economy, that their privacy will be protected.

I want to say in my remarks that this is good for business. This is actually essential for business. We can talk about privacy protection in the private sector as a human right, but we can also talk about it as being good for business, and I want to give a couple of examples where, in fact, we have kind of missed the boat on that.

The government had the opportunity. There was a requirement for it to bring in Bill C-12. It did not do this because of privacy protection concerns or even for good business reasons; it had to do it because the Personal Information Protection and Electronic Documents Act required that there be a statutory review. It has taken a long time, and I guess we will have another statutory review before it ever deals with Bill C-12. The point is that it is not just bad for privacy for all the reasons I have said, including the digital economy changing so utterly since 2001, but it is bad for business. That is a language the government, presumably, will understand, so let me talk about business.

We live in a world of big data. The current Foreign Affairs magazine talks about the rise of big data. Canadian Business magazine talks about a couple of examples where Canada, sadly, dropped the ball. Let me explain.

A few years ago Google made overtures in Quebec, but the provincial government and Hydro-Québec were unwilling to provide the kind of electricity required so a large data centre could be situated in that jurisdiction. What happened? Google went to Finland and, as a result, the company built a 350-million-euro data centre. Facebook is currently building a 900,000-square-foot facility 100 kilometres south of the Arctic Circle in Sweden. There is a gigantic industry available for gigantic data, and Canada is missing the train. Why is that?

We have cheap electricity by world standards. That should be easy. We have a very secure Canadian Shield in which we could situate these large data centres. Places like Kamloops in British Columbia have been considered. Here is what else we have. We have laws in the private sector that are substantially similar to those of the European Union. It has a very strong data protection law there. It cares deeply about privacy in that jurisdiction. Companies like Facebook have come to Canada and, essentially, test driven their new privacy regimes to see if they pass muster under the Canadian privacy laws, because if they do, they probably will pass muster in the European Union, the U.K. and places of that sort, since our laws are substantially similar.

Canada is perfectly situated between the United States and Europe with a relatively robust privacy protection regime to attract lots of business, but we dropped the ball. The government has utterly dropped the ball with Bill C-12. Who knows if it will ever see the light of day? I say that is tragic for business.

My colleague from Terrebonne—Blainville has spoken strongly in favour of privacy as a constitutional right, and that is true, of course, but the business side of this is good as well. What does her bill do? It does two fundamental things. It deals with breach notification, which according to the Privacy Commissioner of Canada today, 97% of Canadians think is a good idea, according to a poll. Talk about a no-brainer. Second, it talks about better enforcement provisions and order-making powers. Let me speak about each of those things that her bill would do.

First, in Bill C-475 there is a requirement to notify the commissioner of a breach if there is a possible risk of harm. We have seen lots of breaches where credit card information has found its way to various places it ought not to be, and the like, medical information, information that Canadians hold dear. If there is a risk of harm, the notification must be made in a form prescribed in regulations or otherwise specified by the commissioner.

We do not put everything in statutes; we wait for regulations to put flesh on the bones. That is how we do business. It is not surprising that is the way this has been proposed in Bill C-475 as well.

Then there was some concern because the bill talks about the commissioner requiring the organization to notify affected individuals to whom there is an “appreciable risk of harm” as a result of the data breach. Somehow I gather we should be criticized for the appreciable risk not being spelled out. Well, do we have “reasonable person” standards spelled out in our laws? Do we have every situation in the Criminal Code spelled out? Of course not. We use general words. We allow courts and commissioners and regulatory bodies to figure out what those mean. That is the way we do business. It is not surprising that has not been spelled out in detail here either. That is entirely consistent with normal Canadian drafting processes.

The commissioner would have the ability to order the private sector organization to notify individuals and the bill provides a certain number of criteria that should be considered in doing so. Then there is the possibility of an administrative monetary penalty, depending on certain factors that are listed, of up to $500,000. There is, of course, the issue of the right of action that the commissioner might have against an organization that has not complied with orders.

To me, these are entirely common sense, entirely 21st century provisions. I am so pleased that Canada's highly respected privacy commissioner, Jennifer Stoddart, has agreed entirely with these initiatives at a press conference in Toronto today. I thought this quote was perfectly in line with my colleague's bill. She said:

Personal information has been called the oil of the digital economy. As organizations find new ways to profit from personal information, the risks to privacy are growing exponentially.

That goes to the point that the law we have in Canada, although good at the time in 2001, is entirely out of date and everyone knows it has to be improved. The Conservatives seem to not want to do that. Therefore, this bill would at least get us half the way there with two key things.

Finally, we would have order making power for the commissioner. I live in British Columbia. In my province and in the provinces of Quebec, Alberta and Newfoundland and Labrador, people have had the ability for this umpire in the game, this ombudsperson, to make orders where appropriate, and the sky has not fallen. It seems to me it has worked extremely well.

Why is it that we have taken so long to come up with what has been proven to be a huge success story at the provincial level? Imagine that: an administrative body making an order. How many thousands of examples can we find in Canadian legislation of just that kind of power? This is hardly surprising or radical. It is consistent with administrative justice regimes we find at the federal and provincial levels across the country.

The other thing Canadians want is breach notification. That is the other key element in this initiative. Why? It is because it is the most visceral example of privacy violation. When thousands of records frequently find themselves in the hands of others, not only is there a risk of identity theft and enormous personal loss, not only is it a drain on our economy if that occurs, but there is also a sense of enormous personal violation when individuals' privacy is put at risk.

There is an example in the United Kingdom, where someone left a data stick in the back of one of those black London taxis. It contained the records of several million British taxpayers. Just think what one could do with that information, not just economically. Think of the kind of very sensitive information that would entail. One could find out who was paying money to people, for example, who might have children of whom their current partner was unaware. That would be shown by way of alimony payments and maintenance payments that could be deducted from income tax.

There are a zillion examples of those kinds of breaches. Canadians are worried about that. According to our privacy commissioner, 97% in a survey expressed that concern.

I want to congratulate my colleague for her excellent work in bringing forward Bill C-475. I am shocked that our Government of Canada has not seen fit to move forward with Bill C-12. We get more platitudes about it but no action. I am thankful for the action this legislation entails.

Mr. Speaker, I listened to the member talking about supporting Bill C-12. The problem is that the bill has been sitting on the order paper now for almost a year and the government has done absolutely nothing in advancing it, so that we could get it to committee and have a debate on it. One thing that Bill C-475 does is move forward the debate on privacy and the access to and protection of people's private information.

We are encouraged by Bill C-475 and want to get it to committee so we can update the legislation that has been in place. Only today, the Privacy Commissioner of Canada, Commissioner Stoddart, said we are falling behind and we are at risk of not being up to date with others around the world.

PIPEDA has been in place since 2001 with no changes since that particular date. On that, Commissioner Stoddart said:

Back in 2001, when PIPEDA began coming into force, --and even when I became Privacy Commissioner in 2003--there was no Facebook, no Twitter and no Google Street View. Phones weren’t smart. “The cloud” was something that threatened picnic plans. And predictive analytics was largely the domain of tarot card readers.

Things have changed in the last 15 years and we need to get up to date. Bill C-475 is a good first start. We need to also look at the commissioner's white paper released today, because she did say we are at risk of falling behind.

The reforms that need to be made to PIPEDA include stronger enforcement powers, requiring organizations to report breaches of personal information, requiring organizations to publicly report the number of disclosures they make and modifying the accountability principle.

One of the things the commissioner even said today is that she has no power. The only power the commissioner has is to name companies who breach these laws, so we need strong legislation and enforcement powers, and we need to make sure she has power to fine. Some of that may be in Bill C-12, but we have not seen that and we have not seen it being moved forward in the legislature.

These things do need to be updated. We look forward to having some more debate and getting this bill to committee so that we can really dig into it to see how these changes are going to have an impact and what improvements may need to be made to the bill from the information commissioner. We look forward to doing that in committee.

Mr. Speaker, I am pleased to rise today to speak to private member's Bill C-475.

I thank the hon. member for the opportunity to discuss our government's approach to protecting Canadians from data breaches. This issue is one of many the government has committed to addressing in its own bill to update the Personal Information Protection and Electronics Documents Act, namely Bill C-12, which is currently awaiting second reading.

I wish to point out that the data breach notification regime proposed in Bill C-475 takes a starkly different approach than that in Bill C-12. Bill C-475 requires organizations to first notify the Privacy Commissioner of every potential data breach, regardless of context or remoteness. The Privacy Commissioner must then determine whether affected individuals should be notified. Given the potential number of breaches that could be reported, such a regime would increase costs and burdensome compliance procedures for Canadian businesses and would impose an unwieldy financial and administrative burden on the Office of the Privacy Commissioner, generating more costs than benefits for taxpayers.

In contrast to the approach in Bill C-475, Bill C-12 requires that organizations determine whether a breach of personal information poses a real risk of significant harm to individuals. The organization experiencing the breach is in the best position to understand and assess the risks and decide quickly what should be done to protect individuals without delay. With appropriate oversight by the Privacy Commissioner, the responsibility should rest with the organization experiencing the breach. Bill C-12 also requires an organization to report a potential breach to the Privacy Commissioner when there is real risk of significant harm.

The Privacy Commissioner retains oversight of the notification process and would have the option of initiating an investigation if it were believed that notification was not done properly or did not occur when it was required. This also provides her office with information on the nature and number of breaches that have occurred.

There are other differences between the approaches to notification taken in the two bills. Bill C-475 states two factors that are to be used by an organization when determining whether to report a breach to the Office of the Privacy Commissioner. These factors are the sensitivity of the information and the number of individuals impacted by the breach. The use of only these two factors to determine risk related to a breach does not allow for consideration of circumstances to determine if a potential breach could be harmful.

This approach in Bill C-475 to determine whether to report a breach to the commissioner would also not capture breaches impacting only one or a few individuals, even where there is a high risk of significant harm to those individuals. This leaves a large portion of potentially harmful incidents outside of the legislation.

By contrast, Bill C-12 lays out different factors for determining whether a breach poses a real risk of harm, namely the sensitivity of the information and the potential for the misuse of that information. This requires the organization to assess all the circumstances around the breach, including, for example, whether the information was encrypted, whether it was fully recovered, or whether the circumstances suggest criminal involvement. All of these issues must be considered when determining the risk related to a particular data breach. If not, we run the risk of not capturing all harmful breaches or of focusing on capturing too many remote potential breaches, thereby increasing the burden on organizations and quite possibly reducing the commissioner's capacity for dealing with those that would cause harm.

Under Bill C-475, the proposed threshold to be used by the Privacy Commissioner for determining whether to order an organization to notify individuals is “appreciable risk of harm”. This term is ambiguous and is not defined in the bill. It is therefore not clear what type of breaches this threshold is meant to capture.

The manner of notification to individuals required by Bill C-475 is stated as “...clear and delivered directly...in the prescribed form and manner”. However, there are no details provided on what that form and manner would entail. Furthermore, the bill would not provide for regulation-making power to address this. PIPEDA applies to a very broad range of organizations of all sizes to ensure the timely notification of individuals. The means of notification imposed by any legislative requirement should be flexible enough to accommodate the varying circumstances in which these organizations find themselves.

For example, Bill C-12 would allow organizations to use means of notification such as website notices or paid advertisements, where necessary. This can be an important tool in situations where there is a large group of individuals who have not provided their current contact details, for instance. Organizations need access to every method available to reach those concerned in a timely manner. The new requirement proposed by Bill C-475 would create considerable uncertainty and would be burdensome and costly for organizations. In the U.S., where this issue is tracked annually, the average cost to an organization of a single notification is estimated to be $194. The average total cost to an organization for a data breach is approximately $5.5 million. As entrepreneurs in our communities strive to grow our economy and create jobs for Canadian families, we should take care to examine more efficient alternatives to ineffective procedures. These new requirements might even diminish the value of notification because of notification fatigue, causing individuals to ignore the numerous notices they receive. Bill C-475 would thus undermine its own purpose.

In summary, the opposition's approach in Bill C-475 would impose an administrative burden on the Privacy Commissioner and a financial burden on organizations and would impede timely disclosure of data breaches to individuals. Bill C-475 also does not define key terms adequately and does not capture many potentially harmful breaches, such as those involving a small number of individuals.

The notification regime proposed under Bill C-12, on the other hand, is a careful, risk-based approach that would balance the need for notification to individuals with the cost of notification. The comprehensive approach of Bill C-12 could be applied to the vast range of circumstances and considerations faced by the various types of businesses, both large and small, that are subject to our federal private-sector privacy legislation.

I would therefore urge hon. members to oppose Bill C-475, and I invite the opposition to join us in support of Bill C-12 and move it to committee for detailed consideration as soon as possible.

Mr. Speaker, what is concerning about Bill C-12, which the government has brought forward, is that it actually lowers the standards for the protection of privacy rights in this country. It allows a subjective test for companies that are dealing with a data breach. The threshold now is that a company assesses significant risk before it informs citizens. It is as if the government is trying to create a hackers' paradise in Canada. It has no standards for defending private information when it is lost in its offices. It does not inform the Privacy Commissioner.

The Privacy Commissioner has said that the government's bill is insufficient for protecting the privacy rights of Canadians. Given the serious issues of identity theft and hackers, I would ask my honourable colleague this: In light of what the Privacy Commissioner has come out with today about the need for order-making powers and the authority to protect privacy data from hacking, how does she compare what she is trying to do with her bill, which is address the protection of privacy data in the age of big data, with the government, which is creating such a loophole that almost any company playing loosey-goosey with the privacy rights of Canadians would be able to slip through? It seems that the government would prefer to protect the bad apples than protect Canadian citizens.

moved that bill C-475, An Act to amend the Personal Information Protection and Electronic Documents Act (order-making power), be read the second time and referred to a committee.

Mr. Speaker, it is with deep conviction that I initiate the first hour of debate on my Bill C-475, the purpose of which is to bring the Personal Information Protection and Electronic Documents Act into the digital age.

I would like to begin by reading from a statement by the Privacy Commissioner, Jennifer Stoddart, released this morning:

“PIPEDA is not up to the task of meeting the challenges of today--and certainly not those of tomorrow”.

It is therefore no surprise that she should have said this, because this legislation has not been updated since the arrival of the first-generation iPod. Matters evolve very quickly in the digital age, and the law is no longer relevant.

Millions of Canadians have never known a world without smart devices. It is an eternity in a modern society undergoing constant change, as ours is.

The Internet is central to our lives, because we use it daily. It is not surprising, therefore, to learn that Quebeckers and Canadians will spend about 45 hours a week online in 2013, that over 70% of Canadians use the Internet daily, and that our fellow citizens have more than 18 million Facebook accounts.

Canada as a country is firmly plugged in. For a few years now, laptops and devices like tablets have been used both recreationally and as working tools. They occupy an increasingly crucial place in our lives. We are moving more and more towards digital management of our lives. This major change means that new rules must be put in place and that they must reflect the new risks associated with these developments in the digital world.

Since the beginning of this year alone, we have witnessed serious losses of data, including data on 52,000 Canadian investors in February and more than 50 million clients of LivingSocial in April.

The Privacy Commissioner of Canada recently stated that breaches of personal data have been steadily increasing in recent years. In that connection, a study by Telus and the Rotman School of Management at the University of Toronto, published in 2011, showed that each public company experienced an average of 18 data breaches a year.

Unfortunately, the current legislation designed to protect Canadians’ privacy has not been updated to address these risks and put appropriate measures in place to protect society. The current legislation does not provide for Canadians to be notified of a breach of their personal information. Organizations are not in fact required to notify them, regardless of the seriousness of the breach. This means that our fellow citizens cannot take appropriate action to protect their identity or their credit in order to reduce any harm they might suffer.

I am referring in particular to our passwords, social insurance numbers, personal emails or even the bank account numbers needed to make online purchases. The sharing of personal information with third parties, without consent, is a major problem in Canada.

In September 2011, the Privacy Commissioner noted that a quarter of the most-visited websites in Canada do not comply with Canadian law; they disclose our data without our consent. This bothers me a great deal, particularly when I think of children, the elderly and people who have not had the good fortune to learn how the Internet works and what the risks are. What is much worse is that companies that decide to do this do not currently suffer any consequences.

For more than 10 years, Canadians have been waiting for a better regulatory framework. They are rightly expecting results along those lines, and it is in that spirit that I decided to introduce Bill C-475. The bill proposes two simple and effective mechanisms to improve protection of Canadians’ personal information.

First, it requires that the commissioner be notified by any organization having personal information under its control when there is a possible risk of harm to users.

Experts in the commissioner’s office will assess the seriousness of the situation against a criterion for harm that sets a high standard. They will also recommend whether or not the organization should notify the users affected.

This mechanism allows for an objective analysis of the risk and better management of the risk through an expectation of a high level of security, rather than a subjective analysis based on the interests of the organization, which may differ from the interests of users.

The process will restore to Canadians the power to take steps to protect themselves much more quickly, in addition to reducing the harm done to them.

The second mechanism provided for in Bill C-475 is based on the Alberta model. It is designed to give the Privacy Commissioner order-making power when an organization fails to obey the law. The Federal Court would have legislated authority to penalize organizations that fail to carry out an order issued by the commissioner.

These mechanisms are straightforward and clarify the commissioner’s powers. In short, the Office of the Commissioner will now have the power to enforce the law, which unfortunately is not now the case.

By providing better oversight of organizations and the use of personal information to which they have access, Bill C-475 gives Canadians an assurance of acceptable risk management and the right to protection of their information. This bill was drafted to address the concerns of Canadians, people in the digital industry, civil liberties organizations, Internet experts and specialists in the protection of privacy.

I had the opportunity to hear a great deal of evidence from experts during a study the Standing Committee on Access to Information, Privacy and Ethics conducted on social media and privacy from May to December 2012.

Bill C-475 is a direct response to requests from the community to adapt the law to suit our digital age by providing some flexibility for people in the industry and clarifying the ombudsman’s role of the Office of the Commissioner.

Moreover, during many consultations specifically discussing the bill, the same conclusions emerged. The bill therefore takes a very balanced approach. It is balanced with regard to Canadians, since objective risk analysis will ensure that they are not bombarded with notifications of data breaches that do not affect them at all or present a minimal risk. The bill is also balanced with regard to companies, since clear roles and processes enable them to plan their policies and response.

It will be clear for organizations that they are required to report a breach to the Office of the Commissioner, but they will not be responsible for deciding what the ultimate risk is. Companies that are law-abiding will no longer have to compete with companies that are not.

Lastly, the bill makes it possible to bring our privacy protection legislation up to the same level as countries like Germany, Great Britain, Australia and France, or indeed to the level of provinces such as Quebec and Alberta.

As a world leader in technology, Canada should be adopting international standards.

Bill C-475 offers a different vision from that proposed by my colleagues opposite, who in 2007 introduced Bill C-12, which is no longer supported by the Privacy Commissioner. They will probably tell me they have already introduced a bill to modernize the Privacy Act, but I would like to remind them that it dates from 2007 and is absolutely not representative of our day and age, particularly when you consider that technology changes extremely quickly.

Bill C-12 was introduced in the House, but there has been no debate for six years, and its content has therefore become outdated. It certainly no longer represents a serious attempt by the government to modernize the legislation in order to better protect the public. Moreover, a problem with the mechanisms proposed in Bill C-12 to deal with a breach shows that it is completely inadequate.

The risk threshold for notifying the Office of the Commissioner is very low and subjective. This poses two major problems. The first is that because the threshold is low, users and the Office of the Commissioner will be notified less often in the event of a breach.

Organizations could avoid notifying those concerned, which poses a major problem with regard to their security. Nor will they have the power to protect themselves and reduce the potential harm to which they are exposed.

The second problem is that experts testifying before the Standing Committee on Access to Information, Privacy and Ethics explained the need to obtain better data in order to gain a better understanding of the cybersecurity risks Canadians face every day. A low, subjective threshold reduces the data to which they will have access, which makes them less able to advise the government and companies on the risks associated with their practices.

My bill establishes an objective threshold, and the Office of the Privacy Commissioner will be mandated to assess the risk associated with a breach. The interests of Canadians, which we in this House have the responsibility to protect, will be paramount.

Quebeckers and Canadians support the measures and principles in my bill. In April the Office of the Privacy Commissioner published a cross-Canada survey showing that 97% of Canadians would want to be notified by an organization if their personal information was compromised. Note that this is the overwhelming majority. In addition, 80% of respondents would also grant more powers to the Office of the Privacy Commissioner. Again, a large majority of Canadians supported these measures.

My bill has garnered support from all classes of stakeholders affected by these changes, including industry representatives, civil liberties organizations, consumer protection agencies and academics specializing in law, communications, cybercrime and political science. I could go on, but there are too many to name them all.

The Union des consommateurs has stated that:

[it] believes that the implementation of the principles proposed by the NDP, through their private member’s bill amending the Personal Information Protection and Electronic Documents Act, constitutes a real advancement to better protect the privacy of consumers.

Michael Geist, chair of Internet and e-commerce law at the University of Ottawa and renowned public affairs pundit, has said about my bill that:

Bill C-475 is a far better proposal.... Those provisions would do far to ensure a greater respect for Canadian privacy law and give Canadians the assurance of notifications in the event of security breaches.

Steve Anderson, executive director at OpenMedia.ca, stated that:

We welcome...[this] online privacy bill because we think it's a tool that can later be applied to protect our privacy against reckless warrantless access to our private information by government authorities. This bill is a useful stepping stone to safeguard our privacy.

Canadians trust us to act in their best interests. They clearly want us to give them better protection. By voting for Bill C-475, my hon. colleagues will be giving them the reassurance of stronger support for their rights and the power to protect their privacy.

Mr. Speaker, this afternoon we will continue the debate on today’s opposition motion from the NDP. Pursuant to the rules of the House, time is allocated and there will be a vote after the two-day debate.

Tomorrow we will resume the third reading debate on Bill S-9, the Nuclear Terrorism Act. As I mentioned on Monday, I am optimistic that we will pass that important bill this week.

Should we have extra time on Friday, we will take up Bill C-48, the Technical Tax Amendments Act, 2012, at report stage and third reading.

When we come back from constituency week, I am keen to see the House make a number of accomplishments for Canadians. Allow me to make it clear to the House what the government's priorities are.

Our government will continue to focus on jobs, growth and long-term prosperity. In doing that, we will be working on reforming the temporary foreign worker program to put the interests of Canadians first; implementing tax credits for Canadians who donate to charity and parents who adopt; extending tax credits for Canadians who take care of loved ones in their homes; supporting veterans and their families by improving the balance for determining veterans' benefits; moving closer to equality for Canadians living on reserves through better standards for drinking water, which my friend apparently objects to; giving women on reserves the rights and protections that other Canadian women have had for decades, something to which he also objects; and keeping our streets and communities safer by making real improvements to the witness protection program. We will of course do more.

Before we rise for the summer, we will tackle the bills currently listed on the order paper, as well as any new bills which might get introduced. After Victoria Day, we will give priority consideration to bills which have already been considered by House committees.

For instance, we will look at Bill C-48, which I just mentioned, Bill C-51, the Safer Witnesses Act, Bill C-52, the Fair Rail Freight Service Act, and Bill S-2, the Family Homes on Reserves and Matrimonial Interests or Rights Act, which I understand could be reported back soon.

I look forward also to getting back from committee and passing Bill C-60, , the economic action plan 2013 act, no. 1; Bill S-8, the safe drinking water for first nations act; and Bill C-21, the political loans accountability act.

We have, of course, recently passed Bill C-15, the strengthening military justice in the defence of Canada act and Bill S-7, the combating terrorism act. Hopefully, tomorrow we will pass Bill S-9, the nuclear terrorism act.

Finally, we will also work toward second reading of several bills including: Bill C-12, the safeguarding Canadians' personal information act; Bill C-49, the Canadian museum of history act; Bill C-54, the not criminally responsible reform act; Bill C-56, the combating counterfeit products act; Bill C-57, the safeguarding Canada's seas and skies act; Bill C-61, the offshore health and safety act; Bill S-6, the first nations elections act; Bill S-10, the prohibiting cluster munitions act; Bill S-12, the incorporation by reference in regulations act; Bill S-13, the port state measures agreement implementation act; Bill S-14, the fighting foreign corruption act; Bill S-15, the expansion and conservation of Canada’s national parks act, which establishes Sable Island National Park; and Bill S-17, the tax conventions implementation act, 2013.

I believe and I think most Canadians who send us here expect us to do work and they want to see us vote on these things and get things done. These are constructive measures to help all Canadians and they certainly expect us to do our job and actually get to votes on these matters.

I hope we will be able to make up enough time to take up all of these important bills when we come back, so Canadians can benefit from many parliamentary accomplishments by the members of Parliament they have sent here this spring.

Before taking my seat, let me formally designate, pursuant to Standing Order 81(4)(a), Tuesday, May 21, as the day appointed for the consideration in a committee of the whole of all votes under Natural Resources in the main estimates for the final year ending March 31, 2014. This would be the second of two such evenings following on tonight's proceedings.

Mr. Speaker, it is an honour to have this opportunity to speak about economic action plan 2013, which was put forward by the Minister of Finance last week.

As we all know, we are on track and continue to focus on economic growth, job creation and long-term prosperity while keeping our promise to balance the budget by 2015. We are quite proud of that.

I want to note that many Canadians may have heard of the 950,000 new jobs created since the economic downturn of 2009, but they may not be aware that most of those jobs are full-time, well-paying jobs with almost 80% of them in the private sector. I want to note that as a bit of a success story.

We have heard about the innovative initiative put forward in economic action plan 2013 for skills training. This initiative would address the demand for skilled labour, something I have heard about many times in Mississauga South. I heard about it when we were holding pre-budget consultation meetings and local economic round table meetings. I heard about it when I met with the Port Credit BIA and small business owners, who told me that they had skilled labour shortage issues in their businesses. I heard it again when the Minister of State for Finance spoke with Mississauga Board of Trade businesses, and the minister heard it as well. The hon. members for Mississauga—Streetsville, Mississauga—Erindale and Mississauga East—Cooksville held a town hall meeting where we heard the same thing. We in Mississauga are especially pleased to hear about the Canada jobs grant because it will help Canadians to become apprentices. It will help both the unemployed and the underemployed. We are talking about 130,000 people who will be helped through community colleges and other training institutions. This is good news.

What I want to talk about today are the initiatives in the budget that would affect certain people who have been contacting my office, people in Mississauga South in particular. I went through the budget in search of these types of examples and found my favourite page numbers from budget 2013. I would like to tell the House what they are.

I am going to start with tax relief for home care services. Lucie Shaw in Mississauga South runs Nurse Next Door. These individuals drive around in little pink Volkswagen Beetles and help people who live in their homes. We see on page 222 that the Minister of Finance has decided to expand tax relief for home care services by extending the GST and HST exemption for homemaker services to include personal care services to individuals who, due to age, infirmity or disability, require this kind of assistance at home. This change was effective last week. I am particularly pleased about that.

I also want to tell the House about page 243, which is a good page for two reasons. The first reason is this government will continue to support the Nature Conservancy of Canada with $20 million in 2013-14 to allow it to continue to serve ecologically sensitive land under the natural areas conservation program. Each federal dollar will be matched by $2 in new funding from other sources, leveraging additional funds for the conservation of Canada's natural environment.

The government is also working on the development of a national conservation plan, and I was a proud member of the environment committee when we studied the recommendations for the minister for the national conservation plan. It included a very strong component on urban conservation. To me and to my constituents in Mississauga South, which sits on Lake Ontario and has the beautiful Credit River running through it as well, these kinds of initiatives to protect and conserve our environment are very important.

On the same page and in the same line of thought is also a new initiative for improving the conservation of fisheries through community partnerships. Budget 2013 proposes $10 million over two years to improve the conservation of fisheries by supporting partnerships with local groups. In Mississauga South these local groups would be groups such as the Credit River Anglers Association and the Port Credit Salmon and Trout Association, which do great work in my riding. One would not think of this, because Mississauga South is obviously an urban riding and is right next to Toronto, but the constituents of my riding care very much about our lake, our river and our environment. This is a great way for this government to show what a high priority we put on conserving our natural environment.

I would like to draw attention to page 226, where the topic is financial literacy for seniors. In particular, this budget will support efforts to make public awareness a priority to improve financial literacy, because sometimes older Canadians can be vulnerable to financial abuse. It will help them make more informed decisions about protecting their financial interests in the future.

I sat on the Standing Committee on the Status of Women, which studied, voted on and tabled a report on elder abuse. This was one of the topics that we did not expect to come up, but financial abuse of seniors is actually quite a serious problem. In addition to improving awareness and improving financial literacy, we have also adopted Bill C-12, which helps to combat financial abuse of seniors by allowing banks to report suspected fraud to the police and other social service agencies.

The Protecting Canada's Seniors Act, which received royal assent in December 2012, protects seniors better by considering age and other personal circumstances as aggravating factors in applying tougher sentences for those who take advantage of the elderly. I am proud that we are supporting our most vulnerable in society through this budget.

With regard to innovation, in particular there is mention on page 201 of a business by the name of Electrovaya, which is located in Mississauga South. It was able to take advantage of Sustainable Development Technology Canada, SDTC, which the government is going to continue supporting with $325 million over eight years for the development and demonstration of new clean technologies that create efficiencies for businesses and contribute to sustainable economic development. Clean technology and efficient practices can save businesses money, create high-paying jobs, drive innovation and improve the productivity of Canada's natural resources. Electrovaya, which produces batteries for cars, energy storage and smart grid power is a great example.

I thank the Speaker for allowing me to tell the House about my favourite pages in budget 2013.

Mr. Speaker, section 184.4 of the Criminal Code was struck down by the Supreme Court because the lack of definitions was seriously problematic. To put it in context, we were dealing with a criminal activity that was brought to the court. This was not about spying on ordinary Canadian citizens, which some of my colleagues on the other side would like to be able to do. This was about a criminal act and still the Supreme Court said that even in the case of a criminal act, the rule of law must apply. Therefore, the government had to define who was eligible to get that information.

In order for Bill C-55 to be charter compliant and compliant with the Supreme Court, the government has to define who is eligible and under what circumstances this breach of personal information is going to be allowed. We do not have that same standard on Bill C-12 yet. The government wants to be able to force telecommunications companies and other private businesses to turn over data and subscriber information, but it does not define who is eligible to gather it. That is very disturbing because under Bill C-30, which was the other piece of this triad of puzzles we had before us, a minister was able to designate inspectors. Who were the inspectors that he was designating? That was a very bizarre and wide loophole the government was creating for itself.

Mr. Speaker, just on a quick point of clarification, I appreciate the parallels the member drew with Bill C-12 and ensuring that the “officer” is defined as a “police officer” and not just a “peace officer”, but my understanding from the decision from R. v. Tse is that it has more to do with the notification of the person whose communications were intercepted. That was the breach. There was an add-on after that about defining the police officer and such. However, I would like the member to comment on this further, because he is onto a good point.

Mr. Speaker, as always, it is a great honour to rise in this House on behalf of the people of Timmins—James Bay, who have put their trust in me to work on the issues of legislation before the House.

I am going to speak today on why the New Democratic Party is supporting Bill C-55 and what works about this bill, but also on the issues we need to look at and the prism that needs to be applied in terms of how the legislation was crafted, what it was in response to and how it ties into two other key pieces of legislation that this House has been asked to deal with.

One is Bill C-30 and the other is Bill C-12. Within each of the bills are key issues that reflect on the ability of the government to move forward with legislation and on how legislation is actually brought forward.

What is striking already, off the top of Bill C-55, is that it is a very narrow bill. It is simply addressing a section of the Criminal Code, section 184.4, that the Supreme Court struck down.

What we find is that legislation that is limited is usually more effective than legislation that is broad. Legislation is a very a blunt tool. Unfortunately, we have seen that the government likes to throw in all manner of legislation, often without thinking of the consequences or with very little regard for the consequences. We have seen one omnibus bill after another brought before the House without proper review and without a proper understanding of how they related to basic issues like charter rights.

I would like to say that I think the government is doing the right thing with Bill C-55 by having very narrowly defined legislation that addresses a major problem. I would like to think that the government thought this approach up on its own and that this is how it is going to start dealing with criminal matters and the reform of the criminal justice system, but that is not really what has happened here.

The government is responding to the fact that the Supreme Court struck down section 184.4 of the Criminal Code and gave it a deadline of April 13, which is only two weeks away, to address the problem.

I am going to speak a little about Bill C-55 and then explain how the implications of the Supreme Court legislation tie in to Bill C-30 and Bill C-12.

Under section 184.4, the Supreme Court ruled in R. v. Tse that police use of a warrantless wiretap to secure the safety of an individual is a correct step to take. If a life is at stake, law officers have the ability within Canadian jurisprudence to go in, get the evidence and secure a life. That is a long-standing practice within the Canadian law system.

However, the problem with section 184.4 is that there are no accountability mechanisms. What I find very interesting about the Supreme Court decision is that it says that even in the case of criminal activities—and what we were dealing with in this case was a kidnapping, a very horrendous attack against a citizen—basic charter rights still remain and have to be balanced.

The Supreme Court took the larger view and recognized that the spectre of criminality cannot be used to undermine the basic rights of citizens in this country. This is a concept that seems absolutely foreign to the Conservative Party, whose backbenchers jump up whistling and dancing every time they can come up with some extreme case of a criminal activity as a cover to allow them to undermine all manner of privacy rights, all manner of basic citizen rights. They have done it time and time again.

The Supreme Court has said no. The test of law in this country is what is reasonable versus unreasonable. What is reasonable is that if law officers know someone is at risk and need to get that information immediately, it is reasonable to go for the warrantless wiretap to gather that information without the judge's warrant, which can then be obtained later. What is unreasonable is to do that without any oversight mechanism.

Section 184.4 will clarify this, because it defines—and this is a very important thing again in dealing with Bill C-12 and Bill C-30—who is eligible, the police; how it is to be used, under specific circumstances; and why it is to be used, to protect the rights of citizens balanced against the right to bring safety to people who are perhaps under threat of criminal activity. The definition of how this breach of law would be allowed is crucial to Bill C-55.

When we look at Bill C-30, which was the bill that this was supposed to be a part of, we see that none of these definitions of the who, the how and the why are there. In fact, it is so broad that the privacy commissioners from across Canada, in an unprecedented response to the government, wrote against the government's attempt to undermine the basic civil rights of Canadian citizens.

Whenever the Conservative government attempts to do something that it knows will not pass a charter challenge or attempts to pull something that it knows the Canadian public will not stand for, it uses a bogeyman. The minister used perhaps the most baseless attack that has ever been uttered in the House of Commons when he said that anybody who was concerned about privacy rights or the individual rights of citizens in this country or who dared raise a question to him was on the side of child pornographers.

That was about as ugly as it can get. Of course, now we see who is on the side of child pornographers: Mr. Tom Flanagan, who said that it is a victimless crime. We see the right-wing media is concerned about Mr. Tom Flanagan, a very famous and very rich right-wing white man. It was his rights, we are now being told, that were somehow trampled upon. One reporter said that he thought it showed the fundamental shallowness of Canadians that they were outraged that Mr. Flanagan was defending the rights of child pornographers.

However, that was the kind of language being used by this minister to cover up the fact that there were major flaws in Bill C-30. If we tie it back to Bill C-55 in terms of the Supreme Court, the government must have known that none of its provisions would have passed the charter challenge because they did not meet the basic standards of jurisprudence.

Let us look at the lack of the who, the how and the why in terms of Bill C-30 as compared to Bill C-55. Bill C-30 may be brought back by the government; we are not yet sure. Under clause 33, the government would be allowed to designate an inspector to go into a telecom to demand information for being in compliance with Bill C-30.

The minister may designate inspectors, that is his choice, but there is no definition of what those inspectors are. Are they police? Are they private security? Are they political staffers? We do not know. Bill C-30 would allow the extraordinary ability of the minister to appoint inspectors. Under clause 34, these inspectors would be allowed to go into public telecoms to gather information on private citizens. That is clearly something that would never pass the charter challenge.

In contrast, in Bill C-55 we see that they have defined the right to ask for warrantless information to just the police, which is the proper place it should be. We should know who is able to gather that information on us.

What they wanted to do under Bill C-30 was allow warrantless access to subscriber information on the data use of anybody with a cellphone or an ISP address, which would pretty much mean 95% or 96% of the Canadian public. Unspecified persons could gather that information.

The privacy commissioners of Canada spoke out against this. They said that contrary to the Conservative Party's claims, it had nothing to do with being just like a phone book. Ann Cavoukian said that this was “one of the most invasive threats to our privacy and freedom that I have ever encountered”. About being able to demand and being forced to turn over this information, she said:

...customer name and address information ties us to our entire digital life, unlike a stationary street address. Therefore, “subscriber information” is far from the modern day equivalent of a publicly available “phone book”. Rather, it is the key to a much wider, sensitive subset of information.

That is what the Conservatives wanted to be able to gather.

The abuse of privacy rights did not end there. Under Bill C-30, they also wanted to force telecoms to basically build in back-channel spy communication, so that as they expanded their networks, they would have to build in the monitoring system to keep track of any citizen the government felt it should be able to look at at any time, again without any oversight and without citizens knowing they would be spied upon.

Ann Cavoukian, the Information and Privacy Commissioner of Ontario, said that what they were in fact doing, although they perhaps did not realize it, was creating a hacker's paradise. If we allow wormholes throughout the telecom system to allow police to spy on it, then certainly the hackers, who are usually about three steps ahead of everybody else on this—and we see massive international gangs using sophisticated cyberhacking—would be able to benefit much more than the police or security services.

In terms of the how, Bill C-55 limits the ability to get a warrantless wiretap based on the possibility of a threat to a person. Afterwards there would have to be oversight mechanisms and reports would have to be published and reported to Parliament so that we would know how these warrantless wiretaps are being used. Bill C-55 defines and protects this breach of the private rights of citizens, whereas under Bill C-30, the door was kicked down and all the basic rights of citizens were thrown out.

Of course we know that Bill C-30 was responded to in a massive and very exciting and positive response from the public, a backlash that said that we demand that our privacy rights be protected and defined under the rule of law in this country. It was an unprecedented backlash against the government. The Minister of Justice has been pretty much hiding under his desk publicly ever since. It is a good sign that we have a engaged citizenry here that knows the difference between what is reasonable and unreasonable.

In Bill C-55, the government is limited to gathering information under the reasonableness of protecting an individual who is facing threat compared to the unreasonableness of doing away with all manner of privacy rights whatsoever. In this manner, I would say that the Canadian public are foremost across the world in standing up for their rights, much more than the government, which has very little respect for the privacy rights of Canadians. In other democracies with privacy rights in the digital age and the age of big data and CCTV cameras, other citizens are steadily having those rights eroded, whereas in Canada we want to maintain those rights.

In Bill C-12, which is the other piece of legislation to compare Bill C-55 to, again we see the government showing no respect for the privacy rights of Canadians. There is no understanding of the importance of privacy rights. We certainly saw that with the massive data losses of private financial information on over 500,000 Canadians at HRSDC. We have seen other data breaches. We saw the government's cavalier attitude when, rather than warning citizens that their personal financial data may have been breached, its only desire was to protect the minister, and it kept the breach quiet for two months. Any manner of international gangs could have had that data, gone after people's credit and created massive widespread fraud, because that is what can happen if the public is not alerted.

Under Bill C-12, the government wants to change the reporting threshold for private business when these privacy breaches happen. This is very important in terms of defining how we protect the rights of citizens. Under the changes the government is bringing in Bill C-12, private companies that have our data, whether a bank, a Sony PlayStation, or all manner of online transactions, would only have to report the breach to the Privacy Commissioner if they thought there was a significant risk of harm. “Significant” is an extremely high bar to set. Meanwhile, all manner of abuse could happen underneath it.

Also, private businesses would be very wary about the idea of going public with the fact that they may have lost Visa card information or personal data information for 100,000 or 200,000 or 500,000 people, because it affects their basic online business model. Everything is now done online. However, we see the government telling private businesses that they only have to report a privacy breach if it might cause significant harm. That completely fails the basic test and the understanding of the importance of privacy rights in this country.

We believe that there has to be a very clear rule that if companies fear they have been hacked and that privacy data has been breached, it has to be reported to the Privacy Commissioner, who has such an extraordinary role to play in protecting and reviewing the evidence and deciding whether action must be taken.

However, we see that again the government is undermining the role of the Privacy Commissioner and we have to ask why. As more and more Canadians operate their businesses online and as our financial transactions occur online, the last thing we want to do is create a hackers' paradise in Canada, while the rest of the world moves further ahead of us. Ann Cavoukian has spoken about this.

It is extraordinary that Canada was once seen as the world leader in privacy data. Our Privacy Commissioner is definitely seen as a world leader, but our legislation is falling further and further behind where the Europeans and the Americans are going. As our Privacy Commissioner is asking for the tools to update, to deal with the cyberthreats and to deal with the protection of personal information in the age of big data, the current government is undermining the legislation.

How does that relate to Bill C-55? There are direct connections in the language among Bill C-12, Bill C-30 and what we have seen in Bill C-55. Bill C-12 would allow organizations and companies, including telecommunications companies, to disclose personal information to government institutions, perhaps the police or perhaps not, without the knowledge and consent of the individual when performing policing services. This is under subclause 6(6), but there is no definition of what “policing services” are.

Again, it is the language of Bill C-30, the lawful access and online snooping language, that would allow some undefined security person or force to obtain information on private individuals from telecommunications without defining who would be eligible to gather that information, whereas Bill C-55 would limit it to the police so that is very clear.

I agree with my colleague on the Conservative side and I am telling him that they are going to need to bring Bill C-12 to the same standard, where we define who is eligible to ask for that information. Without doing that, we will end up going before the courts again. If we define that it is the right of the police to ask for that information, then that would meet the test that would be laid out in Bill C-55, but Bill C-12 would not meet that test right now. The issue is that there is no oversight mechanism in Bill C-12. If they did ask for this ISP information on individual users, there are no mechanisms under Bill C-12 for reporting what was happening, and that would fail the test of Bill C-55.

It is clear that what the Conservatives had been attempting to do was to take Bill C-30, which was their desire to be able to snoop on as many people as they wanted as often as they wanted and however they wanted, and build in a number of other subsets in other legislation to make that operable. Bill C-12, which includes changes to the Privacy Protection Act, would certainly allow them to do that. However, being that we have had the public backlash on Bill C-30 and being that we now have defined Bill C-55 very clearly regarding the who, the how and the why of this being allowed, we would need to clarify the same mechanisms under Bill C-12.

We see that the Conservatives are on the straight and narrow right now. They did not want to come. They were dragged, kicking and screaming, and it is our job to ensure they stay on the straight and narrow. We want to work with them. It is hard for them and we will do our part to keep them on the straight and narrow. We will do that 12-step program of accountability and I want to work with my colleagues on that, but they just keep sliding off that wagon. They want to go after personal freedoms. They want to go after individuals. They want to do that spying thing. However, they cannot do it because we have the rule of law in this country.

We are asking them to come work with us and learn from some of their colleagues who might have a little more experience in some of these matters. Certainly the Supreme Court has laid down the test that has to be met. Now that Bill C-55 is in place, the problems with Bill C-12 are too clear to ignore. Then, what we need to do with Bill C-12 is to ensure that Bill C-30 will never come back and that the online snooping provisions of the current government will not come back.

Mr. Speaker, we know this government has very little respect for privacy. We have seen this in the speeches made by my colleagues here, and in the bills this government has introduced. We also see that it has little respect for the provisions of the Canadian Charter of Rights and Freedoms, the rights and freedoms that are guaranteed to Canadians. From time to time, it introduces bills that are at odds with the Constitution.

I am very happy that this time, it decided to comply with the provisions of the charter and amend the Criminal Code so that section 184.4 protects individuals’ privacy, as guaranteed by the charter.

We know that section 184.4 applies to the interception of private communications, and the Supreme Court recently ruled on this subject. Bill C-55 adds measures that would require persons whose private communications have been intercepted to be so informed at least 90 days after the interception, and reports to be produced annually.

These measures are essential. The fact is that when you take away the need to obtain a warrant in order to intercept private communications in extreme situations where a life is in danger, it is important that there be oversight, with a system in place so that we know what happened and why someone found it so important to intercept those private communications without a warrant.

The NDP understands how important it is for the police to have the tools to respond appropriately in dangerous situations, but at the same time, we cannot neglect the rights entrenched in the charter. Even in cases involving criminals, even in extreme cases, we have to respect the law as it stands. We have to respect the principles of Canadian law, the Canadian Charter of Rights and Freedoms and the Constitution. It is essential.

While I am happy that this government is finally respecting the Canadian Charter of Rights and Freedoms in adopting these measures, I should emphasize that this government, given the espionage agenda we saw with Bill C-30 and with Bill C-12, amended this bill to make it consistent with the charter only after being compelled to do so by a Supreme Court justice. So this was not something it decided to do on its own; it was an obligation flowing from the Supreme Court decision. If this government truly had the interests of Canadians at heart, it would have done this itself, instead of waiting for the Supreme Court to rule on the matter.

It should also be noted that this bill was introduced as the government was announcing the death of Bill C-30, which enabled designated persons, who were none too clearly defined, to gain access to personal information without a warrant and without judicial oversight.

Once again, this government tried to go after personal information, and to treat all law-abiding Canadians as criminals, with no warrant or judicial oversight. If this government wanted to, it would have said that it is important, when looking for information without a warrant, to have a reporting mechanism or something of the kind, so that people are accountable, that personal information is sought only in extreme cases, and that law-abiding people are not treated as criminals, in contrast to what Bill C-30 proposed.

While Bill C-55, following the Supreme Court decision, ensures respect for section 8 of the Canadian Charter of Rights and Freedoms when private communications are intercepted, Bill C-30 introduced measures that were inconsistent with the right we are guaranteed under section 8 of the Canadian Charter of Rights and Freedoms to be protected against unreasonable search or seizure.

There were two bills. The first was withdrawn, and I am very happy about that. Canadians are also very happy that the government decided not to continue with Bill C-30. The second bill says that Bill C-30 was inconsistent with the Canadian Charter of Rights and Freedoms. I hope the government will realize to what extent its own bill, its espionage agenda—I am going to call it that because this is not the first time we have seen attempts of this kind—seriously affected the protections Canadians are guaranteed under the Canadian Charter of Rights and Freedoms.

The people of Canada were opposed to the measures contained in Bill C-30. The government accused its opponents of siding with pedophiles. I was myself accused of being a friend to pedophiles because I opposed that bill, like millions of Canadians right across the country. It has nothing to do with being friends to pedophiles, and everything to do with believing in the protection of Charter rights and in the content of our Constitution. It is absolutely essential to protect the provision set out in section 8 of the charter. We cannot go against it, and the Supreme Court judgment demonstrates that.

If Bill C-30 had been passed, it would have empowered designated persons, again not specified, and selected by the minister, to require Internet service providers to supply names, IP addresses and email addresses without a warrant and without judicial oversight. The Supreme Court decision demonstrates the necessity at all costs of protecting the privacy of Canadians, and shows that the rights and freedoms guaranteed by the charter are not negotiable, contrary to what this government thinks. I trust it has learned its lesson.

I mentioned this already, and I would like to say it again. It seems that a little more reflection is needed on this. The government introduced Bill C-12, which still has not been debated, but which also contains measures regarding surveillance without a warrant. Instead of explicitly saying that it would allow the collection of personal information without a warrant, this bill expands the definition of people who have access to that information and who can consult Internet service providers, based on a vague, sketchy definition. The Privacy Commissioner even raised some concerns about that clause, which was included in the bill.

The mandate for online spying that the government has given itself is not finished. I hope the government has learned its lesson and that, in light of the Supreme Court decision regarding the proposal in Bill C-55, it will drop any attempts to spy on Canadians online, when they are obeying the law.

I want to emphasize that the government cannot cast such a wide net and treat all Canadians like criminals when they are online. Of course, there are criminals and people who disobey the law, and it is important that police officers have the tools they need to intervene. That said, the government cannot contravene the charter. It must respect all rights and liberties guaranteed in the charter.

Once again, I really hope the government has learned its lesson and that it will scrap its plan to spy on people online.

Mr. Speaker, I thank my colleague from Timmins—James Bay for his struggle on behalf of Canadians and their interest in their privacy rights, in particular with respect to the bills he mentioned, Bill C-12 and Bill C-30.

I cannot speculate on why the government has such callous and obvious disregard for the privacy rights of Canadians. I cannot account for the zealotry of the minister himself and, perhaps as my colleague suggested, the PMO, nor the disregard for the charter, the Canadian Bill of Rights and the other legislation that, frankly, obligates the government to bring forward legislation to the House only after it has been vetted for conformity with the charter.

There is obviously a trend here. I reflect on past speeches I have given and all of these issues ultimately go to accountability. Bill C-42 had the opportunity to provide the House with oversight of the RCMP, and the Conservatives ignored that. They go to Senate omnibus bills and so on and so forth.

Mr. Speaker, I listened with great interest to my hon. colleague's excellent discourse on this issue. I have a number of questions that I will try to get to in the limited time I have.

I am concerned because what we saw with Bill C-30 was an attempt to use the spectre of crime, the very debate of the accusation of an ordinary citizen supporting child pornography because we dared question the wisdom of the minister.

Bill C-30 would have used the cover of crime to allow all manner of attacks against basic privacy rights, including the fact that the minister could designate persons, and it was not clear who those persons were, to go in and demand warrantless access to information from telecom service providers on undisclosed persons. Who knows, it could be a political staffer who would be able to go in to telecoms to demand ISP information. That was under clause 35 of Bill C-30.

We still have a bill in the House, Bill C-12, which is supposed to be protecting personal privacy data, but we see that is creating all manner of loopholes. Bill C-12 would allow telecommunications companies to disclose personal information to government institutions, and it is unclear exactly who in the government, without the knowledge and consent of individuals for the purpose of "policing services". This is under clause 6(6) of the proposed Bill C-12. The language is in there again to undermine the rights of ordinary citizens to know that there will be due process and oversight.

Why does my hon. colleague think the government is so fixated on undermining the basic legal private rights of Canadian citizens?

Okay, but I think you may have misunderstood my question.

Bill C-55 is a response to the R. v. Tse decision. The title of the bill says so. The government might have used Bill C-30 and Bill C-12. Actually, many bills along the way could have tried to address the gaps identified in the R. v. Tse decision.

The government announced that it would withdraw Bill C-30 on the same day that Bill C-55 was introduced. Bill C-55 was tabled by the minister in the House less than a month ago. I think it was on February 11, 2013. It was then sent to committee on February 25, which is also very recent.

As you were working on Bill C-30, Bill C-55 was not in the picture. Could you tell me when you started to work on the drafting of Bill C-55?

Thank you.

Before this bill, there was Bill C-30. As my colleague mentioned, we are very glad that the government realized that a mistake had been made and took a step back. Now we have Bill C-55. And there were provisions from Bill C-12 that were supposed to apply. Is there any follow-through on that?

Mr. Speaker, for the past two days we have seen a sudden show of enthusiasm from the opposition for one of our pieces of legislation, Bill C-12. I would like to seek the unanimous consent of the House at this time that, notwithstanding any other element of the Standing Orders, Bill C-12 be approved at second reading and sent to committee.

Mr. Speaker, on the contrary, Bill C-12 will better protect the personal information of consumers.

We are trying to bolster consumer confidence in on-line shopping. Recommendations were made by the committee and we want to implement them quickly. If the NDP wants to vote immediately, we would be very pleased to move forward with this bill.

Mr. Speaker, although the Conservatives have decided to scrap their horrible Bill C-30 on Internet snooping, we wonder if they will manage to plant their controversial measures in another bill.

Bill C-12 contains hidden measures that would allow the government to obtain personal information without judicial oversight.

If the Conservatives are really serious about abandoning their Internet snooping bill, then why did they not withdraw Bill C-12 as well?

Mr. Speaker, I welcome the implicit offer of assistance from the House Leader of the Official Opposition.

I look forward to discussions with him later on the possibility of moving forward both Senate reform and Bill C-12 on a unanimous consent basis straight to committee. I would be happy to do that with him.

This afternoon we will continue debating the Liberal opposition day motion. Tomorrow we will hopefully finish second reading of Bill C-48, the Technical Tax Amendments Act, 2012, a measure supported by all three parties. After that we will turn to third reading of Bill C-42, the Enhancing Royal Canadian Mounted Police Accountability Act; third reading of Bill S-7, the Combating Terrorism Act; and second reading of Bill S-12, the Incorporation by Reference in Regulations Act.

When we return from our constituency week on Monday, February 25, we will start second reading of Bill C-55, the Response to the Supreme Court of Canada Decision in R. v. Tse Act. This bill needs to be passed by mid-April before the Supreme Court ruling takes effect, which would render the important powers available to police ineffective.

After Bill C-55, we will consider Friday's unfinished business.

Tuesday, February 26, shall be the fifth allotted day, which will go to the Official Opposition, and it will therefore choose the subject of debate.

On Wednesday and Thursday, we will continue debating the bills I have already listed.

Additionally, Bill C-47, Northern Jobs and Growth Act, was reported back from committee yesterday, and I anticipate Bill S-9, Nuclear Terrorism Act, will be reported back soon. So we could also call these bills at report stage and third reading, if we have extra time next week.

Finally, on Friday, March 1, the House will start the second reading debate on Bill C-54, Not Criminally Responsible Reform Act. The Prime Minister announced this bill last week as part of our efforts to ensure we have a justice system that puts the rights of victims first.

Mr. Speaker, I rise here today to ask the hon. Leader of the Government in the House of Commons what his government plans to debate for the rest of the week and when we return after the constituency week.

Although we continue to debate a variety of bills that the government has included on the calendar and we continue to debate opposition motions, it is not always easy to really understand what the government is planning—unless of course it does not have a clear plan.

One thing that is clear from dealing with the government is that it does not seem to be much about action but all about talk.

I remember their introduction, with great fanfare, of Bill C-12, An Act to amend the Personal Information Protection and Electronic Documents Act, which would be quite useful to those who have potentially had their identity exposed to theft. It was introduced September 29, 2011, 493 days ago and has yet to be debated.

Then there is the infamous Bill C-7, Senate Reform Act, which the government claims to all who will listen that it cannot get it through Parliament. It has been 358 days since we have had an opportunity to debate that.

Who cannot forget Bill C-32, Civil Marriage of Non-residents Act, which the government refuses to bring forward for debate and a free and fair democratic vote in the House.

I wonder if all of these are going the way of the infamous Bill C-30, the Internet snooping bill, which the Minister of Public Safety so infamously torpedoed with his comments. It was left to die on the order paper.

Can the Leader of the Government in the House of Commons tell me what his plans are for the remainder of this week as well as the next? Does the government have anything representing an agenda whatsoever?

Thank you very much, Mr. Chair.

Ms. Stoddart, thank you for joining us today.

After hearing all the testimony, I'm happy to hear your comments now. Differing opinions have been voiced. We have even heard opinions of international scope. That has really been useful to us.

You recently stated in the media that the Bill C-12 provisions on data breaches did not sufficiently protect Canadians' personal information. You even said that, under those circumstances, you could not fully support this bill.

Could you tell me what amendments should be made to the bill to adequately protect Canadians' personal information?

Mr. Speaker, the government did have this legislation before the House when the member's party forced an election about a year and a half ago.

This government has already taken steps to address the serious privacy concerns of Canadians. Notably, we have introduced amendments to the Personal Information, Protection and Electronic Documents Act contained in Bill C-12 that would empower and protect consumers by requiring organizations to inform the Privacy Commissioner and individuals when their personal information has been disclosed as a result of a data breach. These amendments would also clarify and streamline rules for business.

Protecting privacy is good for Canadians, good for business and it fosters trust and confidence in the online marketplace.

I trust I can count on the opposition member's support of Bill C-12.

Mr. Speaker, Conservative members keep promising us that they will modernize the legislation, except we have been hearing the same thing for seven years.

Bill C-12 has been on the order paper twice since I asked my question, but we have not debated it. Is it truly a priority of this government, or will they continue to say that amendments are coming? Canadians are tired of waiting. They want their information to be protected and these amendments to become law.

Will the government truly move forward with Bill C-12 or will it continue to make promises?

Mr. Speaker, I am happy to respond to comments made earlier by the hon. member about Canadian privacy laws.

The government takes the privacy of Canadians very seriously. The Personal Information Protection and Electronic Documents Act, or PIPEDA, is Canada's private sector privacy law. It is a good piece of legislation and has stood the test of time. However, some tweaks are needed. To that end, we have introduced amendments to PIPEDA. The amendments, which are contained in Bill C-12, will introduce new requirements for organizations to report data breaches to the Privacy Commissioner of Canada and to notify affected individuals when the breaches are deemed to pose a significant risk of harm, such as identity theft or fraud.

However, that is not all. These amendments will further protect the personal information of minors, by requiring organizations to consider the ability of their target audience to comprehend the consequences of sharing their personal information.

Bill C-12 is currently at second reading and, once done, will be headed to committee. I hope we can count on the support of opposition members in ushering in these important amendments to update Canada's private sector privacy law.

I would also like to add that there will be an opportunity to update PIPEDA during the second parliamentary review. While the timing of the review has yet to be determined, I can assure the opposition member that the committee undertaking the review will have an opportunity to examine the legislation, call witnesses and to consider making further amendments.

As I stated earlier, the privacy of Canadians is a matter that the government takes very seriously. I hope we can count on support from all members, including the member opposite, on the passage of Bill C-12.

Mr. Speaker, on September 25, I rose in the House to share Canadians' concerns about the protection of their personal information online. I also asked the government what it was going to do about this and whether it would finally update Canadian laws in order to protect Canadians' personal information online. Canadians have cause for concern about the protection of their personal information. The Privacy Commissioner published a report showing that many popular websites that we use every day are leaking personal information, which is very worrisome.

The Standing Committee on Access to Information, Privacy and Ethics is currently examining these issues and is finding that there are many problems and potential risks. Meanwhile, the Conservatives are stuck in the stone age. They are not modernizing our laws in order to ensure that those laws remain relevant given the existing digital reality and new risks.

The Personal Information Protection and Electronic Documents Act is supposed to be reviewed every five years. Unfortunately, we have still not been able to pass the first revision. Bill C-12 is seven years late, and that is very worrisome. We are also late in dealing with Canada's anti-spam legislation. The regulations have still not been implemented, despite the fact that we have been waiting for years for this to happen.

Meanwhile, things are changing. In the digital age, everything moves very quickly. We must be proactive in order to protect personal information and keep up with the digital age, rather than being left behind. When I asked my question, the Parliamentary Secretary to the Minister of Industry said:

“The government introduced Bill C-12, which is an important tool for ensuring a stronger digital economy”.

As I have already pointed out, Bill C-12 is seven years behind. It is already time for another review, which we are supposed to do every five years according to the act. Unfortunately, we are not yet there. The government keeps putting off the review on personal information protection.

While the government is dragging its feet, businesses have no obligation to issue warnings about compromised data. Furthermore, major websites continue to disclose personal information. I repeat: will the government join the 21st century and modernize laws to protect our personal information online?

Thank you, Mr. Chair.

This has been a fascinating discussion. I think one of the issues that we are trying to grapple with is the effect of risk if privacy is breached. This is a serious issue. We can develop as much as we want, but the risks to citizens are much higher now than they've ever been because of the ease of access.

I'm concerned about two areas. One is in terms of fraud. Scams such as the 419 scam can track people now. They can find information. They can tailor their pitch to you in an e-mail or on Facebook based on specific points of data that would not have been possible before. We're not going to know about their ability to catch people because many people who are caught up in a fraud are just too embarrassed to come forward. This is happening all the time, and it's happening because it's not the good players who are breaching data, but other people who are breaching data.

Mr. Gupta, given the seriousness of this, we're seeing that under Bill C-12, private companies should only need to report privacy breaches if it proves significant harm. That's a pretty high test. Don't you think that given what's out there, the Privacy Commissioner should be deciding whether a breach is something to be reported?

Mr. Speaker, I did want to be in accord with the official opposition and NDP House leader. However, my disappointment was that before we started debate on Bill C-45, what we first encountered was a delay tactic in the form of a concurrence motion brought by the Liberal Party. Indeed, that was very disappointing to us and a surprise because Bill C-45 is important. It is the government's top legislative priority for this fall. All parties know that. He is quite right that I did want to see it debated in substance in the House rather than see those kinds of tactics to avoid debate.

Bill C-45's measures will further Canada's economic recovery and ensure the foundation for more good-quality jobs on top of the over 820,000 net new jobs we have already had. It includes an extension of the highly successful small business hiring credit that is directly helping Canadian entrepreneurs create new jobs.

Unfortunately, we have seen the NDP take an anti-job creation position. Believe it or not, the NDP finance critic actually dismissed the hiring credit as yet again another across-the-board cut for small businesses.

We want to see taxes lowered. We do not want to see higher taxes or an NDP carbon tax. That is why we have a budget bill that keeps those taxes low.

I am pleased to say that we will be voting on C-45 on Tuesday night at second reading, which will give us the opportunity to send it to the finance committee for consideration. The parliamentary secretary for finance has made it clear that she will ask the finance committee to ask, I believe, 10 other committees to study elements of the bill and potentially make recommendations with respect to changes or adopt its contents. The opposition and government members are free to make amendments at committee based on their own study as well as on the studies of those other committees. Therefore, there will be ample study of the bill and that is good for all.

Bill C-45 will continue to be debated this afternoon, tomorrow, Monday, and Tuesday. As I said, the vote on the bill will take place on Tuesday evening.

On Wednesday, we will take up report stage—and, hopefully, third reading—of Bill C-28, the Financial Literacy Leader Act. Should we be able to make quick work of that debate, the House will take up Bill C-12, the Safeguarding Canadians' Personal Information Act, at second reading.

On Thursday morning, the House will consider second reading of Bill S-2, the Family Homes on Reserves and Matrimonial Interests or Rights Act. And, after question period, we will turn to Bill S-8, the Safe Drinking Water for First Nations Act, also at second reading.

Finally, on Friday, we will start report stage of Bill C-24, the Canada–Panama Economic Growth and Prosperity Act. This bill would implement our free trade agreement with the Republic of Panama—an agreement whose time has long come. In fact, when I was the public safety minister, I was honoured to be present when the Prime Minister concluded negotiations in Panama City, some 38 months ago.

Mr. Speaker, just to clarify, I would have been quite happy to have consented to the motion had the member not included in it a provision for an additional opposition day. Had the member decided to conclude that NDP was prepared, since its subject for today was food safety, to make the balance of the day the debate on Bill S-11 and then have it proceed to committee, we would have been quite delighted to consent.

In terms of his suggestions on the budget bill, I am looking forward to meeting with him and discussing with him what opportunities might exist there further.

Earlier today, the Minister of Finance introduced Bill C-45, the Jobs and Growth Act, 2012.

This important piece of legislation will bolster Canada’s economy and help improve communities with initiatives that build a strong economy and create jobs, support families and communities, promote clean energy and enhance neutrality of the tax system, and respect taxpayers’ dollars.

We will start second reading debate of Bill C-45 on Wednesday—once honourable members have had a chance to review the bill and discuss it at next week’s caucus meetings. The debate will continue on Thursday and Friday.

I genuinely hope all members will take advantage of the budget bill study week that is available to review the valuable measures that are set out as the second half of our legislative arm of our comprehensive economic action plan 2012. One highlight of the study week will be a briefing arranged by the minister for all hon. members on Monday evening. I hope many MPs can attend, and certainly more than the paltry attendance of opposition members that appeared this spring for the briefing on Bill C-38.

I look forward to a vigorous policy debate on the economy and not on procedural games.

I turn now to the business of the House leading up to Wednesday.

This afternoon we will see the conclusion of the NDP's opposition day. Regrettably, I was personally disappointed that the official opposition did not answer my call last week to lay out the details of its $21.5 billion carbon tax and how it would raise the price of gas, groceries and electricity. Though, I was encouraged that this week in question period the New Democrats actually did acknowledge the subject and raised it.

Tomorrow and Monday will see us resume second reading of Bill S-7, the combating terrorism act. I understand we should finish that debate sometime on Monday, at which that time we will then turn to Bill C-15, the strengthening military justice in the defence of Canada act; Bill S-2, the family homes on reserves and matrimonial interests or rights act; and Bill S-8, the safe drinking water for first nations act.

On Tuesday, we will debate the second reading of Bill S-11, the safe food for Canadians act, unless we find some other approach that would allow us to move on a more urgent basis. Since we did not get unanimous consent to move it forward quickly, we are hopeful there will be some other approach that can be agreed upon to move quickly with it. We hope that if we do debate it that day, we will be able to deal with it quickly and then spend the balance of that day debating Bill C-15 and Bill C-12, the safeguarding Canadians' personal information act.

Mr. Speaker, Bill C-12 is already out of date. The government is still stuck in a world of eight-track tapes.

This Facebook privacy concern is a concern to millions of Canadians, but the issue is bigger than that.

Mr. Speaker, this government introduced Bill C-12, which is an important tool for ensuring a stronger digital economy in Canada. We look forward to the oppositions' support in moving that forward.

moved:

That, pursuant to Standing Order 27, the ordinary hour of daily adjournment shall be 12 midnight, commencing on Monday, June 11, 2012, and concluding on Friday, June 22, 2012, but not including Friday, June 15, 2012.

Today I rise to make the case for the government's motion to extend the working hours of this House until midnight for the next two weeks. This is of course a motion made in the context of the Standing Orders, which expressly provide for such a motion to be made on this particular day once a year.

Over the past year, our government's top priority has remained creating jobs and economic growth.

Job creation and economic growth have remained important priorities for our government.

Under the government's economic action plan, Canada's deficits and taxes are going down; investments in education, skills training, and research and innovation are going up; and excessive red tape and regulations are being eliminated.

As the global economic recovery remains fragile, especially in Europe, Canadians want their government to focus on what matters most: jobs, economic growth and long-term prosperity. This is what our Conservative government has been doing.

On March 29, the Minister of Finance delivered economic action plan 2012, a comprehensive budget that coupled our low-tax policy with new actions to promote jobs and economic growth.

The 2012 budget proposed measures aimed at putting our finances in order, increasing innovation and creating suitable and applicable legislation in the area of resource development in order to promote a good, stable investment climate.

The budget was debated for four days and was adopted by the House on April 4. The Minister of Finance then introduced Bill C-38, Jobs, Growth and Long-term Prosperity Act, the 2012 budget implementation bill. The debate at second reading of Bill C-38 was the longest debate on a budget implementation bill in at least two decades, and probably the longest ever.

On May 14, after seven days of debate, Bill C-38 was passed at second reading.

The bill has also undergone extensive study in committee. The Standing Committee on Finance held in-depth hearings on the bill. The committee also created a special subcommittee for detailed examination of the bill's responsible resource development provisions. All told, this was the longest committee study of any budget implementation bill for at least the last two decades, and probably ever.

We need to pass Bill C-38 to implement the urgent provisions of economic action plan 2012. In addition to our economic measures, our government has brought forward and passed bills that keep the commitments we made to Canadians in the last election.

In a productive, hard-working and orderly way, we fulfilled long-standing commitments to give marketing freedom to western Canadian grain farmers, to end the wasteful and ineffective long gun registry, and to improve our democracy by moving every province closer to the principle of representation by population in the House of Commons.

However, in the past year our efforts to focus on the priorities of Canadians have been met with nothing but delay and obstruction tactics by the opposition. In some cases, opposition stalling and delaying tactics have meant that important bills are still not yet law. That is indeed regrettable.

In the case of Bill C-11, the copyright modernization act, a bill that will help to create good, high-paying jobs in Canada's creative and high-tech sectors, this House has debated the bill on 10 days. We heard 79 speeches on it before it was even sent to committee. This is, of course, on top of similar debate that occurred in previous Parliaments on similar bills.

It is important for us to get on with it and pass this bill for the sake of those sectors of our economy, to ensure that Canada remains competitive in a very dynamic, changing high-tech sector in the world, so that we can have Canadian jobs and Canadian leadership in that sector.

Bill C-24 is the bill to implement the Canada-Panama free trade agreement. It has also been the subject of numerous days of debate, in fact dozens and dozens of speeches in the House, and it has not even made it to committee yet.

Bill C-23 is the Canada-Jordan economic growth and prosperity act. It also implements another important job-creating free trade agreement.

All three of these bills have actually been before this place longer than for just the last year. As I indicated, they were originally introduced in previous Parliaments. Even then, they were supported by a majority of members of this House and were adopted and sent to committee. However, they are still not law.

We are here to work hard for Canadians. Adopting today's motion would give the House sufficient time to make progress on each of these bills prior to the summer recess. Adopting today's motion would also give us time to pass Bill C-25, the pooled registered pension plans act. It is a much-needed piece of legislation that would give Canadians in small businesses and self-employed workers yet another option to help support them in saving for their retirement. Our government is committed to giving Canadians as many options as possible to secure their retirement and to have that income security our seniors need. This is another example of how we can work to give them those options.

In addition to these bills that have been obstructed, opposed or delayed one way or another by the opposition, there are numerous bills that potentially have support from the opposition side but still have not yet come to a vote. By adding hours to each working day in the House over the next two weeks, we would allow time for these bills to come before members of Parliament for a vote. These include: Bill C-12, safeguarding Canadians' personal information act; and Bill C-15, strengthening military justice in the defence of Canada act. I might add, that bill is long overdue as our military justice system is in need of these proposed changes. It has been looking for them for some time. It is a fairly small and discrete bill and taking so long to pass this House is not a testament to our productivity and efficiency. I hope we will be able to proceed with that.

Bill C-27 is the first nations financial transparency act, another step forward in accountability. Bill C-28 is the financial literacy leader act. At a time when we are concerned about people's financial circumstances, not just countries' but individuals', this is a positive step forward to help people improve their financial literacy so all Canadians can face a more secure financial future. Bill C-36 is the protecting Canada's seniors act which aims to prevent elder abuse. Does it not make sense that we move forward on that to provide Canadian seniors the protection they need from those very heinous crimes and offences which have become increasingly common in news reports in recent years?

Bill C-37 is the increasing offenders' accountability for victims act. This is another major step forward for readjusting our justice system which has been seen by most Canadians as being for too long concerned only about the rights and privileges of the criminals who are appearing in it, with insufficient consideration for the needs of victims and the impact of those criminal acts on them. We want to see a rebalancing of the system and that is why Bill C-37 is so important.

Of course, we have bills that have already been through the Senate, and are waiting on us to deal with them. Bill S-2, which deals with matrimonial real property, which would give fairness and equality to women on reserve, long overdue in this country. Let us get on with it and give first nations women the real property rights they deserve. Then there is Bill S-6, first nations electoral reform, a provision we want to see in place to advance democracy. Bill S-8 is the safe drinking water for first nations act; and Bill S-7 is the combatting terrorism act.

As members can see, there is plenty more work for this House to do. As members of Parliament, the least we can do is put in a bit of overtime and get these important measures passed.

In conclusion, Canada's economic strength, our advantage in these uncertain times, and our stability also depend on political stability and strong leadership. Across the world, political gridlock and indecision have led to economic uncertainty and they continue to threaten the world economy. That is not what Canadians want for their government. Our government is taking action to manage the country's business in a productive, hard-working and orderly fashion. That is why all members need to work together in a time of global economic uncertainty to advance the important bills I have identified, before we adjourn for the summer.

I call on all members to support today's motion to extend the working hours of this House by a few hours for the next two weeks. For the members opposite, not only do I hope for their support in this motion, I also hope I can count on them to put the interests of Canadians first and work with this government to pass the important bills that remain before us.

Unfortunately, I think we are really lagging behind when it comes to everything Internet-related. I think that a lot of work needs to be done and that it is better to be proactive than wait until there's a disaster.

On that same topic, the commissioner, Ms. Stoddart, said in her testimony, and as you explained in your presentation, that Canada is lagging behind with respect to standards for data breach. Perhaps Bill C-12 doesn't contain enough measures.

Can you please explain why we lag so far behind when it comes to informing users about breaches of their personal information?

Bill C-29, which was in the former Parliament, made some changes to PIPEDA, and Bill C-12, which was reintroduced on September 29, 2011, had a key amendment that required organizations to report data breaches—referred to in the bill as breaches of security safeguards involving personal information—to the Privacy Commissioner and notify affected individuals when there is real significant harm, such as identity theft or fraud.

I have a lot of folks in my community who are concerned about identity theft. It seems that every once in a while we'll hear about a significant security breach. In fact, your office has reported on some of them. This reporting requirement for security breaches, is it something you would support, these changes that are suggested in Bill C-12?

Thank you.

Finally, we have two bills before the House that could have huge implications for Canadian privacy rights: the update to the PIPEDA, Bill C-12; and then Bill C-30, Minister Vic Toews' snooping law.

Have you done any analysis of the potential impact on your department in terms of information?

Mr. Speaker, on the contrary. It has been suggested in the past when we have had budgets on Thursdays that we were doing that so we could go out and talk to Canadians about it for several days. Clearly, our interest is to tell Canadians about our economic action plan 2012 which is focused on keeping taxes down and creating jobs and economic growth for Canadians. We hope we will be able to speak about it a lot to Canadians. We are confident that they will see that we share their priorities strongly. I thank the opposition House leader for giving me the opportunity to explain that.

We will conclude this hard-working, productive and orderly week in Parliament by continuing debate on Bill C-31, the protecting Canada's immigration system act this afternoon and tomorrow. We will also debate that bill on Monday, March 26.

Next week is a constituency week where we will all be hard at work in our ridings.

The highlight of the week we return to Ottawa will be when the Minister of Finance rises in the House to present Canada's economic action plan 2012. That will be on Thursday, March 29 at 4 p.m. Canadians can look forward to our economic action plan which will include, as I indicated earlier, important measures focused on jobs and economic growth.

I understand that the Standing Committee on Finance agreed to a responsible work plan for its study of the financial system review act, Bill S-5 so that this House can pass the bill before Canada's banking laws expire in mid-April. Canada has the world's soundest banking system. It is important that we keep it this way. That is why I trust we will see a responsible approach to this bill in the House, similar to what we saw at committee. In anticipation of the bill being reported back to the House tomorrow afternoon, I will be giving priority to report stage and third reading of Bill S-5 on Tuesday, March 27 and Wednesday, March 28.

If we have additional time on those days, I hope we can finish second reading debate of Bill S-4, the Safer Railways Act, and then deal with Bill C-12, the Safeguarding Canadians' Personal Information Act, at second reading.

On Thursday, March 29, we will resume debating Bill C-24, the Canada–Panama Economic Growth and Prosperity Act, before question period. After question period, the House will turn to Bill C-15, the Strengthening Military Justice in the Defence of Canada Act.

Friday, March 30, shall be the first full day of debate on the budget.

Thank you.

From all the different witnesses we've heard, as well as the various types of abuse of the elderly, in many ways financial abuse is coming to the forefront.

Apart from funding of the new horizons for seniors program; the ad campaign that's going to come out again; our Speech from the Throne; the pledge for stiffer penalties in Bill C-12, an act to amend PIPEDA, which would allow our financial institutions to be better able to identify and protect seniors from abuse, do you have anything to offer to the committee in terms of the ways that government and the public could better fight financial abuse?

From a numbers point of view, the government's previous bill—and I'm not trying to drag you into the politics of it, I totally respect the lines; however, the previous government bill had a different resulting increase in seats for the provinces, and it was apparently because it was based on a previous census.

Now they're using updated numbers, and I'm still not quite sure what they mean by “updated numbers”, because it's only a matter of a few months between the change the government ran on Bill C-12 and their coming into power and saying here's a new bill, we've got new numbers.

Just strictly from a numbers point of view, can you explain to me what's new?

Exactly. That's the point.

So the formula, that formula, was available when Bill C-12 was introduced.

moved for leave to introduce Bill C-12, An Act to amend the Personal Information Protection and Electronic Documents Act.

(Motions deemed adopted, bill read the first time and printed)