Bill C-475 (Historical)

Order. Could hon. members come to order, please? The hon. member for Winnipeg North has the floor, and I would ask all hon. members to refrain from causing a disruption in the chamber.

The hon. member for Winnipeg North.

Mr. Speaker, in dealing with Bill C-475, it is important for us to recognize that there are some concerns that should and could be easily addressed by allowing the bill to be sent to committee. I would argue that there is a significant advantage if we allow that to take place. The simple reason is that there is a need for more debate. When we go into committee, different stakeholders will be able to get more of the facts on the record. When we talked about the Privacy Commissioner and the additional workload there, I can respect that. We want to hear what the facts are. We do not want to make it overly awkward, costly, and just not practical in some cases. With Bill C-475, we have an opportunity to move forward.

Members will remember earlier this year when literally thousands of student records were released. There was a huge concern all over the country. There were student loan records that were found to have been misplaced or had fallen into the wrong hands. We know that many people were directly affected by it. The government, somewhat kicking and screaming, had to acknowledge its role in not being forthright in releasing that information.

I believe there is some merit to the bill. When we take into consideration the concern that Canadians have as a whole related to the issue of personal information and wanting to see government doing more, I do not see what we have to lose by allowing the bill to be sent to committee.

I chose to stand up for two reasons. One was to emphasize the point that we should allow the bill to be sent to committee. At the same time, as I indicated at the beginning of my remarks, I wanted to get on the record the passing of a great man, Nelson Mandela. I am sure there will be more formal positions taken by many dignitaries around the world in recognition of this iconic world figure.

With those few words, I am prepared to leave it at that, in the hope that we will see the bill succeed and be sent to committee where we can hear the thoughts of different stakeholders as to what we could be doing to ensure that we are protecting the personal information that people have entrusted to either the government or the private sector. We need to do more. This bill will not necessarily answer all of the problems, but it will at least provide a venue for us to make some changes that could improve our current system.

Mr. Speaker, I see that there has been a huge reaction to Nelson Mandela's death. I was saddened to hear the news. He unfortunately passed away after a long and full life.

I want to take this opportunity to say that the fight against apartheid was a great source of pride for Canadians. We could be very proud of our government, which was a leader in this battle. By making Mr. Mandela an honorary citizen, we paid tribute to him and to the great figures from this country who sought to defend and promote human rights.

I know that there will be more elaborate tributes, so I will speak to the wonderful bill introduced by my colleague from Terrebonne—Blainville. I think it is wonderful because I admire that my colleague is looking to innovate, to get us caught up and to anticipate some very serious problems related to the major changes society is experiencing so rapidly.

I want to read the first part of section 10.01:

For the purposes of this section and section 10.02, “harm” includes bodily harm, humiliation, embarrassment, injury to reputation or relationships, loss of employment, business or professional opportunities, financial loss, identity theft, identity fraud, negative effects on credit rating and damage to or loss of property.

I read that section because I think it is important to understand that our world has changed considerably and has done so very quickly.

I have already mentioned in this House that I used to be an archivist. I therefore understand the importance and value of information, especially when it is nominative information. I worked in this field for a long time, and my job would have eventually included applying the principles associated with the protection of personal information. I would have done it as a professional, but the organization I belonged to as an archivist would have also fully applied these principles.

I am not that old, but I graduated quite a while ago, in the early 1990s. At that time, our tools were far more limited. The emergence of computers began to change things, but the possibilities were much more limited than they are today.

I also had the privilege to read notarial deeds from the first half of the nineteenth century. To give some background, many parents passed on a parcel of land to their descendants. More often than not, the heir was their son. They would place a clause in the deed requesting support from their son as the new owner of the land, because social programs did not exist at that time.

Since that time so long ago, our society has changed so much that we now totally depend on exchanging money to live. Things were different 150 or 200 years ago, when we could depend on the strength of our arms, the bounty of our land and our ability to obtain almost everything we needed without spending a single cent.

There has been a profound change over the last 15 or 20 years. The electronic means with which we carry out our transactions have not only become commonplace, but are also extensively used by all generations.

The Internet and the numerous sites that facilitate transactions and offer new ways to trade and barter create new opportunities. This is like the wild west. Anything is possible, both good things and, unfortunately, abuses by dishonest individuals. It is really deplorable that the government would neglect Canadians and contemplate spying on them through legislation such as Bill C-30. Instead, the government should have taken into consideration these new tools and imposed a requirement to take precautions and report incidents resulting from the loss, theft or unintentional or negligent transmission of sensitive data. In the case of lost or stolen sensitive data, the technology is now so quick that in just a few hours these sensitive data can be used to commit fraud or abuse or to damage someone's reputation. It can be used widely, to the detriment of the aggrieved individual. The hon. member for Terrebonne—Blainville is taking a particularly important, crucial and laudable initiative to the great shame of the government, which should have done this itself.

Since the government was not taking action, the official opposition put forward a proposal and one of its brightest members proposed a solution widely supported by the testimony of leading experts. There are many of them. It is a great pleasure for me to put things in perspective and, more importantly, to call on the government to take a serious look at this bill in committee, because this is an opportunity that we cannot afford to miss. The Governments of Alberta and Quebec are already ahead of the federal government and have plugged some holes. If the federal government does not follow suit and correct the flaws that exist in the legislation, millions of people could potentially become victims. We are aware of the burden that having to comply with the act could represent for organizations. However, the potential harm can be so costly that I am convinced the impact and external costs of the government's negligence would ultimately exceed the costs that may be incurred to comply with the bill introduced by the hon. member for Terrebonne—Blainville.

Again I congratulate my colleague for her initiative. I wish her well and I thank her on behalf of my constituents in Beauport—Limoilou.

Mr. Speaker, I have a great crowd behind me, because this is a really important bill. There is such a great response. I really want to thank my colleague from Terrebonne—Blainville for working on this important piece of legislation. She deserves congratulations for a lot of reasons. It is a great piece of legislation.

My colleague was elected in 2011. She is proof positive than an individual MP can advocate for constituents, give a caucus important advice in a critic role, represent NDP values in a critic area, and make concrete legislative suggestions to the House. The fact that we have such a good piece of legislation before us speaks volumes about her ability to make a difference here in Parliament.

The former CEO of Google, Eric Schmidt, said that as of 2010, we create more information in just two days than was ever created up to and including 2003. That is an incredible statistic. It is massive. We create about 2,000 years' worth of information every couple of days. That is just one way of measuring how the digital world we live in today is different even compared to just 10 years ago.

Change is happening quickly when it comes to technology, innovation, and information sharing. It is increasingly an issue for Canadians, because in the last 10 years, with the growth of the digital economy, social media, and Internet access, greater amounts of personal data are shared. They are collected, used, and disclosed.

This bill identifies a problem. The problem is that our privacy laws are not built for a digital age when we create and share so much personal information.

PIPEDA was adopted in 2000. I remember it quite well, because I was a law student, starting in 2001, and we talked about what the implications would be for the groups, organizations, and communities we worked with. At that time, there were almost no social networking sites, microblogging sites, or video-sharing sites. Tumblr and YouTube did not exist, and there was no such thing as Facebook. I remember the first time I ever googled something, and it certainly was not a verb at that time.

Now over 18 million Canadians have a Facebook account, including many of us here in the House. A lot of us use this form of social networking. That number of 18 million Canadians is more than half of Canada's population, which is incredible.

Can anyone remember a time when they could not YouTube a viral video or find an old friend on Facebook? It was a completely different world 10 years ago. Now we are light years ahead of where we were in 2000.

What we are talking about here would transform the digital world in Canada. It is the type of change that affects Canadians on a huge scale. As Canadians, we are incredibly connected. We are the second-greatest Internet users in the world. More than 80% of us access the Internet regularly. Approximately 70% of us think that our personal data is less secure and less protected than it was 10 years ago, and 97% of Canadians would like to know when their personal information has been exposed because of a data breach.

It is worth noting these statistics, because most Canadians agree with the goals of this bill. It is absolutely unthinkable that we would expose so many Canadians to risks to their online privacy, especially when many people are aware of and concerned about these risks.

We need to update our privacy laws to recognize these changes and keep up with them; otherwise, we risk leaving Canadians unprotected. Canadians have moved on from 2001. It is time that our privacy protection laws moved on as well.

I would like to stress the importance of taking advantage of the opportunity this bill presents. We know that the Conservatives presented a privacy bill, Bill C-12, that came out of the 2006-2007 review of PIPEDA. However, it has been languishing on the order paper since 2011. That is far too long. Not one but two PIPEDA reviews are overdue.

We need privacy protection for the 21st century, but we also need it in the 21st century. Bill C-475 responds to these pressing challenges for protecting our privacy in a new digital age.

In a May 2013 review of PIPEDA, the Office of the Privacy Commissioner of Canada identified pressure points where PIPEDA needed to be changed. The first two of these pressure points, and arguably the most important ones, are addressed in Bill C-475.

The first pressure point identified in the report was enforcement. The report points to the fact that under PIPEDA the Privacy Commissioner is limited to the role of an administrative investigator, and that while she may seek resolution through negotiation, persuasion, and mediation, she actually has no enforcement powers.

The report says:

The days of soft recommendations with few consequences for non-compliance are no longer effective in a rapidly changing environment where privacy risks are on the rise. It is time to put in place financial incentives to ensure that organizations accept greater responsibility for putting appropriate protections in place from the start, and sanctions in the event that they do not. Without such measures, the Privacy Commissioner will have limited ability to ensure that organizations are appropriately protecting personal information in the age of Big Data.

Bill C-475 answers this recommendation in giving enforcement powers to the Privacy Commissioner to order organizations to comply with privacy legislation and to fine them if they refuse to take action within an established time period.

The second pressure point in the Privacy Commissioner's report was to “shine a light on privacy breaches”. It recommended that PIPEDA should:

require organizations to report breaches of personal information to the Commissioner and to notify affected individuals, where warranted, so that appropriate mitigation measures can be taken in a timely manner.

This is really common sense. First of all, we want to know when our personal information has been put at risk. As I said before, 97% of Canadians agree that they want to know when there has been a breach in their privacy. The harm that comes from these breaches can include identity theft, financial loss, negative credit ratings, and even physical harm. We should be aware that we have been exposed to a higher level of these risks when our privacy has been breached.

I will wrap up by saying that the Privacy Commissioner stressed that too often the rights of individuals are displaced by organizations' business needs and that it is becoming increasingly clear that the balance between these rights and needs is no longer there.

I would like the House to know that New Democrats are not stuck in the past. We recognize the imbalance, and with the bill we will take the first steps to make sure to protect the interests of businesses and consumers in the new digital age.

Order. I understand the government House leader is rising on a point of order.

Mr. Speaker, I would simply like to add my comments to those of my leader and say just how sorry I am to hear of Mr. Mandela's passing. He was always a great source of inspiration for me.

I have always been part of Amnesty International and other groups that defend human rights around the world. In fact, that is one of the reasons I decided to become a member of the NDP, because it is the party that does the most to defend human rights.

For me, Nelson Mandela has always been a beacon of light and hope. I would like to thank him for everything he did for us, for people around the world and especially for South Africans.

With that, I will continue on another topic altogether, that of technology. I really want to begin my speech by congratulating my colleague, the hon. member for Terrebonne—Blainville. Like me, she was elected in 2011. She is an extremely intelligent and dynamic young woman who has proven that young women have definitely earned their place in politics. She has really proven her willingness to work hard and listen not only to her constituents, but also to all the stakeholders who have an interest in the field of technology and privacy. She consulted them and listened to them, and today she is introducing her bill, Bill C-475. I really do commend her. We are all very proud of her and we thank her for taking this issue so seriously after it had unfortunately been overlooked for so long.

We now know that this legislation has not been updated since 2000. Obviously, a lot has happened since 2000, including Facebook, Twitter, iPhones and smartphones. Technology has drastically changed over the last 13 years, creating a whole new context. We now have to resolve issues that would never have crossed our minds a few years ago.

We have to realize that a number of problems stem from a lack of legislation. This bill aims to solve problems that were ignored for months or even years. The current free-for-all regarding the distribution of personal information is due, in part, to a lack of political will, as well as a legislative void. That is what makes this bill so important.

We cannot continue to do nothing while technology evolves every day. We cannot keep silent and stand idly by while these problems occur.

In fact, my hon. colleague who spoke earlier will rise again shortly to discuss a crucial issue: the fact that people have lost confidence in the system meant to protect their personal information. They have lost confidence not only in companies, but especially in the government, because it did nothing while things kept getting worse.

That is why it is extremely important to restore the public's trust in technologies, in Parliament and in legislation, so that people feel safe at home. This is our job as parliamentarians. When Canadians do not feel safe, it is up to us to do something. Something needs to be done, and it is our job to do it.

This came up in the many consultations, as my colleague pointed out. Unfortunately, 91% of Canadians said they are extremely concerned or very concerned about privacy. That is almost 100%.

I would really like to know what percentage of members of Parliament are concerned. We are all MPs and as parliamentarians we are concerned about Canadians. However, how do we feel as individuals? I would like to do a little survey here and have people tell us honestly whether they are concerned about whether their information is being protected.

For example, seven in ten Canadians reported feeling that they have less protection of their personal information than they did 10 years ago. It is time to ensure that Canadians are and feel safe. This is about feeling safe. We cannot let this situation get worse.

The content of this bill did not come from the NDP alone. It came from the Privacy Commissioner, Internet law experts, consumer protection groups and Canadian citizens, who are, of course, our primary concern. I think it came out of the 2012 study of social media and privacy by the Standing Committee on Access to Information, Privacy and Ethics.

Parliament has acknowledged this. People came to testify. This bill is not just a partisan NDP initiative. It means something to all Canadians and will enable organizations, lawyers and the Privacy Commissioner to protect Canadians.

There is no reason the Conservatives should refuse to support this bill. The NDP is not alone in going after the Conservatives about this. Canadians, lawyers and the commissioner want this too. How many people have to tell the government to do something before it actually does something?

This is about giving Canada's Privacy Commissioner the power to enforce the law. That is very important. We know that commissioners have an extremely important role to play in analyzing not only the government's actions but everything that has to do with access to information. Giving the commissioner the power to enforce the law will simply strengthen the essential role she plays in identifying problems and telling Parliament which initiatives should be taken.

I would just like to close by saying that our colleague in the House is speaking on behalf of Canadians and Quebeckers who are worried as well as all stakeholders who are worried and who all say that we need to act now to protect Canadians' information and privacy.

I would like to thank my colleague from Terrebonne—Blainville for her work and for conveying the wishes of Canadians and stakeholders to the House.

Mr. Speaker, it is not easy to speak after hearing the wonderful statements made by the Prime Minister, our leader and the member for Mount Royal. I would like to add my voice to theirs by saying that I am truly saddened by the death of Nelson Mandela. Today we lost a great man and a great symbol of hope.

Despite this, I will still speak to my bill. I am very pleased to close the debate today, although I would like to—and could—talk about it for years and years.

I want to thank all the members who contributed to this debate. Unfortunately, I have to point out that the Conservatives made several erroneous statements that undermined the real debate on Bill C-475. I want to go back to some of those statements today to set the record straight.

The government said it was committed to updating the Personal Information Protection and Electronic Documents Act. Unfortunately, the government did not even respect the provision of the act requiring a review of this legislation every five years to update it. This review should have been conducted two years ago. Moreover, the legislative amendments made during the first review in 2006-07, have yet to been implemented. The government is therefore not committed to updating the act.

It is shameful that the government is refusing to vote in favour of Bill C-475 and then has the gall to say it is concerned about Canadians' privacy.

As for the concerns about consultations and the provisions in Bill C-475, I would like to point out that we consulted 11 major companies and business organizations that would be affected by the bill and 15 consumer groups and rights and freedoms advocacy organizations from five provinces, including Alberta, British Columbia, Ontario and Quebec. We also consulted 15 of the most well-known and important academics in the domain and we heard from approximately 40 experts who shared their opinions about the implementation of the Personal Information Protection and Electronic Documents Act before the Standing Committee on Access to Information, Privacy and Ethics.

Another issue was the size of the monetary penalty companies would be liable to. There is no list of penalties. There is just one: a monetary penalty will be imposed if an organization fails to correct its non-compliant practices as ordered by the commissioner within the time limit. The bill is balanced because this penalty, which cannot exceed $500,000, will be imposed according to a list of criteria that assess the severity of the offence and the organization's ability to pay. I should point out that other countries, such as Germany, Australia and France, have much higher penalties.

My colleagues opposite talked about how the privacy commissioner's role would change and expressed concerns about the commissioner's ability to handle these new demands. Rapid changes in the digital world will change the role of moderators as well. What we are asking for in Bill C-475 is what the Office of the Privacy Commissioner of Canada told the Standing Committee on Access to Information, Privacy and Ethics it wanted to see.

With respect to the ability of the commissioner's office to deal with the new demands, the commissioner explained in committee, during the assessment of their financial statements, that having the power to issue orders and impose sanctions would produce better results that would be more timely and less expensive for Canadians. During that hearing, the commissioner's office proved without a doubt its ability to adapt its services based on economic constraints, while also increasing the office's efficiency.

However, I must say that suggesting that the commissioner's office is incapable of dealing with the provisions it proposed in committee, and without the benefit of any examination, amounts to completely baseless fearmongering.

Bill C-475 is a balanced bill. It proposes concrete measures to protect people's personal information in the digital age. It gives Canadians greater powers to protect themselves when their information is lost or stolen. It reassures Canadians regarding their engagement on the Internet, which is good for our economy.

Bill C-475 provides incentives to organizations for obeying the law. That it crucial to protecting the privacy of our constituents.

I wish to reiterate my desire to work with the members of all parties in order to make the necessary reforms to the Personal Information Protection and Electronic Documents Act. I appeal to the good judgment of all members to vote in favour of Bill C-475 on December 11.

It being 6:36 p.m., the time provided for debate has expired.

The question is on the motion. Is it the pleasure of the House to adopt the motion?

All those in favour of the motion will please say yea.

All those opposed will please say nay.