Bill C-29 (Historical)

Mr. Speaker, let me make an undertaking to my colleague, the House leader of the official opposition, to make enquiries into that and respond to him in short order.

The House will continue today with the opposition motion.

Tomorrow we will continue debate, and I know the NDP will be excited about this, on Bill C-10, Senate term limits; Bill C-19, regarding political loans; followed by Bill S-3, tax conventions implementation.

On Monday and Tuesday of next week, we will call Bill S-3, tax conventions implementation; Bill C-3, gender equity in Indian registration; Bill C-28, fighting Internet and wireless spam; Bill C-22, protecting children; Bill C-29, safeguarding personal information; and Bill C-30, response to the Supreme Court of Canada decision in R. v. Shoker.

On Wednesday and Friday we will call Bill C-41, strengthening military justice; and Bill C-43, RCMP labour modernization.

Thursday will be an allotted day. I believe this allotted day will go to the Bloc Québécois.

With respect to a take note debate, there have been discussions amongst the parties. There have not been a lot of take note debates. Two weeks ago we had one on veterans issues. I believe next week we will be having one on the issue of pensions, which I know is a concern for all of us, but particularly this was brought forward by the House leader for the official opposition. I believe we are looking at Tuesday night for that.

I appreciate the co-operation we have had from all parties. This gives members an opportunity to bring issues relevant to their constituents forward in the House.

Mr. Speaker, certainly in the course of my comments I will answer both of those questions. We will continue debate today on Bill C-49, the preventing human smugglers from abusing Canada's immigration system act.

Tomorrow we will call Bill C-36, the consumer product safety bill. Since it was only reported back from committee today, we will need to adopt a special order, which I will propose after my statement. This is a bill that will help protect children, help protect families, and I think it speaks incredibly well of all four political parties that they put politics aside and are seeking speedy passage of the bill. So I would like to thank everyone in all parties for their support on this important initiative. It is a good day for Parliament.

On Monday, we will continue debate on Bill C-47, the second budget implementation bill. I know the member opposite has been waiting for this and I hope he will have the opportunity to speak to this important piece of legislation.

That would be followed by Bill C-49, the preventing human smugglers from abusing Canada's immigration system act; Bill S-2, regarding the sex offenders registry; Bill S-3, the tax conventions; Bill C-41, strengthening military justice; Bill C-48, the protecting Canadians by ending sentence discounts for multiple murders act; Bill C-29, safeguarding Canadians' personal information; and Bill C-30, on the Supreme Court of Canada decision in R. v. Shoker.

On Tuesday, we will call Bill C-32, copyright modernization. At the conclusion of debate on the bill, we will call Bill C-48, protecting Canadians by ending sentence discounts for multiple murders. Following Bill C-48, we will return to the list for Monday, starting with the budget implementation act, which again speaks to one of the member's questions.

On Tuesday evening we will have a take note debate on honouring our veterans and I will be moving the appropriate motion in a few minutes. I think it again speaks well that we are having a take note debate. I know the member for Vancouver East joined members of the Liberal Party, the Bloc Québécois and the Conservative Party in supporting this.

Thursday shall be an allotted day for the New Democratic Party, an opposition day as requested by the House leader for the official opposition.

Therefore, consultations have taken place among the parties and I am pleased to move:

That a take-note debate on the subject of the courageous contribution and service to Canada by Canada's Veterans take place pursuant to Standing Order 53.1, on Tuesday, November 2, 2010.

Mr. Speaker, I will try again with another angle because I suspect there are things that we can learn from the experience of Quebec when it comes to passing legislation in this area and administering that legislation.

I know the member is not supporting Bill C-29 and that she sees it as an intrusion into the jurisdiction of Quebec, but the bill exempts business contact information from the provisions of PIPEDA, which means that any information an organization or business collects, uses or discloses solely for the purposes of communicating or facilitating communication with the individual in relation to their employment, business or profession is exempt.

I am just wondering if there is a similar exemption for business contact information in the Quebec legislation, which is now being contemplated in the bill that we have before us today here in the House.

Mr. Speaker, in Quebec, we have laws that cover all the provincial jurisdictions. Anything to do with personal information—names, addresses, etc.—is covered by the laws that I mentioned in my speech.

Currently, this jurisdiction is a civil matter and is protected by the Civil Code. The very fact that we are discussing Bill C-29 in the House is inappropriate. This bill encroaches on provincial jurisdictions, and I am shocked that the provinces, like Ontario for example, are not reacting more and are allowing inappropriate laws that intrude into their jurisdictions to be imposed on them like this. I am completely shocked to see that.

However, I am reassured that two other provinces, Alberta and British Columbia, have also implemented legislation similar to what is done federally. To date, when a provincial law exists, the federal government has let the provincial law take precedence, which is why Bill C-29 would not currently be applicable in Quebec, Alberta or British Columbia. Provincial laws govern this data in the private sector.

I would like to thank my colleague for this question, which allowed me to clarify this.

Mr. Speaker, I know my colleague has difficulty with this legislation and has made a very strong case for its intrusion into the jurisdiction of Quebec.

I have a couple of questions for her about how the Quebec legislation deals with some of the issues that are dealt with in Bill C-29, particularly the situation around a material breech. When a material breech of personal information has occurred, what sorts of notification requirements does the legislation in Quebec require?

This is one of the areas where this bill that is before the House today is seen as failing by a number of newspaper commentators and by people who follow the questions of protection of personal information in Canada. The question of what corporations are required to do when personal information has been breeched is an important one and maybe she could tell us what the legislation in Quebec requires in those kinds of instances.

Mr. Speaker, as the Bloc Québécois privacy critic, I am pleased to speak today to the government's Bill C-29, which the Minister of Industry introduced in May.

The Bloc Québécois will vote against Bill C-29 because it is yet another bill that shamelessly interferes in an area under provincial jurisdiction.

The Bloc Québécois vigorously opposed the adoption in 2000 of the Personal Information Protection and Electronic Documents Act, which this Bill C-29 seeks to amend.

Of course, we played an active and responsible role in the study of part 1 of the Personal Information Protection and Electronic Documents Act, and we even proposed some changes in an attempt at damage control.

But the Bloc Québécois has always made it very clear that it definitely does not support the legislation that came into force in January 2001. And it was not alone.

In Quebec, the government, businesses, consumers, the Conseil du patronat, editorial writers, constitutional law experts and many others loudly criticized this renewed assault on Quebec's exclusive areas of jurisdiction.

In May 2007, the Bloc Québécois voiced its opposition to this new intrusion into provincial areas of jurisdiction in its dissenting report appended to the Standing Committee on Access to Information, Privacy and Ethics' report on the Personal Information Protection and Electronic Documents Act. Apparently, the recommendations in that report resulted in Bill C-29, which was introduced in the House today.

Both the Personal Information Protection and Electronic Documents Act and this bill, C-29, which would amend the act, are perfect examples of the federal government preying on Quebec's powers yet again.

Basically, the Government of Quebec and the provinces have been arguing since 2000 that, despite the federal government's attempt to justify its bill based on its power to regulate trade and commerce, personal information protection is within the jurisdiction of Quebec and the provinces because of constitutional powers in the areas of property and civil rights.

Constitutional law expert Jacques Frémont of the Université de Montréal was very clear about this when he commented on the original bill that Ottawa was trying to pass. This is what he said:

[This bill] violates both the spirit and the letter of the division of powers, as we must understand it in this country. It denotes an arrogant approach and constitutes an intrusion on the part of the federal government in areas of provincial jurisdiction. Protection of personal privacy is essentially a provincial power. In Quebec, for example, in the area of property and civil rights, it is the Quebec Civil Code that applies, as well as the Canadian and Quebec Charters.

Personal information is very well protected in Quebec. The federal legislation simply overlaps provisions that are already in place. First, section 5 of the Quebec Charter of Rights, adopted in 1975, explicitly states that every person has the right to privacy. Second, chapter 3 of the Civil Code, in particular sections 36 to 40, contains privacy provisions. Third, Quebec's Act respecting the Protection of Personal Information in the Private Sector has also been protecting Quebeckers' personal information since 1993.

In addition, companies under federal jurisdiction that operate in Quebec are already covered by Quebec laws. Quebeckers' privacy rights are fully protected by Quebec law, whether they do business with a company under provincial jurisdiction or a company under federal jurisdiction.

In September 2009, the task force on the future of the Canadian financial services sector published a report that focused on protecting personal information in which it states the following about Quebec's legislation:

On a literal reading, the Quebec law applies to banks as well as other financial institutions. … In the absence of federal legislation on a particular subject matter, validly enacted provincial law may apply to a federal undertaking unless the law prevents the federal undertaking from managing its operations or generally accomplishing its ends.

Moreover, the report stated that Quebec law already applied to interprovincial and international trade as well.

Moreover, the effects of the Quebec law will not be confined to the province. National institutions will face the Act's restriction on the extra-provincial transfer of personal information (about Quebec residents).

The Personal Information Protection and Electronic Documents Act gives the federal government the power to render a Quebec law invalid. That is too much.

The federal act applies to all financial activities unless the Governor in Council orders, if satisfied that a province has adopted similar legislation, that it be exempted in whole or in part. In December 2003, the federal government issued an exclusion order applicable to organizations in Quebec. Unfortunately, not only is the power set out in paragraph 26(2)(b) left to the government’s sole discretion, but it applies only to information within Quebec and held by companies under provincial jurisdiction.

Pursuant to this paragraph, the Governor in Council could therefore, if it wished, order that the laws of Quebec be declared partially or wholly invalid, without even referring the matter to Parliament. This is unacceptable to the Bloc Québécois. It cannot subscribe to any law that goes against the interests of Quebec and it believes that Bill C-29 should not even be discussed in the House: civil law comes under provincial jurisdiction.

Need I remind this House that the concepts of privacy and confidentiality are extremely important in the 21st century, as their application in daily life is becoming especially difficult? Privacy and confidentiality are, in fact, concepts tied to basic rights such as freedom and personal autonomy. Protecting privacy and confidentiality is simply recognizing every individual's right to a private life.

In other words, people have the right to determine when, how and in what way they will communicate information to other people. What I call the right to private life is being threatened today, more than ever, by problems stemming from new information technology, and every privacy protection measure has to take that into account.

The Big Brother George Orwell created in 1948 in his novel 1984 is alive and well among us, and I will not be the last person to talk about that.

Any privacy initiatives, today and in the future, must cover not only the monitoring of information about us, but also protection against unwanted access to our personal information by other people. In fact, that is why our governments have had to create organizations and legislation to protect privacy.

Quebec has been a true pioneer in North America in the area of access to information and protection of privacy, and serves as a reference for all western countries. The Quebec access to information commission was created in 1982, but as early as 1971, with the passage of the Consumer Protection Act, Quebec's lawmakers broke new ground by ensuring all persons the right of access to their credit records.

In 1975, the National Assembly passed the Quebec Charter of Human Rights and Freedoms, recognizing the right of all persons to respect for their privacy and their right to information. This was a historic legislative step that would lay the legal foundations for fundamental principles.

On June 22, 1982, the Quebec National Assembly passed an act respecting access to documents held by public bodies and the protection of personal information, thereby creating the Commission d'accès à l'information du Québec. The National Assembly continued its efforts to protect privacy by adopting the act respecting the protection of personal information in the private sector, which came into force on January 1, 1994.

In Canada during that time, part IV of the Canadian Human Rights Act created the position of Privacy Commissioner in 1977. The commissioner is an officer of Parliament who acts as a privacy ombudsman.

The federal government then passed two pieces of legislation, the Privacy Act in 1983 and the Personal Information Protection and Electronic Documents Act in 2000. The first basically governs the federal public sector and the second, which is of special interest to us here today, has to do more with the private sector in all of Canada, except in provinces that have “substantially similar” provincial legislation.

Alberta, British Columbia and Quebec have their own legislation, since the activities of the private sector generally fall under provincial jurisdiction. However, since the Personal Information Protection and Electronic Documents Act gives the federal government the power to invalidate a Quebec law, there is no way that we can support it.

The two federal acts dedicated to protecting personal information duplicate the Quebec legislation that was passed by the National Assembly to allow individuals to decide for themselves with whom they will share their personal information, as well as for what purposes and under what circumstances. In fact, we must always remember that what constitutes an invasion of privacy for one person, is not necessarily an invasion for another. We all know it is very difficult to ensure that our privacy is respected these days.

At the dawn of the 21st century, the globalization of information and transformation of means of communication have taken great leaps forward, thanks to recent technological advances. However, all these advances present just as many threats to human rights, in particular our right to privacy, and our right to control the distribution and use of our personal information.

Governments and corporations have an insatiable thirst for our personal information. The current Conservative government even believes that collecting a huge quantity of personal information will solve issues of national security and public safety. Under the pretext of implementing new anti-terrorist initiatives, it runs roughshod over the issue of privacy.

Need I emphasize that the private sector's appetite for information is just as great?

It wants to know our names, addresses, purchases, interests and preferences in order to classify, analyze, record and use them in marketing studies, marketing approaches, and to come up with marketable goods. The private sector's lust for our personal information is even more disturbing given that most companies that specialize in collecting this information do not adequately protect it. This information becomes vulnerable to hacking and identity theft.

Bill C-29 that we are examining today concerns the Personal Information Protection and Electronic Documents Act, which establishes the rules governing the collection, use and disclosure of personal information in the private sector, but only in the course of commercial activity

As I mentioned at the start of my speech, the Bloc Québécois will not support this bill, which essentially entails new intrusions into an area of Quebec's jurisdiction. The Bloc Québécois has always clearly indicated that it does not support the federal law, which has been in effect since January 2001. Remaining true to itself and to the interests of Quebeckers, the Bloc will maintain this position.

Mr. Speaker, the closing comments by the minister, when he referred to bites, et cetera, reminded me of a statement made by our colleague from Montmorency yesterday. So much of the government legislation is sound bite legislation, “safeguarding Canadians' personal information act”. It almost as if we had a guard dog on site. The only problem is that the guard dog has a bark like a sheep dog and a bite like a chihuahua. When is the government going to get away from sound bite legislation and actually do something worthwhile?

The minister justifies it all by saying we have an Internet economy that is worth some $62.7 billion and so we will ensure we can grow that. The government is not going to do anything about that at all.

What is going to happen is companies that want to get on the Internet for the purposes of expanding their commerce are going to do so. They are not going to worry about whether the government wants to jaw-jaw its way into this. They are going to take a look at this legislation and say that the member from Montmorency is right, that those guys have a bite and a bark like a chihuahua.

This is especially so after the industry committee has made some recommendations to the minister. With the benefit of those recommendations, he still goes ahead and presents legislation that he himself acknowledges requires further study from the committee and make the kinds of suggestions to improve the bill that he knows he must put in place if this will be acceptable legislation.

All of us are desirous of maintaining our privacy, in keeping what is ours to ourselves, keeping our security safeguarded at all times, to ensure that anything that pertains to our person, our businesses, our interests is released only when we think it is appropriate for our sake, for our interest.

For the government to come forward and say that it will safeguard all of that, except in certain circumstances, does not make safeguarding personal privacy interests very secure. What it does is introduce exceptions to kinds of privacy and security that it claims to be support.

Its sound bite title is, like everything else the government does, smoke and mirrors, deception and manipulation.

One can easily applaud the fact that there are amendments to PIPEDA, the Personal Information Protection and Electronic Documents Act, and notice that there is nothing in that title that sounds like a sound bite that it is actually a factual issue, but the government decides to take this legislation and make it look like it has done something else with it. That might enhance its opportunities to sell itself as something proactive.

It took the government four and a half years to discover that 80% of businesses are on the Internet, that means they have a website, and that 88% of Canadians are Internet savvy, that means they can browse the net. All of these things do not a business make, but they are the fertile ground for businesses interested in making their commerce more time sensitive, more immediate and more global.

Bill C-29 amends PIPEDA to, among other things, permit the disclosure of personal information without the knowledge and consent of the individual who possesses that for certain purposes. Some of the purposes will make sense. It is a little bit like the Trojan horse that gives access to a treasure trove in somebody else's domain.

The first of these does sound as if it makes sense. Number one is for identifying an injured, ill or deceased individual, communicating with their next of kin. There are very few people who would say that is bad.

Second is for performing police services. There are no other qualifiers. There are a lot of people who want to know what that means.

Third is for preventing, detecting or suppressing fraud. Successfully or unsuccessfully? What is the intent? Which organization?

Fourth is for protecting victims of financial abuse. How so? By releasing their information?

Another series of amendments is to permit organizations, any organization, for certain purposes not specifically outlined, to collect, to use, to disclose without the knowledge and consent of the individual, his or her personal information, number one, contained in witness statements related to insurance claims. Whose commercial interests are we looking at there? Second is information produced by the individual in the course of his or her employment, business or profession. That is virtually anything. Everybody in this place is producing information literally on a minute-by-minute basis, but some organization is going to have access to that.

Members might say that in a great, open and transparent environment such as the Parliament of Canada, such as the House of Commons, anybody who is engaged in this ought to so admit. It is something that we might have asked the Minister of Defence, for example, who today talked about the complexity of the procurement process and military hardware acquisition as being a little too complicated for the simple-minded public that wants to find out whether it is transparent and whether it meets the test of value for money, as being a bit of an intrusion and just barely tolerable.

This is hardly accountability. It is hardly transparency and it certainly does not lead to the business of openness, but under PIPEDA, everybody else has to operate that way.

A third set would require organizations to report material breaches of security safeguards to the Privacy Commissioner and to notify certain individuals and organizations of breaches that create a real risk of significant harm. Somebody is going to make a judgment. I will come back to that in a moment.

As I go through this, I ask how we can safeguard Canadians' personal information. I am a consumer like everybody else in this House. As an individual and like many people in this House, excluding all those who serve the House, I am a legislator, and I do not believe that my personal information will be any safer, believe it or not, under the current drafting of Bill C-29.

The Government of Canada prepares a piece of legislation by which I, as a member of Parliament, as a consumer, as a private citizen, just like the Minister of Immigration, who is really listening to this, think that my information is easily protected by some of these measures that have gaping holes, in a legislation that did not exist before. It is going to need a lot of amendments in order for me to feel comfortable.

Why do I focus on me, Mr. Speaker? Just like you, we represent the general public and the general public expects us to feel what they feel, to see what they see, to experience what they live every day. There is not a Canadian out there who is not thinking, “Hold up. Is this legislation really designed to protect my privacy, or are they beginning to insinuate some sort of little loophole for others who are involved in business or whatever, to use to my disadvantage?” There are a lot of them out there already.

It is interesting that this legislation did not have this sound bite title that said, “We are going to go after all the crooks. We know they are out there but they are not being reported. We are going to build jails for them so that when we catch them, if we ever put police on the beat and if we ever sustain the court system enough that they will be able to process all of these accused and alleged criminals, we will actually be able to house them”.

That is not what this is about. If that is the kind of intention they have, I do not see that intention in the legislation. Primary in this kind of assessment relates to the requirement that I mentioned a moment ago to report a “material breach of security safeguards involving personal information under its control” to the Privacy Commissioner. That is what is going to happen. All of this is going to be reported to the Privacy Commissioner.

First, the threshold for determining that requirement for that disclosure is ambiguous. I noted that the minister did not make any effort to be specific to give us an indication of where the intent is. He did not give us any indication of the precision of the language. Not only is it ambiguous; it is confusing, quite frankly. As I said a moment ago, it has more holes in it than a retaining wall that has been breached by an invading army.

Second, there is no enforcement provision included in the bill to ensure that this will be done. When my colleague from Montmorency—Charlevoix—Haute-Côte-Nord says that the sound-bite legislation that the Conservatives put in place is a little bit like a chihuahua barking away and trying to bite, he is right. If there is no enforcement mechanism, what is the purpose of making all of these statements? Who are they playing for fools? Do they really think Canadians do not look, do not listen, do not watch, do not critique?

I took a look at what the bill states and under proposed section 10.1:

(1) An organization shall report to the Commissioner any material breach of security safeguards involving personal information under its control.

It does not tell us how it got there in the first place or whether the organization had the right to get it there. It goes on:

(2) The factors that are relevant to determining whether a breach of security safeguards is material include:

Here is a definition for them, and so when I say it is ambiguous, confusing, wide open, it says, first of all, the “sensitivity of personal information”. Who is the best judge of whether personal information is sufficiently sensitive? Is it going to be the organization? Is it going to be the Privacy Commissioner? Is it going to be the person about whom that information is rendered? The proposed section continues:

(b) The number of individuals whose personal information was involved...

This reminds me of days gone by when priests in a confessional were trying to explain to penitents the significance of lies. One of the penitents said, “Father bless me for I have sinned, but it is no big deal; I just told a lie”.

The priest did not know any other way to get the penitent to understand the severity of that lie and said, “I tell you what. Here is a pillow full of feathers. Go up to the top of the hill. It is rather windy right now. I want you to open that pillow.”

The penitent went to the top of the hill, opened the pillow full of feathers and, behold, the wind blew them all over the place.

The penitent went back to the confessional and said, “Father I did what you asked me to do”.

The priest said, “Good, go pick them all up”.

The penitent said, “I cannot do that. Those things have gone for miles and miles now”.

Members can understand what the priest said then. That is the gravity of personal information about which one spreads lies, but the bill does not say that the person about whom information is being supplied has any control over it. Somebody else is shaking that pillow at the top of the hill. The proposed section continues:

(c) An assessment by the organization that the cause of the breach or a pattern of breaches indicates a systemic problem.

Yes, that will happen. Every organization is willing to beat its chest and say, “Mea culpa, mea culpa, mea maxima culpa”. It is not going to happen. Very few people did it in times when people spoke Latin, and now that English has replaced Latin as the lingua franca, there are even fewer people.

So who makes the determination? Mr. Speaker, I guess you are like me. If it were my personal information that was being breached, I would want to report it to the commissioner. Yet Bill C-29 leaves that decision up to the organization that is supposedly making the report if not, in fact, the breach.

Bill C-29 also states that under proposed subsection 10.2(1), “Unless otherwise prohibited by law,” and look at that loophole:

an organization shall notify an individual of any breach of security safeguards involving the individual’s personal information under the organization’s control if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to the individual.

As the hon. member for Elmwood—Transcona said a few moments ago, so now the Americans, under Bill C-42 that the House had discussed before, can ask any of our domestic airlines, our carriers, to give them every piece of information in their possession, including everything one can name from there on in, everything one has to lay bare when one goes to buy a plane ticket. Bill C-29 essentially says that organization can do all of that.

What is the definition of significant harm under proposed subsection 10.2(2)? It is:

For the purpose of subsection (1), “significant harm” includes bodily harm, humiliation, damage to reputation or relationships, loss of employment, business or professional opportunities, financial loss, identity theft, negative effects on the credit record and damage to or loss of property.

Now one has to prove how significant that was. There are not very many people who are going to be better defenders of one's character and one's interest than oneself.

Real risk of significant harm and the factors that have to be included are those that are relevant to determining whether a breach of security safeguards creates real risk of significant harm to the individuals, and have to include the following. Listen to this. They have to include this:

(a) the sensitivity of the personal information involved in the breach;

Who is making the decision on the sensitivity? Somebody else.

It goes on:

(b) the probability that the personal information has been, is being or will be misused.

I am just thinking of Bill C-42. Any foreign state can ask of a Canadian carrier information that it will say is not going to be a problem and it is not going to do anything nasty with it, so the probability of that personal information being used or misused is practically nil, so it will take it all. Oh, good.

Again, while the conditions are defined, the interpretation is wide open and even includes variables that are impossible to determine. For example, how can an organization assess the probability that the personal information will be misused?

Most critical is that there is no enforcement and there are no penalties if the organization does not disclose a breach. This is untenable.

Other jurisdictions with similar laws have very high penalties for non-prompt disclosure. Let me see. I wonder where those other jurisdictions are.

Well, for example, right here in Canada, under the Alberta Personal Information Protection Act, PIPA, individuals and organizations can be fined up to $10,000 and $100,000 respectively for failing to notify the commissioner of a breach. There is an onus of responsibility. There is none in Bill C-29.

In Florida, which is just down the road, there are penalties of up to $500,000 for similar breaches. I mention Florida especially since our carriers are going to have to reveal everything to the Americans anyway; it is about a three-hour flight from Pearson Airport in Toronto. In Michigan, penalties run up to $750,000. Bill C-29 has no penalty. Why would these jurisdictions, including Alberta, have penalties and not the federal act that the government wants us to believe is the best thing since sliced bread?

moved that Bill C-29, An Act to amend the Personal Information Protection and Electronic Documents Act, be read the second time and referred to a committee.

Mr. Speaker, it is my pleasure to rise in my place today to begin second reading of Bill C-29, the safeguarding Canadians' personal information act.

I would like to thank those following me on Twitter for being so patient. I have been telling them I was going to be rising to speak on this bill for about an hour now. They can rest assured that I am fulfilling my responsibilities as industry minister as I debate this bill.

This bill is about privacy in the digital age and is, therefore, an important element of Canada's emerging digital economy strategy.

Internet technology has brought many benefits and has changed our society in sometimes profound ways. It has made distance irrelevant for many and improved our overall quality of life. It has changed the way we communicate with one another, how we network, how we socialize with another. It has revolutionized our economic models, transforming how businesses, large and small, manage their supply chains and expand their reach. Businesses use the Internet to customize their products and manage relationships with their customers.

However, the digital economy has challenges as well as benefits. The Internet can be used to broaden a company's marketing base and collect a great deal of information. Most of this information is personal, and many would prefer that it remain private. There is basic information such as names, addresses and dates of birth. There is also very personal information about health, criminal records and credit card numbers.

So in the wrong hands any of this information could be used for malicious purposes, such as identity theft or bank fraud. But even when not used for malicious or illegal purposes, the unauthorized revelation of personal information to outside third parties constitutes an invasion of the privacy that most Canadians value highly.

We want to ensure that concerns about privacy and the protection of personal information do not undermine the potential of the digital economy to continue to change our lives for the better. After all, some 80% of Canadians use the Internet and 88% of businesses are online. The total value of online commerce in Canada in 2007 was $62.7 billion. We want to grow that business, and to do so we need to establish an environment of confidence and trust in online transactions.

Currently in this place Bill C-28, the fighting Internet and wireless spam act, is under consideration as well. It would provide a solid foundation for combating spam and various forms of malicious Internet activity. That bill, together with the bill I rise to support today, is part of our agenda for putting Canada at the forefront of the digital economy.

PIPEDA, as it is called, has codified in law a set of privacy principles that had already been well established. The Canadian Standards Association model code for the protection of personal information provides the foundation for privacy protection, no matter what the technology.

The standard was developed through careful consideration among government, industry, consumers and privacy advocates and has been recognized internationally. In fact, international recognition was an important concern when building the PIPEDA regulatory regime.

One of the early tests PIPEDA faced was whether the European Commission would recognize that it provided adequate privacy protection for the purposes of the EU data protection directive. The European Commissioner has recognized PIPEDA's regime. As a result, organizations subject to PIPEDA can receive personal data from EU member states. I point this out as an example of how framework laws such as PIPEDA, our privacy protection legislation, are essential for the competitiveness that we need for the digital economy.

PIPEDA's flexible, principles-based approach has allowed the Privacy Commissioner of Canada to examine challenges to our privacy posed by new technologies that collect and store massive amounts of personal information. We have become international champions of privacy in the age of social media.

PIPEDA is a very effective component of the legislative framework. But a good law can always be made better. Thus, it must be reviewed every five years.

The first such review was completed by the Standing Committee on Access to Information, Privacy and Ethics in May 2007. I want to reiterate the thanks to the committee that were given at that time by my predecessor as industry minister, the current Minister of the Environment.

The committee heard from 67 witnesses and considered 34 submissions from individuals and organizations. The report concluded that PIPEDA does not require major changes at this time, but at the same time it presented 25 recommendations addressing issues raised during review.

In October 2007, the government tabled its response to the report; it dealt with each of the 25 recommendations. Even though no substantive changes are required, our government made a commitment to amend the act in keeping with a number of the report's recommendations. We will also work with stakeholders to ensure that the changes made are as effective as possible.

To guide the government's approach to this commitment, Industry Canada organized more than 25 meetings with stakeholders. It met with businesses, consumer and privacy advocates, Canada's Privacy Commissioner, the provincial governments and enforcement agencies. The department also received 76 written representations in the Canada Gazette after the consultation process.

The bill before us responds to the recommendations of the committee and to what we learned from the Industry Canada consultation. The amendments contained in the bill will further enhance Canada's reputation as a world leader in privacy protection. We will maintain one of the world's most effective regimes for the protection of personal information in the digital age.

The amendments before us can be divided into four broad categories designed to do the following: protect and empower consumers, clarify and streamline rules for business, support effective law enforcement and security investigations and address technical issues.

Let me summarize. First, to protect and empower consumers we have added new provisions to the act and amended existing ones. To protect the privacy of minors online, we have enhanced the consent provisions.

Under the amendments before us, consent is only valid when obtained from an individual who can reasonably be expected to understand the nature and consequences of the transaction or the communication being proposed.

To help deter financial abuse, locate injured, ill or missing persons and to help identify the deceased, the act will be amended to allow for disclosure of personal information to the relevant authorities or the next of kin. Financial organizations, for example, would be able to contact law agencies, friends or family members of individuals who are suspected to be victims or potential victims of financial abuse. This is in response to situations commonly referred to as elder financial abuse.

Even more important, this bill will introduce new requirements. Organizations will have to report significant breaches to the commissioner and notify the people affected when a breach poses a risk of harm.

This is a risk-based approach to providing notifications of privacy breaches. It recognizes that not all breaches pose a risk to consumers. It also recognizes the risk of too many notifications. In fact, consumers might not respond appropriately when a breach poses a real risk. With this approach, the commissioner is informed of the nature and extent of privacy breaches so that she can monitor and defend privacy issues.

The second broad category of amendments will clarify and streamline rules for businesses. We are making these changes in response to calls from business to help clarify their responsibilities under PIPEDA. They will help businesses comply with the law.

These amendments will ensure access to information that is critical to the regular conduct of business. This will facilitate such functions as managing employment relationships and conducting due diligence for business transactions, such as mergers and acquisitions.

The amendments would also allow employers to disclose, as required, professional information, including emails, that their employees produce in the course of their daily activities. The new provisions will facilitate the legitimate activities of the public and private sectors, in the financial sector, for the purposes of investigations and fraud prevention. In accordance with the government's paper burden reduction initiative, these provisions will replace a tedious regulatory process.

The third broad category of amendments will support effective law enforcement and security investigations. These amendments remove barriers to investigations that were unintended by Parliament when PIPEDA was enacted. They will clarify that the act allows organizations to collaborate with law enforcement in situations where there is no warrant.

Amendments will also prohibit organizations from notifying individuals, without prior approval from law enforcement, that the police have requested information about them. This will help prevent the disappearance of suspects and the destruction of evidence.

PIPEDA of course, the current privacy legislation, is a good act. It has put Canada at the forefront of online privacy protection, but we can and we should make a good act even better. The House of Commons Standing Committee on Access to Information, Privacy and Ethics created a road map for us in its report. We are following that route, and with the further help from the advice of the Privacy Commissioner and the many individuals and organizations who have consulted with Industry Canada over the past two years, we will do so.

Taken in a broader context, these amendments are part of a much bigger initiative to put Canada at the forefront of the digital economy. Our economic performance in the 21st century will depend in large part on the trust and confidence Canadians have in online transactions. From the foundation of that trust and confidence, we can build a digital economy that will bring prosperity and quality of life to Canadians for generations to come.

With this in mind, I encourage all hon. members to join me in supporting the bill.

Mr. Speaker, I did want to stand in my place and correct the record.

Earlier today, in answering a question, I neglected to mention the good work of the Minister of State for Western Economic Diversification as a woman serving in this cabinet. As well, the Leader of the Government in the Senate, the hon. Marjory LeBreton, makes a very powerful and substantial contribution to this government.

I am also pleased to report that the four House leaders are working well together. We have got off to a very good start.

Today is an opposition day for the Bloc Québécois and we will continue to debate on that for the rest of the day.

Tomorrow, we will resume debate on second reading of Bill C-46, the Canada-Panama free trade agreement; followed by Bill S-9, the tackling auto theft and property crime legislation.

On Monday and Tuesday we will begin with Bill S-9, on tackling auto theft and property crime; followed by Bill C-46, the Canada-Panama free trade agreement; report stage of Bill C-3, gender equity in Indian registration; Bill C-42, strengthening aviation security; Bill C-29, safeguarding Canadians' personal information; Bill C-30, on the Supreme Court of Canada decision in R v. Shoker; Bill C-41, strengthening military justice in the defence of Canada; and Bill S-2, protecting victims from sex offenders.

On Wednesday we will begin debate on Bill C-49, the preventing human smugglers from abusing Canada's immigration system act. If debate on Bill C-49 concludes, we will continue with the business that I outlined on Monday and Tuesday.

The House leader for the official opposition also requested to know about the second budget bill, for the fall. We have begun debate on that. We have already adopted the ways and means motion, but we certainly will be calling it again before the November Remembrance Day break week for constituents. That is obviously an important piece of legislation that we look forward to having the opportunity to debate in this place.

I also neglected to mention the hard work of another member of the priorities and planning committee, the hon. Minister of Intergovernmental Affairs.

moved for leave to introduce Bill C-29, An Act to amend the Personal Information Protection and Electronic Documents Act.

(Motions deemed adopted, bill read the first time and printed)