Mr. Speaker, these new binding agreements give the Privacy Commissioner more power to ensure organizations are accountable.
Currently, agreements made between organizations and the commissioner are non-binding. If a firm does not undertake the action it agrees to, the commissioner has little power to hold the organization to account, but with a binding compliance agreement, the organization knows that if it does not abide by the terms of the agreement, the Privacy Commissioner can take it to court.
It may interest my colleagues to know that compliance agreements are a common tool used by other commissioners to ensure that the rules are followed, that includes the Commissioner of the Financial Consumer Agency of Canada to enforce the Bank Act, as well as the Minister of Health to administer the Consumer Product Safety Act.
As I mentioned earlier, we are also proposing an increase in the length of time an individual or the Privacy Commissioner has to take organizations to court. Currently, complainants only have 45 days to file a court application. This timeframe is a crucial window for the commissioner to collect evidence or to negotiate an agreement with organizations. However, 45 days is simply is not enough time. The commissioner often provides organizations with a reasonable amount of time to collect their privacy practices. It is often over 45 days, and in some cases it is up to a year.
With the 45-day clock ticking, and having run out in most cases, the commissioner is left with little recourse if any organization reneges on the agreed-upon recourse. This is why we are proposing to increase the timeline to one year between the time the report is issued and the deadline for taking matters to court.
The third improvement we are proposing is to give the Privacy Commissioner the ability to name and shame non-compliant organizations with the public. Currently, the commissioner can only publicly reveal information about the way in which an organization handles personal information. The commissioner cannot, for example, disclose that an organization is not co-operating with an audit or is otherwise acting in bad faith, and yet, for many organizations, this could be the most effective tool in holding them to account and encouraging them to improve their practices.
It could be used, for example, against foreign-based companies that are otherwise beyond the reach of Canadian courts. If they refuse to co-operate with the request for information, the commissioner could publicly disclose this fact, which would send a signal to consumers of the privacy implications of the organization's practices. The organization would in turn have to explain to their customers why they are not respecting Canadian privacy laws.
Ultimately, this empowers Canadians. It gives consumers the information they need to make informed choices about the practices of the companies they deal with.
Our government is taking action to give the Privacy Commissioner new power to ensure Canadians' privacy is protected and that Canadians play by the rules. This is just one of the ways we are providing Canadians with the confidence that their privacy and personal information are protected.