This bill was last introduced in the 41st Parliament, 1st Session, which ended in September 2013.
Christian Paradis Conservative
Second reading (House), as of Sept. 29, 2011
(This bill did not become law.)
This is from the published bill. The Library of Parliament often publishes better independent summaries.
This enactment amends the Personal Information Protection and Electronic Documents Act to, among other things,
(a) exclude, in certain circumstances, business contact information from the application of Part 1 of that Act;
(b) specify the elements of valid consent for the collection, use or disclosure of personal information;
(c) permit the disclosure of personal information without the knowledge or consent of the individual for the purposes of
(i) identifying an injured, ill or deceased individual and communicating with their next of kin,
(ii) performing police services,
(iii) preventing, detecting or suppressing fraud, or
(iv) protecting victims of financial abuse;
(d) clarify the meaning of lawful authority for the purpose of disclosures to government institutions of personal information without the knowledge or consent of the individual;
(e) permit organizations, for certain purposes, to collect, use and disclose, without the knowledge or consent of the individual, personal information
(i) contained in witness statements related to insurance claims, or
(ii) produced by the individual in the course of their employment, business or profession;
(f) permit organizations, for certain purposes, to use and disclose, without the knowledge or consent of the individual, personal information related to prospective or completed business transactions;
(g) permit federal works, undertakings and businesses to collect, use and disclose personal information without the knowledge or consent of the individual to establish, manage or terminate employment relationships;
(h) provide a framework for organizations to notify individuals proactively about disclosures of their personal information made in certain circumstances to government institutions; and
(i) require organizations to report material breaches of security safeguards to the Privacy Commissioner and to notify certain individuals and organizations of breaches that create a real risk of significant harm.
All sorts of information on this bill is available at LEGISinfo, an excellent resource from the Library of Parliament. You can also read the full text of the bill.
Charmaine Borg NDP Terrebonne—Blainville, QC
Mr. Speaker, although the Conservatives have decided to scrap their horrible Bill C-30 on Internet snooping, we wonder if they will manage to plant their controversial measures in another bill.
Bill C-12 contains hidden measures that would allow the government to obtain personal information without judicial oversight.
If the Conservatives are really serious about abandoning their Internet snooping bill, then why did they not withdraw Bill C-12 as well?
Business of the HouseOral Questions
February 14th, 2013 / 3:10 p.m.
See
context
York—Simcoe Ontario
Conservative
Peter Van Loan ConservativeLeader of the Government in the House of Commons
Mr. Speaker, I welcome the implicit offer of assistance from the House Leader of the Official Opposition.
I look forward to discussions with him later on the possibility of moving forward both Senate reform and Bill C-12 on a unanimous consent basis straight to committee. I would be happy to do that with him.
This afternoon we will continue debating the Liberal opposition day motion. Tomorrow we will hopefully finish second reading of Bill C-48, the Technical Tax Amendments Act, 2012, a measure supported by all three parties. After that we will turn to third reading of Bill C-42, the Enhancing Royal Canadian Mounted Police Accountability Act; third reading of Bill S-7, the Combating Terrorism Act; and second reading of Bill S-12, the Incorporation by Reference in Regulations Act.
When we return from our constituency week on Monday, February 25, we will start second reading of Bill C-55, the Response to the Supreme Court of Canada Decision in R. v. Tse Act. This bill needs to be passed by mid-April before the Supreme Court ruling takes effect, which would render the important powers available to police ineffective.
After Bill C-55, we will consider Friday's unfinished business.
Tuesday, February 26, shall be the fifth allotted day, which will go to the Official Opposition, and it will therefore choose the subject of debate.
On Wednesday and Thursday, we will continue debating the bills I have already listed.
Additionally, Bill C-47, Northern Jobs and Growth Act, was reported back from committee yesterday, and I anticipate Bill S-9, Nuclear Terrorism Act, will be reported back soon. So we could also call these bills at report stage and third reading, if we have extra time next week.
Finally, on Friday, March 1, the House will start the second reading debate on Bill C-54, Not Criminally Responsible Reform Act. The Prime Minister announced this bill last week as part of our efforts to ensure we have a justice system that puts the rights of victims first.
Nathan Cullen NDP Skeena—Bulkley Valley, BC
Mr. Speaker, I rise here today to ask the hon. Leader of the Government in the House of Commons what his government plans to debate for the rest of the week and when we return after the constituency week.
Although we continue to debate a variety of bills that the government has included on the calendar and we continue to debate opposition motions, it is not always easy to really understand what the government is planning—unless of course it does not have a clear plan.
One thing that is clear from dealing with the government is that it does not seem to be much about action but all about talk.
I remember their introduction, with great fanfare, of Bill C-12, An Act to amend the Personal Information Protection and Electronic Documents Act, which would be quite useful to those who have potentially had their identity exposed to theft. It was introduced September 29, 2011, 493 days ago and has yet to be debated.
Then there is the infamous Bill C-7, Senate Reform Act, which the government claims to all who will listen that it cannot get it through Parliament. It has been 358 days since we have had an opportunity to debate that.
Who cannot forget Bill C-32, Civil Marriage of Non-residents Act, which the government refuses to bring forward for debate and a free and fair democratic vote in the House.
I wonder if all of these are going the way of the infamous Bill C-30, the Internet snooping bill, which the Minister of Public Safety so infamously torpedoed with his comments. It was left to die on the order paper.
Can the Leader of the Government in the House of Commons tell me what his plans are for the remainder of this week as well as the next? Does the government have anything representing an agenda whatsoever?
December 11th, 2012 / 5 p.m.
See
context
Privacy Commissioner of Canada, Office of the Privacy Commissioner of Canada
Thank you for the question.
I haven't looked at the size of data breach fines, which are for something different from simply not obeying the law on consent when sharing personal information.
My remarks on the size of the EU fines were that they relate to whether you respect the law or generally do not, whether there was a data breach, and whether it happened because basically you weren't investing in security. We've seen that time and time again.
I believe that Industry Canada, which drew up the legislation, is best placed to look at what would be appropriate fines. My only point here—and I didn't come here prepared to talk about it, but the question was raised—is that we need some kind of appropriate sanction. How big that is, I can't answer, but I don't think we should go ahead with that part of Bill C-12 at this point, if Bill C-12 lags so far behind the world standard.
December 11th, 2012 / 4:25 p.m.
See
context
NDP
Charmaine Borg NDP Terrebonne—Blainville, QC
Thank you very much, Mr. Chair.
Ms. Stoddart, thank you for joining us today.
After hearing all the testimony, I'm happy to hear your comments now. Differing opinions have been voiced. We have even heard opinions of international scope. That has really been useful to us.
You recently stated in the media that the Bill C-12 provisions on data breaches did not sufficiently protect Canadians' personal information. You even said that, under those circumstances, you could not fully support this bill.
Could you tell me what amendments should be made to the bill to adequately protect Canadians' personal information?
Mike Lake Conservative Edmonton—Mill Woods—Beaumont, AB
Mr. Speaker, the government did have this legislation before the House when the member's party forced an election about a year and a half ago.
This government has already taken steps to address the serious privacy concerns of Canadians. Notably, we have introduced amendments to the Personal Information, Protection and Electronic Documents Act contained in Bill C-12 that would empower and protect consumers by requiring organizations to inform the Privacy Commissioner and individuals when their personal information has been disclosed as a result of a data breach. These amendments would also clarify and streamline rules for business.
Protecting privacy is good for Canadians, good for business and it fosters trust and confidence in the online marketplace.
I trust I can count on the opposition member's support of Bill C-12.
Charmaine Borg NDP Terrebonne—Blainville, QC
Mr. Speaker, Conservative members keep promising us that they will modernize the legislation, except we have been hearing the same thing for seven years.
Bill C-12 has been on the order paper twice since I asked my question, but we have not debated it. Is it truly a priority of this government, or will they continue to say that amendments are coming? Canadians are tired of waiting. They want their information to be protected and these amendments to become law.
Will the government truly move forward with Bill C-12 or will it continue to make promises?
PrivacyAdjournment Proceedings
December 5th, 2012 / 7:40 p.m.
See
context
Edmonton—Mill Woods—Beaumont Alberta
Conservative
Mike Lake ConservativeParliamentary Secretary to the Minister of Industry
Mr. Speaker, I am happy to respond to comments made earlier by the hon. member about Canadian privacy laws.
The government takes the privacy of Canadians very seriously. The Personal Information Protection and Electronic Documents Act, or PIPEDA, is Canada's private sector privacy law. It is a good piece of legislation and has stood the test of time. However, some tweaks are needed. To that end, we have introduced amendments to PIPEDA. The amendments, which are contained in Bill C-12, will introduce new requirements for organizations to report data breaches to the Privacy Commissioner of Canada and to notify affected individuals when the breaches are deemed to pose a significant risk of harm, such as identity theft or fraud.
However, that is not all. These amendments will further protect the personal information of minors, by requiring organizations to consider the ability of their target audience to comprehend the consequences of sharing their personal information.
Bill C-12 is currently at second reading and, once done, will be headed to committee. I hope we can count on the support of opposition members in ushering in these important amendments to update Canada's private sector privacy law.
I would also like to add that there will be an opportunity to update PIPEDA during the second parliamentary review. While the timing of the review has yet to be determined, I can assure the opposition member that the committee undertaking the review will have an opportunity to examine the legislation, call witnesses and to consider making further amendments.
As I stated earlier, the privacy of Canadians is a matter that the government takes very seriously. I hope we can count on support from all members, including the member opposite, on the passage of Bill C-12.
Charmaine Borg NDP Terrebonne—Blainville, QC
Mr. Speaker, on September 25, I rose in the House to share Canadians' concerns about the protection of their personal information online. I also asked the government what it was going to do about this and whether it would finally update Canadian laws in order to protect Canadians' personal information online. Canadians have cause for concern about the protection of their personal information. The Privacy Commissioner published a report showing that many popular websites that we use every day are leaking personal information, which is very worrisome.
The Standing Committee on Access to Information, Privacy and Ethics is currently examining these issues and is finding that there are many problems and potential risks. Meanwhile, the Conservatives are stuck in the stone age. They are not modernizing our laws in order to ensure that those laws remain relevant given the existing digital reality and new risks.
The Personal Information Protection and Electronic Documents Act is supposed to be reviewed every five years. Unfortunately, we have still not been able to pass the first revision. Bill C-12 is seven years late, and that is very worrisome. We are also late in dealing with Canada's anti-spam legislation. The regulations have still not been implemented, despite the fact that we have been waiting for years for this to happen.
Meanwhile, things are changing. In the digital age, everything moves very quickly. We must be proactive in order to protect personal information and keep up with the digital age, rather than being left behind. When I asked my question, the Parliamentary Secretary to the Minister of Industry said:
“The government introduced Bill C-12, which is an important tool for ensuring a stronger digital economy”.
As I have already pointed out, Bill C-12 is seven years behind. It is already time for another review, which we are supposed to do every five years according to the act. Unfortunately, we are not yet there. The government keeps putting off the review on personal information protection.
While the government is dragging its feet, businesses have no obligation to issue warnings about compromised data. Furthermore, major websites continue to disclose personal information. I repeat: will the government join the 21st century and modernize laws to protect our personal information online?
November 20th, 2012 / 4:45 p.m.
See
context
President and Chief Executive Officer, Information Technology Association of Canada
I think when the original PIPEDA was passed by the legislature, we did go on record as part of the industry sector that agreed with the overall position of full disclosure on any of the major issues or breaches that came up.
Now, in Bill C-12 they are looking at an amendment. We haven't quite gone through all of them, but it does require further dialogue with the Privacy Commissioner as well as the industry body. That's really where it is.
We haven't done any more on Bill C-12 at this stage.
November 20th, 2012 / 4:45 p.m.
See
context
NDP
Charlie Angus NDP Timmins—James Bay, ON
Thank you, Mr. Chair.
This has been a fascinating discussion. I think one of the issues that we are trying to grapple with is the effect of risk if privacy is breached. This is a serious issue. We can develop as much as we want, but the risks to citizens are much higher now than they've ever been because of the ease of access.
I'm concerned about two areas. One is in terms of fraud. Scams such as the 419 scam can track people now. They can find information. They can tailor their pitch to you in an e-mail or on Facebook based on specific points of data that would not have been possible before. We're not going to know about their ability to catch people because many people who are caught up in a fraud are just too embarrassed to come forward. This is happening all the time, and it's happening because it's not the good players who are breaching data, but other people who are breaching data.
Mr. Gupta, given the seriousness of this, we're seeing that under Bill C-12, private companies should only need to report privacy breaches if it proves significant harm. That's a pretty high test. Don't you think that given what's out there, the Privacy Commissioner should be deciding whether a breach is something to be reported?
Business of the HouseOral Questions
October 25th, 2012 / 3:20 p.m.
See
context
York—Simcoe Ontario
Conservative
Peter Van Loan ConservativeLeader of the Government in the House of Commons
Mr. Speaker, I did want to be in accord with the official opposition and NDP House leader. However, my disappointment was that before we started debate on Bill C-45, what we first encountered was a delay tactic in the form of a concurrence motion brought by the Liberal Party. Indeed, that was very disappointing to us and a surprise because Bill C-45 is important. It is the government's top legislative priority for this fall. All parties know that. He is quite right that I did want to see it debated in substance in the House rather than see those kinds of tactics to avoid debate.
Bill C-45's measures will further Canada's economic recovery and ensure the foundation for more good-quality jobs on top of the over 820,000 net new jobs we have already had. It includes an extension of the highly successful small business hiring credit that is directly helping Canadian entrepreneurs create new jobs.
Unfortunately, we have seen the NDP take an anti-job creation position. Believe it or not, the NDP finance critic actually dismissed the hiring credit as yet again another across-the-board cut for small businesses.
We want to see taxes lowered. We do not want to see higher taxes or an NDP carbon tax. That is why we have a budget bill that keeps those taxes low.
I am pleased to say that we will be voting on C-45 on Tuesday night at second reading, which will give us the opportunity to send it to the finance committee for consideration. The parliamentary secretary for finance has made it clear that she will ask the finance committee to ask, I believe, 10 other committees to study elements of the bill and potentially make recommendations with respect to changes or adopt its contents. The opposition and government members are free to make amendments at committee based on their own study as well as on the studies of those other committees. Therefore, there will be ample study of the bill and that is good for all.
Bill C-45 will continue to be debated this afternoon, tomorrow, Monday, and Tuesday. As I said, the vote on the bill will take place on Tuesday evening.
On Wednesday, we will take up report stage—and, hopefully, third reading—of Bill C-28, the Financial Literacy Leader Act. Should we be able to make quick work of that debate, the House will take up Bill C-12, the Safeguarding Canadians' Personal Information Act, at second reading.
On Thursday morning, the House will consider second reading of Bill S-2, the Family Homes on Reserves and Matrimonial Interests or Rights Act. And, after question period, we will turn to Bill S-8, the Safe Drinking Water for First Nations Act, also at second reading.
Finally, on Friday, we will start report stage of Bill C-24, the Canada–Panama Economic Growth and Prosperity Act. This bill would implement our free trade agreement with the Republic of Panama—an agreement whose time has long come. In fact, when I was the public safety minister, I was honoured to be present when the Prime Minister concluded negotiations in Panama City, some 38 months ago.
October 18th, 2012 / 4:25 p.m.
See
context
Executive Director and General Counsel , Public Interest Advocacy Centre
For the time being, the answer is yes, according to the commissioner's guidelines.
Bill C-12 also provides for that, but it has not become law yet.
October 18th, 2012 / 3:30 p.m.
See
context
John Lawford Executive Director and General Counsel , Public Interest Advocacy Centre
Thank you, Mr. Chair.
I am here alone. Janet Lo, my co-counsel, sends her regrets. She's in a lock-up for CRTC on Bell-Astral.
The Public Interest Advocacy Centre is a non-profit organization that provides legal and research services on behalf of consumer interests, and in particular vulnerable consumer interests, concerning the provision of important public services. We have been deeply involved with the Personal Information Protection and Electronic Documents Act, PIPEDA, from a consumer perspective since its passage. We have published several recent reports: one on children's privacy online, one on a do-not-track list, and one on data breaches.
I've given the clerk a copy of references to those and summaries.
We're here today to talk about the immediate future of privacy. It is largely to be defined by services such as social networks. But social networks provide challenges to our concept of personal information and the commercial interests that are involved with that.
PIAC recently brought a complaint to the Office of the Privacy Commissioner of Canada under PIPEDA against Nexopia.com Inc., a social network based in Alberta and largely aimed at a teen audience. This real-life example illustrates the challenges of dealing with privacy and social networks, and unfortunately the inadequacies of PIPEDA to deal with improper privacy practices, even those where the improprieties involve children and teens.
PIAC alleged that Nexopia provided no comprehensible descriptions of the collection, use, and disclosure of the personal information of their largely underage users. We said that the company did not adequately detail its disclosure of information to advertisers, nor did it adequately detail how it used this information to serve up targeted teen ads. We complained that the default settings for personal information like gender, age, location, and pictures were open to the Internet—that is, not even closed to members of the site—and that this was unreasonable and even dangerous for the young users of the site. Finally, we noted that Nexopia appeared to keep personal information forever, even if an account were deleted.
The Privacy Commissioner upheld all our complaints. That was February 2012, some two years after we filed it.
Regarding default settings, the Privacy Commissioner wrote, in part:
We do not consider making portions of a user's profile available to anyone on the Internet to be consistent with users' reasonable expectations, particularly when a user has clearly indicated his or her preference to share information on a more limited basis.
However, Nexopia has said to the Privacy Commissioner that they will not implement the four recommendations related to retention of data. The Privacy Commissioner has had to go to Federal Court to enforce her findings. Why?
First, the Privacy Commissioner has no order-making power. She has no fining power. Social networks that judge privacy findings too inconvenient or expensive, it appears, can continue to operate in a privacy-violating manner.
Second, the refusal reveals the real nature of social networks: they are financed by personal information. Asking a social network to destroy data appears to them like removing an asset from the balance sheet.
The Privacy Commissioner's trip to Federal Court will show if business purposes or the personal privacy of individuals is paramount under PIPEDA. However, the larger issue for you at this committee is how to help design laws to avoid this type of conflict from arising in the first place, particularly in the fast-moving social networking and online space.
Now I'll move to Bill C-12 and breach notification.
LinkedIn and eHarmony suffered large data breaches this spring. Social networks are now major targets of hackers, and there is a risk of exposure of personal information that is not intended for general viewing from these websites. This is in addition to the leaking of personal information from websites noted by the Privacy Commissioner at the end of September in a recent study.
Bill C-12 is intended to amend PIPEDA to provide for data breach notification. However, it does not succeed. It allows the company suffering the breach to make the determination of whether the breach is material enough to even report to the Privacy Commissioner. Part of that determination is an assessment, again made by the company of itself, of whether the cause of the breach or a pattern of breaches indicates a systemic problem.
It's extremely unlikely, in our view, that any company, but particularly a social network that trades in data, will declare that it has a systemic problem with data breaches and data handling that leads to breaches.
Bill C-12 is asking companies to declare that they, in effect, are negligent. As a result, we confidently predict that under Bill C-12 a social network or other online company will almost never notify the Privacy Commissioner of a breach that has not otherwise been made public. Companies are expected to determine whether to report data breaches directly to the consumers as well. They must determine if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to the individual.
First, this threshold is very high. It's higher than U.S. state law requirements and it's unrealistic. It's difficult to predict how personal information will be misused.
Secondly, Bill C-12 ignores the blindingly obvious incentive for companies to find no such risk to individuals and avoid notification and its cost. As a result, we confidently predict that under Bill C-12, social networks and other online media companies will almost never notify individuals of a breach that has not otherwise been made public.
There is another model in Canada for data breach laws: the Alberta Personal Information Protection Act. In Alberta, all breaches must be reported to the Privacy Commissioner of Alberta, on pain of fines. The Alberta Privacy Commissioner then determines if the breach is serious enough to notify individuals on a test of potential for any harm.
PIAC studied public attitudes to data breach notification in focus groups in 2011. Overwhelmingly, participants preferred the Alberta-type model to leaving companies to make this decision. We urge this committee to express these concerns about breach notification under Bill C-12 in its report.
I will turn now to privacy policies. Social network privacy policies are “take it or leave it” contracts. The burden of determining what is done with personal information is borne by the user. Yet social networks regularly rely on the consent of users to justify practices and point to the use of the site as the equivalent of consent to the entire privacy policy.
It's PIAC's view that this legal fiction is in fact used in place of informed consent in many social networks. Users simply do not read all the policy, and if they do, they do not understand it. Why is this? This is because major social networks define “personal information” in confusing ways, and none of them define it in the way it is defined in PIPEDA.
Many define personal information as personally identifiable information, which, as you recognize, is a U.S. legal concept. Recently, many larger websites have dropped any definition at all of personal information, only to give examples of treatment of certain data elements like gender or age. The clerk also has a copy, which should have been distributed to you, of wording of privacy policies that we're talking about.
This non-definition of personal information matters because users reading the privacy policy are not able to understand their real rights under PIPEDA in order to launch a complaint or to bring the company into compliance or even to contact the company.
The Privacy Commissioner appeared before this committee and stated that social networking sites do not do a sufficient job of explaining their use of personal information. She said she doubts in these situations that the social networking site has real consent. We think the Privacy Commissioner is right. But the complaint mechanism under PIPEDA is very poor enforcement. She needs order-making and fining power.
PIAC suggests, however, that given the challenges of big data collection by social networking and other online businesses, this committee go further and consider a full enforcement framework such as that for the do-not-call list for companies flouting Canadian privacy law.
I'm going to close with some forward-thinking ideas on social networking and privacy.
First of all, there are many related entities dealing with personal information created at social networking sites in order to monetize that information through advertising and other methods. This committee should study these relationships and consider rules for revealing related parties in personal information trafficking akin to those rules in securities law to bring increased transparency to data flows in social networking sites and marketing companies.
Secondly, the committee should consider a national do-not-track list.
Thirdly, the committee should study the nexus between privacy and competition law, and whether the Competition Bureau actually has a role to play in addressing privacy concerns and where a merger or other practice can reduce competition. For many online markets, competition for eyeballs depends on the currency of personal information or the value of big data.
PIAC thanks the committee for this opportunity to speak. We are happy to answer questions
in both English and French.
Thank you.
Business of the HouseOral Questions
October 18th, 2012 / 3:15 p.m.
See
context
York—Simcoe Ontario
Conservative
Peter Van Loan ConservativeLeader of the Government in the House of Commons
Mr. Speaker, just to clarify, I would have been quite happy to have consented to the motion had the member not included in it a provision for an additional opposition day. Had the member decided to conclude that NDP was prepared, since its subject for today was food safety, to make the balance of the day the debate on Bill S-11 and then have it proceed to committee, we would have been quite delighted to consent.
In terms of his suggestions on the budget bill, I am looking forward to meeting with him and discussing with him what opportunities might exist there further.
Earlier today, the Minister of Finance introduced Bill C-45, the Jobs and Growth Act, 2012.
This important piece of legislation will bolster Canada’s economy and help improve communities with initiatives that build a strong economy and create jobs, support families and communities, promote clean energy and enhance neutrality of the tax system, and respect taxpayers’ dollars.
We will start second reading debate of Bill C-45 on Wednesday—once honourable members have had a chance to review the bill and discuss it at next week’s caucus meetings. The debate will continue on Thursday and Friday.
I genuinely hope all members will take advantage of the budget bill study week that is available to review the valuable measures that are set out as the second half of our legislative arm of our comprehensive economic action plan 2012. One highlight of the study week will be a briefing arranged by the minister for all hon. members on Monday evening. I hope many MPs can attend, and certainly more than the paltry attendance of opposition members that appeared this spring for the briefing on Bill C-38.
I look forward to a vigorous policy debate on the economy and not on procedural games.
I turn now to the business of the House leading up to Wednesday.
This afternoon we will see the conclusion of the NDP's opposition day. Regrettably, I was personally disappointed that the official opposition did not answer my call last week to lay out the details of its $21.5 billion carbon tax and how it would raise the price of gas, groceries and electricity. Though, I was encouraged that this week in question period the New Democrats actually did acknowledge the subject and raised it.
Tomorrow and Monday will see us resume second reading of Bill S-7, the combating terrorism act. I understand we should finish that debate sometime on Monday, at which that time we will then turn to Bill C-15, the strengthening military justice in the defence of Canada act; Bill S-2, the family homes on reserves and matrimonial interests or rights act; and Bill S-8, the safe drinking water for first nations act.
On Tuesday, we will debate the second reading of Bill S-11, the safe food for Canadians act, unless we find some other approach that would allow us to move on a more urgent basis. Since we did not get unanimous consent to move it forward quickly, we are hopeful there will be some other approach that can be agreed upon to move quickly with it. We hope that if we do debate it that day, we will be able to deal with it quickly and then spend the balance of that day debating Bill C-15 and Bill C-12, the safeguarding Canadians' personal information act.