Bill C-475 (Historical)

Mr. Speaker, I would simply like to add my comments to those of my leader and say just how sorry I am to hear of Mr. Mandela's passing. He was always a great source of inspiration for me.

I have always been part of Amnesty International and other groups that defend human rights around the world. In fact, that is one of the reasons I decided to become a member of the NDP, because it is the party that does the most to defend human rights.

For me, Nelson Mandela has always been a beacon of light and hope. I would like to thank him for everything he did for us, for people around the world and especially for South Africans.

With that, I will continue on another topic altogether, that of technology. I really want to begin my speech by congratulating my colleague, the hon. member for Terrebonne—Blainville. Like me, she was elected in 2011. She is an extremely intelligent and dynamic young woman who has proven that young women have definitely earned their place in politics. She has really proven her willingness to work hard and listen not only to her constituents, but also to all the stakeholders who have an interest in the field of technology and privacy. She consulted them and listened to them, and today she is introducing her bill, Bill C-475. I really do commend her. We are all very proud of her and we thank her for taking this issue so seriously after it had unfortunately been overlooked for so long.

We now know that this legislation has not been updated since 2000. Obviously, a lot has happened since 2000, including Facebook, Twitter, iPhones and smartphones. Technology has drastically changed over the last 13 years, creating a whole new context. We now have to resolve issues that would never have crossed our minds a few years ago.

We have to realize that a number of problems stem from a lack of legislation. This bill aims to solve problems that were ignored for months or even years. The current free-for-all regarding the distribution of personal information is due, in part, to a lack of political will, as well as a legislative void. That is what makes this bill so important.

We cannot continue to do nothing while technology evolves every day. We cannot keep silent and stand idly by while these problems occur.

In fact, my hon. colleague who spoke earlier will rise again shortly to discuss a crucial issue: the fact that people have lost confidence in the system meant to protect their personal information. They have lost confidence not only in companies, but especially in the government, because it did nothing while things kept getting worse.

That is why it is extremely important to restore the public's trust in technologies, in Parliament and in legislation, so that people feel safe at home. This is our job as parliamentarians. When Canadians do not feel safe, it is up to us to do something. Something needs to be done, and it is our job to do it.

This came up in the many consultations, as my colleague pointed out. Unfortunately, 91% of Canadians said they are extremely concerned or very concerned about privacy. That is almost 100%.

I would really like to know what percentage of members of Parliament are concerned. We are all MPs and as parliamentarians we are concerned about Canadians. However, how do we feel as individuals? I would like to do a little survey here and have people tell us honestly whether they are concerned about whether their information is being protected.

For example, seven in ten Canadians reported feeling that they have less protection of their personal information than they did 10 years ago. It is time to ensure that Canadians are and feel safe. This is about feeling safe. We cannot let this situation get worse.

The content of this bill did not come from the NDP alone. It came from the Privacy Commissioner, Internet law experts, consumer protection groups and Canadian citizens, who are, of course, our primary concern. I think it came out of the 2012 study of social media and privacy by the Standing Committee on Access to Information, Privacy and Ethics.

Parliament has acknowledged this. People came to testify. This bill is not just a partisan NDP initiative. It means something to all Canadians and will enable organizations, lawyers and the Privacy Commissioner to protect Canadians.

There is no reason the Conservatives should refuse to support this bill. The NDP is not alone in going after the Conservatives about this. Canadians, lawyers and the commissioner want this too. How many people have to tell the government to do something before it actually does something?

This is about giving Canada's Privacy Commissioner the power to enforce the law. That is very important. We know that commissioners have an extremely important role to play in analyzing not only the government's actions but everything that has to do with access to information. Giving the commissioner the power to enforce the law will simply strengthen the essential role she plays in identifying problems and telling Parliament which initiatives should be taken.

I would just like to close by saying that our colleague in the House is speaking on behalf of Canadians and Quebeckers who are worried as well as all stakeholders who are worried and who all say that we need to act now to protect Canadians' information and privacy.

I would like to thank my colleague from Terrebonne—Blainville for her work and for conveying the wishes of Canadians and stakeholders to the House.

Mr. Speaker, I have a great crowd behind me, because this is a really important bill. There is such a great response. I really want to thank my colleague from Terrebonne—Blainville for working on this important piece of legislation. She deserves congratulations for a lot of reasons. It is a great piece of legislation.

My colleague was elected in 2011. She is proof positive than an individual MP can advocate for constituents, give a caucus important advice in a critic role, represent NDP values in a critic area, and make concrete legislative suggestions to the House. The fact that we have such a good piece of legislation before us speaks volumes about her ability to make a difference here in Parliament.

The former CEO of Google, Eric Schmidt, said that as of 2010, we create more information in just two days than was ever created up to and including 2003. That is an incredible statistic. It is massive. We create about 2,000 years' worth of information every couple of days. That is just one way of measuring how the digital world we live in today is different even compared to just 10 years ago.

Change is happening quickly when it comes to technology, innovation, and information sharing. It is increasingly an issue for Canadians, because in the last 10 years, with the growth of the digital economy, social media, and Internet access, greater amounts of personal data are shared. They are collected, used, and disclosed.

This bill identifies a problem. The problem is that our privacy laws are not built for a digital age when we create and share so much personal information.

PIPEDA was adopted in 2000. I remember it quite well, because I was a law student, starting in 2001, and we talked about what the implications would be for the groups, organizations, and communities we worked with. At that time, there were almost no social networking sites, microblogging sites, or video-sharing sites. Tumblr and YouTube did not exist, and there was no such thing as Facebook. I remember the first time I ever googled something, and it certainly was not a verb at that time.

Now over 18 million Canadians have a Facebook account, including many of us here in the House. A lot of us use this form of social networking. That number of 18 million Canadians is more than half of Canada's population, which is incredible.

Can anyone remember a time when they could not YouTube a viral video or find an old friend on Facebook? It was a completely different world 10 years ago. Now we are light years ahead of where we were in 2000.

What we are talking about here would transform the digital world in Canada. It is the type of change that affects Canadians on a huge scale. As Canadians, we are incredibly connected. We are the second-greatest Internet users in the world. More than 80% of us access the Internet regularly. Approximately 70% of us think that our personal data is less secure and less protected than it was 10 years ago, and 97% of Canadians would like to know when their personal information has been exposed because of a data breach.

It is worth noting these statistics, because most Canadians agree with the goals of this bill. It is absolutely unthinkable that we would expose so many Canadians to risks to their online privacy, especially when many people are aware of and concerned about these risks.

We need to update our privacy laws to recognize these changes and keep up with them; otherwise, we risk leaving Canadians unprotected. Canadians have moved on from 2001. It is time that our privacy protection laws moved on as well.

I would like to stress the importance of taking advantage of the opportunity this bill presents. We know that the Conservatives presented a privacy bill, Bill C-12, that came out of the 2006-2007 review of PIPEDA. However, it has been languishing on the order paper since 2011. That is far too long. Not one but two PIPEDA reviews are overdue.

We need privacy protection for the 21st century, but we also need it in the 21st century. Bill C-475 responds to these pressing challenges for protecting our privacy in a new digital age.

In a May 2013 review of PIPEDA, the Office of the Privacy Commissioner of Canada identified pressure points where PIPEDA needed to be changed. The first two of these pressure points, and arguably the most important ones, are addressed in Bill C-475.

The first pressure point identified in the report was enforcement. The report points to the fact that under PIPEDA the Privacy Commissioner is limited to the role of an administrative investigator, and that while she may seek resolution through negotiation, persuasion, and mediation, she actually has no enforcement powers.

The report says:

The days of soft recommendations with few consequences for non-compliance are no longer effective in a rapidly changing environment where privacy risks are on the rise. It is time to put in place financial incentives to ensure that organizations accept greater responsibility for putting appropriate protections in place from the start, and sanctions in the event that they do not. Without such measures, the Privacy Commissioner will have limited ability to ensure that organizations are appropriately protecting personal information in the age of Big Data.

Bill C-475 answers this recommendation in giving enforcement powers to the Privacy Commissioner to order organizations to comply with privacy legislation and to fine them if they refuse to take action within an established time period.

The second pressure point in the Privacy Commissioner's report was to “shine a light on privacy breaches”. It recommended that PIPEDA should:

require organizations to report breaches of personal information to the Commissioner and to notify affected individuals, where warranted, so that appropriate mitigation measures can be taken in a timely manner.

This is really common sense. First of all, we want to know when our personal information has been put at risk. As I said before, 97% of Canadians agree that they want to know when there has been a breach in their privacy. The harm that comes from these breaches can include identity theft, financial loss, negative credit ratings, and even physical harm. We should be aware that we have been exposed to a higher level of these risks when our privacy has been breached.

I will wrap up by saying that the Privacy Commissioner stressed that too often the rights of individuals are displaced by organizations' business needs and that it is becoming increasingly clear that the balance between these rights and needs is no longer there.

I would like the House to know that New Democrats are not stuck in the past. We recognize the imbalance, and with the bill we will take the first steps to make sure to protect the interests of businesses and consumers in the new digital age.

Mr. Speaker, in dealing with Bill C-475, it is important for us to recognize that there are some concerns that should and could be easily addressed by allowing the bill to be sent to committee. I would argue that there is a significant advantage if we allow that to take place. The simple reason is that there is a need for more debate. When we go into committee, different stakeholders will be able to get more of the facts on the record. When we talked about the Privacy Commissioner and the additional workload there, I can respect that. We want to hear what the facts are. We do not want to make it overly awkward, costly, and just not practical in some cases. With Bill C-475, we have an opportunity to move forward.

Members will remember earlier this year when literally thousands of student records were released. There was a huge concern all over the country. There were student loan records that were found to have been misplaced or had fallen into the wrong hands. We know that many people were directly affected by it. The government, somewhat kicking and screaming, had to acknowledge its role in not being forthright in releasing that information.

I believe there is some merit to the bill. When we take into consideration the concern that Canadians have as a whole related to the issue of personal information and wanting to see government doing more, I do not see what we have to lose by allowing the bill to be sent to committee.

I chose to stand up for two reasons. One was to emphasize the point that we should allow the bill to be sent to committee. At the same time, as I indicated at the beginning of my remarks, I wanted to get on the record the passing of a great man, Nelson Mandela. I am sure there will be more formal positions taken by many dignitaries around the world in recognition of this iconic world figure.

With those few words, I am prepared to leave it at that, in the hope that we will see the bill succeed and be sent to committee where we can hear the thoughts of different stakeholders as to what we could be doing to ensure that we are protecting the personal information that people have entrusted to either the government or the private sector. We need to do more. This bill will not necessarily answer all of the problems, but it will at least provide a venue for us to make some changes that could improve our current system.

Mr. Speaker, it is a pleasure to rise, but before I provide comment on Bill C-475, as other members have, I just want to reflect on Nelson Mandela, who is now deceased at age 95.

The world has lost a great leader. Many would argue he was one of the greatest leaders we have seen in the last hundred-plus years. Nelson Mandela served as the president of South Africa between 1994 and 1999. We think about where he came from. He went to jail back in 1962, which happened to be the year I was born. Then in 1990, 28 years later, he was released only because of international pressure from around the world in recognizing Mr. Mandela. He came from that situation to ultimately becoming the president of South Africa and everything that happened in between, such as his significant role in abolishing apartheid.

We have lost a world leader today, an inspiration not to millions but ultimately to billions over the years. It is most tragic. I give my personal very best to all who have been affected.

Dealing with Bill C-475, it is important for us to recognize a few things. First and foremost, the issue of personal information is on the top of many minds. The idea of identity theft is prevalent. We know it is a very serious issue. It happens on a daily basis. Just recently we were talking about cyberbullying, as an example. The technology is out there, and the criminal element is causing a great deal of discomfort for a lot of people in dealing with personal information.

The public as a whole does not believe that the government is doing enough to protect privacy, and the public is watching. This is why I found the previous speaker's comments interesting as he started to outline some of the costs and concerns that he has with regard to Bill C-475—

Mr. Speaker, I have had many occasions in my years in Parliament to speak in this House, but never at such an auspicious time. Oh my gosh, when I hear that Nelson Mandela just passed away, I want to share a personal experience, if I might.

My family used in live in South Africa, and much of it still does. They are white South Africans, and they lived there through Nelson Mandela's rise to power. He could have been many things, but he was a great humanitarian. He was forgiving when many might not have been. He was compassionate and understanding when others might not have been. As I make my other comments, they almost seem subdued compared to the very real experience of Nelson Mandela's impact on the world. Others will say things more articulately than I, but I will say that if the world could be measured by the quality of what Nelson Mandela brought to humanity, this would be a much better world.

I will speak now to Bill C-475 and its impact on organizations and the public. Of course, I am referring to Canada's private sector privacy law, the Personal Information Protection and Electronic Documents Act, otherwise known as PIPEDA, which the bill looks to amend.

PIPEDA was developed with an important objective in mind, and that is balance. The act is designed to balance an individual's right to privacy with an organization's need to collect, use, or disclose personal information for legitimate business purposes.

I was president of a large company in London, Ontario, when PIPEDA was first introduced. For those who do not know, that is the tenth-largest city in Canada. I would say we invested considerable funds, as did corporations across Canada, to ensure compliance and to do the right thing, because a corporation must be measured in terms of being honourable and doing the right thing. The costs associated with PIPEDA then and now are very real and ongoing, but in a corporation's business it is important to comply, for the sake of the public, which is what we are talking about in terms of this legislation today.

When PIPEDA was first introduced, the government stated that in order for Canada to become a leader in the knowledge-based economy and in electronic commerce, consumers and businesses had to be comfortable with new technologies and the impact that these technologies would have on their lives. I believe that policy objective still stands. However, in order to maintain that important balance in PIPEDA, we must consider the burden imposed by the proposed requirements of this act and always weigh that burden against the corresponding benefit to society.

We all agree that requiring organizations to report certain data breaches is necessary. Data breaches can pose a serious threat to the protection of our personal information and to the security of organizations and individuals. Reporting certain data breaches publicly would allow individuals to protect themselves, and it would also encourage better data security practices by organizations. That is laudable, yet it must said that there are ways to achieve these goals without creating an undue burden on organizations and the Privacy Commissioner.

Data breach notification has the potential to be cost-prohibitive while not providing the kind of information the public requires. For example, in the United States, where this process is tracked closely, the average cost to an organization of a single notification is estimated at $188 per record, and when this figure is multiplied by the number of those potentially affected, any data breach notification could result in substantial cost to companies that must deal with that breach. Based on this data, the total average cost of a data breach to an organization is approximately $5.4 million.

As most states have mandatory reporting of data breaches, there are hundreds of breaches reported every year. According to the Privacy Rights Clearinghouse, an organization that tracks this, there were 592 breaches reported by the private sector in the United States last year. These incidents involved the information of more than 11 million individuals. That number is extraordinary. As organizations south of the border are required to notify so often, notification fatigue among the public can be a serious result.

When notification processes become simply a matter of sending out a form letter to individuals, there is always a deep concern that these letters become increasingly perceived by recipients as junk mail. We have learned from the experience of other jurisdictions. That is why this government believes the best approach to notification is one based on risk, where notification should be required only for those breaches that represent the potential for significant harm to individuals. In this way, consumers would only receive notifications when necessary and would accord them the attention they deserve, instead of seeing these messages as unwanted spam. What we are talking about here is modernization, not overhaul, as proposed Bill C-475 suggests.

The Privacy Commissioner has been a strong advocate for data breach notification. I would like to point out, however, that even she has not asked to be informed of all breaches, nor has she asked for the responsibility to determine the need for notification of when there is a breach. In fact, in her paper on the reform of PIPEDA published earlier this year, the commissioner proposed that organizations be required to report breaches “where warranted”. This suggests that the commissioner understands the burden of overnotification and supports an approach that would minimize that burden. That is modernization, not overhaul.

Unfortunately, this is not the approach taken in Bill C-475. The bill would require organizations to report to the Privacy Commissioner every data breach posing a possible risk of harm. The average organization is risk-averse, and will err on the side of caution. I know that from my own business experience. As a result, it is likely that all breaches would be reported under these circumstances, undoubtedly resulting in notification fatigue among consumers. Under Bill C-475, the commissioner would have to assess each incident reported to her and determine whether it poses an appreciable risk of harm, warranting notification to individuals. This would impose a financial and administrative burden on the commissioner's office and would likely limit its ability to deal with other complaints under the act.

In the province of Alberta, where the data breach reporting has been in place for two years, the office of the Alberta privacy commissioner has estimated that the average time to process a reported breach and determine whether notification is required is 76 days. In the case of more complex data breaches, this could be much longer. This indicates that the risk assessment process is complex, difficult, and ultimately costly.

My colleague, the hon. member for Terrebonne—Blainville, has provided us with much to consider, including some statistics on data breach incidencts. According to my hon. friend, there are 18 privacy breaches every year for every publicly traded company in Canada. We know there are over 3,000 companies traded on the Canadian-based stock exchanges. That would amount to a minimum of 54,000 data breach incidents every year. Given the number of days to assess a single data breach incident, it does not serve the public interest to process each of these 50,000 incidents each year.

Let us remember that the intent is to provide Canadians with timely information about a breach of their personal information so that they can take steps to avoid fraud, identity theft, and misuse of their personal information. I sense the intent of my colleague opposite, but it is not clear to me that my hon. friend has fully considered the administrative and resource implications of dumping this requirement on the Privacy Commissioner's office, and whether it is in the public interest of Canadians to receive so many notifications.

The government is committed to an approach that would require the organization experiencing a breach to conduct the risk assessment based on the sensitivity of the data and the probability that they have been or will be misused. The organization is in the best position to quickly assess the circumstances surrounding a breach of its security safeguards and to determine the risks involved. The government believes that organizations should notify the commissioner and affected individuals of certain breaches, those posing a real risk of significant harm. This allows the commissioner to retain oversight of how organizations are handling the process of risk assessment and notifications to individuals. The commissioner would have the option of initiating an investigation if it were believed that notification did not occur when it was required.

In closing, with appropriate oversight and guidance by the Privacy Commissioner of Canada, the responsibility for determining risk and the need for the notification of individuals should ultimately rest with the organization. I hope I have clarified for members the benefits of a more balanced approach to data breach notification. Again, it is modernization, not overhaul.

I hope colleagues will agree that the approach taken by Bill C-475 would impose unnecessary costs and has the real risk to potentially undermine the primary objective for data breach notification, which is that of providing timely information to individuals when there is truly a risk of harm.

Mr. Speaker, I am pleased to rise in the House to speak to Bill C-475, An Act to amend the Personal Information Protection and Electronic Documents Act (order-making power), which I will refer to as PIPEDA, to make things easier.

I want to begin by putting this bill into context. From May to December 2012, the Standing Committee on Access to Information, Privacy and Ethics conducted a study on social media and privacy. Numerous witnesses testified as part of that study, including Internet and privacy experts, privacy commissioners, community groups and others.

Those witnesses raised the point that more and more information is being gathered and used for business and marketing purposes. In fact, businesses collect this information, use it and share it without the consent of the individuals concerned, which is in violation of PIPEDA.

Given the concerns raised in committee by the many experts from various fields, the wonderful member for Terrebonne—Blainville introduced Bill C-475 in the House in order to try to respond to those concerns and observations from the community and strengthen the bill in question.

I would add that Bill C-475 is attempting to amend an act that has not been reviewed since 2000. Allow me to digress. I may belong to the last generation that can claim to remember the first day when a computer came into the house. This computer was not in colour and the screen was black and yellow and square-shaped, with blurry graphics.

I remember the first time I typed my homework on a keyboard. I was typing with two fingers and this was very time-consuming. I kept hitting the on/off button with my toe. I would always lose my work because there was no autosave feature for documents at that time. In short, I have a whole lot of memories that I might be able to share with my children and grandchildren one day.

In the meantime, I will point out that it is completely absurd that a privacy act has not been reviewed since 2000. I think I do not need to say more on that subject. It is high time we made changes to this act.

First, Bill C-475, which amends an act that needs to be updated, grants powers of enforcement to the Privacy Commissioner of Canada. Moreover, the commissioner herself emphasized that she wished to have these powers when she appeared before the committee. In other countries and in certain Canadian provinces, the law provides for measures that give more powers to the commissioner. However, this is not the case for Canada. We hope this will change soon.

Who is the commissioner and what powers does she have exactly? This is a good question, and it has to be answered before we say her powers must be increased. I will take the definition used by the Canadian Internet Policy and Public Interest Clinic of the Faculty of Law at the University of Ottawa, which describes the commissioner as follows:

The Privacy Commissioner of Canada acts as an ombudsman who investigates complaints and negotiates solutions.... While the Commissioner does not have the authority to order an organization to change their personal information policies or procedures she may make public any information relating to the personal information management practices of an organization.

That summarizes the commissioner's existing powers. Bill C-475 would enhance those powers.

The commissioner recommends that organizations that refuse to implement the measures she suggests be required to abide by the law and comply with deadlines set by the commissioner, and even be liable to a fine in cases of non-compliance.

The commissioner therefore needs a little more power over Internet-based offenders.

Bill C-475's second goal is mandatory reporting of all data breaches that could harm the individuals concerned. I do not need to go into detail about how the Internet is changing quickly and how now, young and old alike are putting more and more information out there. Things are changing quickly, and we have to ensure that we can keep up with it all, understand it and regulate it.

Companies collect, sell and share this information. Part of the solution is educating people and raising awareness about the kind of information they disclose on the Internet. Still, it makes sense that people should know what is being done with their information because, after all, that information can be very valuable to the companies that can use it. That is not a bad thing in and of itself, but there should be rules for using that information.

People who create a Facebook account are asked to supply quite a lot of information. They are not the ones who decide they want that information to show up on their Facebook page. No, there is a whole form to fill out that includes their year of birth, where they live, their address, favourite movies, favourite music and much more. That is just Facebook. I use Facebook because I am not very well-versed in using other technologies. I joined Twitter just a few months ago because my colleagues and assistants pressured me to. Things are going well so far, but there are still some concerns.

A closer look at the details of this bill, at what can and cannot be done, at the powers that the Canadian commissioner has compared to commissioners in other provinces and other countries, gives us reason for concern.

Perhaps I am a little paranoid when it come to technology, but when a window appears with a little red x, I am afraid to even click on it. I wonder if that will even close the window that just appeared without me wanting it to, or if I will be clicking on a link that will give information to some company, or what have you. You know what I mean. It is hard to know what we can even trust anymore. It is not only what I decide to disclose myself, but it goes much further in terms of what information can be collected, whether we like it or not. Information can even be collected without us knowing.

It is therefore high time that we took action to update the Privacy Act.

It is this government's responsibility to move forward on this, and quickly. Things are changing fast, and we need to take a first step. This bill might not solve everything, of course, but it does address some of the concerns expressed by experts and by the commissioner herself in the parliamentary committee's examination. I really hope the government will bring forward something like this. It would be the least it could do.

In closing, I would like to point out that the Union des consommateurs believes that the implementation of the principles proposed by the NDP, through their private member's bill amending the Personal Information Protection and Electronic Documents Act, constitutes a real advancement to better protect the privacy of consumers.

I would also like to commend the enthusiasm of my NDP colleague from Terrebonne—Blainville and congratulate her. She has demonstrated her competence in managing this file for our party. She has remained very open and co-operative, and has been extremely innovative and dynamic in her collaboration with stakeholders from all walks of life in this file. She has introduced a very important bill, and I hope that we can continue for the well-being of current and future generations, in order to bring in extraordinary technologies, which can sometimes cause us some concern.

Mr. Speaker, I wish to present a petition signed by many of my constituents. The petitioners are calling on all members of the House of Commons to support Bill C-475.

They are very worried about the fact that the Personal Information Protection and Electronic Documents Act has not been updated since 2000.

Given that technology has changed dramatically since then, the legislation no longer adequately protects Canadians against the risks that are present in the digital age.

Mr. Speaker, I am happy to respond to comments made by the hon. member for Terrebonne—Blainville regarding Bell Canada's new privacy policies.

The privacy of Canadians is of utmost importance and our government places high priority on protecting their personal information. Canada has strong privacy protections in place and these protections work for the digital age.

In fact, the privacy rules already contained in the Personal Information Protection and Electronic Documents Act, PIPEDA, address the inappropriate and indiscriminate collection of personal information by businesses. Companies cannot simply siphon information and decide to do whatever they want with it. They cannot force their customer to turn over personal information that has nothing to do with the product or services they are providing. They cannot sell information about their customer to whomever they want.

PIPEDA empowers individuals by giving them control over what can be done with their information. It also gives the Privacy Commissioner the power to ensure companies are following the rules, and this is exactly what happens now.

The Privacy Commissioner has already confirmed that she has launched an investigation into Bell Canada's proposed activities. Any Canadian who believes their privacy has been violated should raise these concerns with the commissioner.

I fail to understand why the opposition does not share my trust and confidence in the commissioner's ability to conduct a thorough and fair investigation. Instead, the opposition seems intent on using the situation for political gain and to advance a flawed and incomplete bill.

Our government is prepared to take action to protect the privacy of minors. Bill C-475 is silent on this.

Our government is prepared to make companies accountable for breaches to private data under their control. Bill C-475 would bury the commissioner in paper.

Updates to PIPEDA must provide meaningful improvement to the protection of individual privacy, while encouraging the growth of secure and trustworthy modern commerce. Bill C-475 does no such thing.

Mr. Speaker, Canadians and Quebeckers are becoming more and more concerned about their privacy, but the Conservatives seem less and less committed to updating our privacy laws.

My Bill C-475 addresses Canadians' concerns by bringing the Personal Information Protection and Electronic Documents Act into the digital age with reasonable, balanced measures that have been supported by a number of experts, consumer protection groups and businesses. Unfortunately, the Conservatives continue to oppose my bill for no reason.

For example, the Conservatives say that I did not do enough consultation before I introduced Bill C-475. However, while the bill was being drafted, I held dozens of consultations with experts, academics, consumer protection groups and businesses subject to the PIPEDA.

Furthermore, Bill C-475 is the result of recommendations made by several witnesses at the Standing Committee on Access to Information, Privacy and Ethics, during the parliamentary study on social media and privacy.

In short, I consulted all of the major Canadian companies affected by this bill, the foremost experts in Canada, as well as the organizations most involved in consumer protection and civil rights protection.

The Conservatives are saying that Bill C-475 does not fall within the PIPEDA framework. In fact, Bill C-475 simply increases the commissioner's powers if an organization does not comply with the law and decides not to follow the commissioner's orders. It can function perfectly well within the PIPEDA framework.

In addition, the Conservatives are wondering why the fines apply only to organizations that do not follow the commissioner's orders. That is precisely the strong point of my bill. It is very balanced and does not try to further burden businesses. Simply put, if an organization amends its practices that do not comply with the law, it will not have to pay a fine.

We are now in the age of big data. Personal data is found all over the Web and they are priceless. We need to ensure that they are protected. With the age of big data came the rise of Internet megacorporations. According to the Privacy Commissioner, it is increasingly difficult to ensure compliance with the PIPEDA and compel companies to honour it.

The measures contained in Bill C-475 will encourage companies to adequately protect the privacy of Canadians, because if they do not, there will be real consequences. If the government really wants to protect consumers, as it promised to do in the throne speech, it must make a serious commitment to privacy.

Bill C-475 builds on this commitment to consumers by creating a greater incentive for companies to respect our Canadian privacy legislation.

It is high time that the Conservatives take the protection of privacy seriously. It is time they respond to the concerns of Canadians and support Bill C-475 instead of defending themselves with baseless counter-arguments and spreading scurrilous allegations about this initiative.

Mr. Speaker, I have the honour today to present a petition signed by people in my riding in support of Bill C-475 to modernize the Personal Information Protection and Electronic Documents Act so that it better protects Canadians in the digital age.

Mr. Speaker, he completely failed to address the issue raised by my colleague. Bell is going to keep tabs on its customers and the government is going to just sit back and watch. This is a major failure for a party that just gave a so-called pro-consumer throne speech.

This type of spying must stop. There are simple and practical solutions to this problem, solutions that are found in the NDP's Bill C-475.

Will the Conservatives support Bell keeping tabs on its customers or will they support my bill?

Mr. Speaker, I am very honoured to rise today to speak to Bill C-475, which I will support at second reading.

First, I would like to speak to the work ethic of my colleague from Terrebonne—Blainville when it comes to digital issues. As the digital issues critic, my colleague has done a lot of work on a policy to better protect our personal information on the Internet. I appreciate the work she has done.

My colleague held a number of public consultations, which is important to note with this bill, since it has been well received by the public. If there is one thing that is very important and that the NDP puts a lot of emphasis on, it is public consultation. I know that most of my colleagues have held their own consultations in recent weeks and months on several issues that affect the Canadian public.

Digital issues, and privacy in particular, are extremely important issues that affect all Canadians. Later on in my speech I will talk about what the people of Alfred-Pellan, in Laval, have told me. It shows a good work ethic to consult the public, and we can create excellent bills that reflect what the public wants.

It is sad to see that, unfortunately, the federal government is not consulting the public about digital issues and our privacy. This issue is very topical and we must take it seriously. That is why public consultation is so important.

Bill C-475 would create modern protections for an issue for which it is extremely difficult to set parameters. I think that Bill C-475 achieves a very important objective: improving protections on the Internet.

The Privacy Commissioner has called for measures to be implemented on many occasions. My colleague from Terrebonne—Blainville included them in Bill C-475.

Therefore, we can say that we are listening to consumers. In fact, the Union des consommateurs supports this bill. I believe that it is very important to point that out. We have to crack down on Internet fraud and abuse. It is really important.

A little earlier, I heard a Conservative member on the other side of the House say that they are on the right track when it comes to protecting consumers and people's privacy on the Internet. Unfortunately, I doubt it. I will not give the Conservatives free reign, especially when it comes to consumer protection. Unfortunately, their record to this point strongly suggests otherwise.

We have a golden opportunity to have all parties in the House, no matter their political affiliation, work together to protect the privacy of Canadians, to all come together to work on a bill that I believe is extremely well researched.

Most people might think that the protection of privacy is assured and that we have a great deal of protection, especially when navigating the Internet. Unfortunately, that is not the case. There are no guidelines and we do not take action against the big companies that will take advantage of the system in order to use our personal information.

In that regard, I would like to talk about a few things that happened to us in Laval this past summer. I went door-to-door a great deal this summer in order to find out about the concerns of the constituents of Alfred-Pellan in Laval. Many issues were discussed during my visits. We talked about this earlier today. Many people talked to me about the Senate and abolishing it, and they told me that it will be a good thing when the NDP government abolishes the Senate in 2015.

People also talked to me about the bill introduced by my colleague from Terrebonne—Blainville. In fact, they raised questions about what we were doing to improve people's safety on the Internet. I found that extremely interesting and we had some good discussions about that.

I talked to a young man who is in a relationship and who just bought a house. He was very interested in our policies on Internet protection and not just consumer protection. He was extremely pleased to see that the NDP had a substantive bill on the subject.

During the summer, like many of my colleagues probably, I toured a number of old age homes. People were very happy to see us. We talked about protecting personal information. That is something that is very important to our seniors because, unlike a young woman like myself, they have not been immersed in all things Internet and social media since they were young. Many people do not have access to that and it is all new to them. These are things they have to learn. It can be hard for them to understand. I can see how it might be hard for them to use social networks and to cope with the fast pace of the Internet.

Often seniors tell me that they tend to be trusting and give out their personal information. Unfortunately, there are cases in my riding of people who have lost money and are being harassed because they gave out their personal information somewhere. They suddenly receive information they did not ask for from all sorts of people. It is upsetting to them.

These people were extremely concerned about protecting their information. I talked about this bill with them and they were glad to see that there is a party in the House of Commons that wants to review the rules and cares about their safety and protecting their personal information.

I think it is important that we reach out to them in this case because they are the ones who are affected the most.

My colleague from Chambly—Borduas talked a lot about seniors. I will not elaborate on that, but I will say that we must include them in this process.

As the hon. members for Chambly—Borduas and Terrebonne—Blainville said, the federal government has a responsibility to set parameters without necessarily being too tough. At some point enough is enough. There are ways to go about this that we need to oversee. The government has a responsibility and it must step up to the plate.

I studied what this bill contains in more detail because it addresses so many items. I found that it changed some very interesting things.

I saw that Bill C-475 granted, for example, powers of enforcement to the Privacy Commissioner of Canada, which is extremely important.

As I mentioned at the beginning of my speech, the Commissioner called for many changes and measures that we are dealing with right now. Any organizations that refuse to implement these measures within a timeframe set by the Commissioner would risk a fine of up to $500,000, according to a Federal Court decision.

At this time, there are no fines for a company or anyone who abuses on our social networks or the Internet. Putting these guidelines in place today prove that we are serious and we take privacy protection seriously.

There is also the fact that Bill C-475 would make it mandatory to report any data breaches that could harm the people involved.

I believe that this is another important item that we should pay special attention to.

I see that I am almost out of time, so I would like to list the stakeholders that have given us their support. As I mentioned at the beginning of my speech, the hon. member for Terrebonne—Blainville found during consultations that the Union des consommateurs supports our position. Aubrey LeBlanc, president of the Consumers Council of Canada, has come out in support of our position, as has Steve Anderson, executive director at OpenMedia. The National Association for Information Destruction Canada and the University of Ottawa's Canadian Internet Policy and Public Interest Clinic also agree with our position.

The list goes on and on. I believe that proves, as I said earlier, that we need to work together, tackle this problem, put partisanship aside for once, make the right decisions and support Canadians.