Mr. Speaker, I am pleased to rise today to speak to the motion to refer Bill S-4, the Digital Privacy Act, to a committee before second reading. I would also like to take this opportunity to congratulate my colleague from Terrebonne—Blainville, who has done such an outstanding job on this file.
Bill S-4 has a number of shortcomings and must be amended, which is why we would like to send this bill to committee before second reading.
I will give some details about the bill in order to put it in context. Bill S-4 amends the Personal Information Protection and Electronic Documents Act to compel private sector organizations to disclose any loss or breach of personal information. So far, so good. It also sets out sanctions to be imposed on organizations that fail to comply with that obligation. Again, so far, so good.
However, the proposed criterion for mandatory reporting is subjective, because it allows organizations to determine themselves whether it is:
...reasonable in the circumstances to believe that the breach creates a real risk of significant harm to an individual.
In my opinion, this major flaw in the bill needs to be corrected. Why make laws if we are going to ask the organizations to enforce them themselves? I have my doubts. That is like giving a minister full power. That does not work either.
Bill S-4 would also give the Privacy Commissioner new powers to enter into compliance agreements with organizations that, according to the Commissioner, have failed to respect the provisions in the legislation, leaving the personal information of Canadians vulnerable. So far, so good.
Bill S-4 adds exceptions under which personal information may be collected, used or disclosed without an individual’s consent. The bill would make it easier for organizations to share personal information with each other without the consent of individuals, if the organizations are engaged in a process leading to a prospective business transaction.
The NDP absolutely disagrees with this type of provision. It is really not good for consumers. People will receive more advertising and unsolicited communications. We do not really need that in our consumerist society.
In other words, the bill allows an organization to disclose private client information under certain circumstances. If a company has my private information, for example, it can share it with another company, which can then do whatever it wants with that information. The next thing I know, I am receiving ads, or other unwanted things, at home. I do not think that is right. That is a very significant flaw in the bill.
Bill S-4 also amends provisions in the law that define the situations in which a person whose private information has been lost or compromised by a security breach can apply to the Federal Court for a hearing after receiving the Commissioner’s report or having been informed of the end of the complaint investigation. The bill extends the timeframe from 45 days to one year for a complainant to make an application to the court. I have to admit, that is a useful provision because it gives people more time to figure things out. It gives them a chance to analyze the situation and make a decision about whether to go or not go to court.
Bill S-4 also requires organizations to maintain a record of all breaches of security safeguards involving personal information under their control. This record could eventually be audited by the Office of the Privacy Commissioner of Canada. Again, I see some small flaws that open the door to subjectivity. I am not convinced of the merits of this provision.
My party and I are extremely concerned about the fact that Bill S-4 contains a provision that allows organizations to more easily share personal information without a warrant, without the consent of the clients and without an appropriate oversight mechanism. That is very worrisome and should be amended right away.
Given a recent Supreme Court of Canada decision, this provision will very likely be deemed unconstitutional. It is therefore important that the government comply with the Supreme Court's decision and remove from the bill all clauses relating to the warrantless disclosure of personal information.
The government has a very poor track record when it comes to protecting personal information. Although Bill S-4 contains some good provisions, it will not erase the past. The bill must therefore be amended so that it really meets the needs of Canadians and complies with international privacy standards.
In just one year, under this Prime Minister's government, government organizations secretly made over 1.2 million requests to telecommunications companies for personal information without a warrant and without proper oversight. I think that is all I need to say for people to understand that this is a concern. The government should have taken advantage of the opportunity afforded by Bill S-4 to correct the flaws that led to many violations of Canadians' privacy.
Finally, because of the government's inaction, the law has not been updated since the introduction of the new generation of iPods, iPads, iPhones and the like. We have fallen far behind in terms of international standards. Bill S-4 therefore does not go far enough and does not make the proper amendments to adequately protect Canadians in today's digital age.
There is still much to be done to adequately protect the privacy of Canadians. The government would do well to take this issue seriously.