Bill C-11 (Historical)

Madam Speaker, the hon. member sort of reminds me of the character of Cam Brady in the movie The Campaign when he talks about small businesses being the backbone of our economy. They are, but the Liberal government does not seem to recognize that the policies it has put in place have really undermined small businesses. However, I will get to the question.

There a necessity for regulation, but we need to recognize that one-size-fits-all regulations, which are mostly targeted at large corporations while still applying to small businesses, really put small businesses at a significant disadvantage. We are not saying no to regulation. We are saying that we need to put exemptions in, and we need to look at what the consequences really are for small businesses and address their concerns.

Madam Speaker, I thank my colleague for her question.

This is for private businesses, and I understand that my colleague may have a problem with that.

However, during the pandemic we have seen that the federal government itself had problems verifying people's identity. In my riding, some people received the CERB under a name other than their own. These people were on social assistance. They were not entitled to the CERB, received it anyway and will have to repay it when they file their income tax return. That is a serious problem.

I would like to know whether my hon. colleague thinks that we could have applied the provisions of this bill to the federal government itself.

Madam Speaker, I appreciate what the member is saying. I have a story from my riding: A couple come to me who had used a third party tax service to apply for their CERB money. The tax service charged them $300 per CERB application, which is absolutely absurd when someone can just go to the CRA website and click a few buttons to access the money.

It just goes to show that sometimes when the government constructs something and does not think through all of the angles while trying to get the money out the door, there are people who will be hurt by that legislation. When I raised that to the government, its response was that it is not illegal. That is not acceptable.

I think absolutely that the government needs to be held accountable. We always need to do better. We as the opposition are always going to fight to make sure that the government does a better job for Canadians.

Madam Speaker, the member's comments are very enlightening. He talked a little bit about his concerns for small businesses and the red tape that would be associated with them. Can he discuss a little bit, in detail, the provisions in particular that he thinks would put too much of a burden on small businesses?

Madam Speaker, there is a provision in the bill that says a small business has to designate a specific person responsible for maintaining these privacy databases. When we are talking about a small business with just a few employees, oftentimes a sole proprietor may be running the books, sales or the website, and they are now being told that they have to also be the designated privacy CO of their company. That is adding red tape for a small business. For a big business, it is not that big, as it probably already has those positions laid out.

Small businesses trying to maintain those databases and having the ability to keep all the data they are collecting, so as to be ready to comply with requests from the consumer and Privacy Commissioner to hand over the data at any time, creates a ton of paperwork for small businesses. We need to look at a better way to do this to ensure that we can protect the privacy of Canadians, but not put too many onerous requirements on small businesses.

Madam Speaker, my hon. friend mentioned the dynamics of rural Canada and the challenges it faces with access to something as simple as the Internet. These increase the challenges of small and medium-sized enterprises, whether it is a farmer trying to access the most up-to-date equipment for their farm operation and the increasing data requirements surrounding that, the local insurance companies the member mentioned, or the many other small and medium-sized businesses that exist across rural Canada. It is important that a rural lens is applied to something as important as this legislation.

I am wondering if my hon. friend would be able to provide further comments on the impact this would have on rural Canada.

Madam Speaker, it is already hard enough for rural Canadian business people to access the growing digital economy, as I alluded to in my speech when I spoke about the lack of access to high-speed Internet. The hon. member who asked the question is a farmer, and we know agriculture is undergoing a massive shift to data.

I do not think there is anything in this bill that would necessarily impact the farmers themselves, but when we are talking about relations between fertilizer companies, suppliers and transportation logistics, we could be talking about a number of new requirements. The farmers I know just want to farm. They do not want to haggle over data and be purveyors of data, so yes, we have to consider those challenges as well.

Madam Speaker, the member did not answer the question regarding the Conservative Party's position on the legislation. I understand the member, as being part of the official opposition, has concerns. I can appreciate that.

I have two questions. One, do the Conservatives see amendments coming forward at second reading? Second, and most importantly, do Conservatives support this legislation ultimately going to second reading, or in other words, will they support it going to committee?

Madam Speaker, I thank the member for giving me a second opportunity to finally answer his question. We do have concerns about the bill, as I said. However, I think I can freely speak for our caucus and say we will be supporting this going to committee.

We will be looking at putting forward some common sense amendments to protect small businesses and ensure this is the best possible legislation. The fact is that it has been too many years since we have had an overhaul. A lot has changed in our society, and we do need to update this legislation.

Madam Speaker, I see in the legislation that there would be some exceptions to the consent of an individual's data and whether that information would be available to them, or if it would be in the public interest.

Who would make that determination? Is the bill clear on that determination and who would make it, and are there any concerns around that particular provision?

Madam Speaker, that is a question we are going to be fighting to get the answer to at committee. When we are talking about public interest, it is not necessarily just for the government to decide what that public interest is.

At the same time, we need to ensure this is not blown open to any and all organizations that could be using and abusing this data in ways we cannot know. Obviously we need to put some parameters around this and find a good balance.

Madam Speaker, I am honoured to be the first in my party to speak, since this is a topic the Bloc Québécois has been looking at in response to a number of identity theft issues.

I want to take this opportunity to acknowledge my colleagues who have been with me from the beginning of the first session of the 43rd Parliament. We immediately started looking into the matter of privacy breaches and fraud. The Standing Committee on Industry, Science and Technology unanimously agreed to take into account the previous work done to study what action we should urgently take to prevent the kind of situation we are in now.

I salute my colleagues on the Standing Committee on Access to Information, Privacy and Ethics, and I also want to point out that I very much look forward to studying this bill in committee. We had already unanimously adopted a motion to study privacy matters, and today a bill has been introduced. We spent a long time in committee looking into conflicts of interest. I had 40 hours, during which it was difficult to vote on a motion in committee.

That being said, prorogation did not do us any good. If Parliament had not been prorogued, we would not be where we are today. We would already be at the forefront when it comes to protecting our people from fraud and identity theft. I know that this happened to some people who work for the House of Commons. This is a complex and troubling issue. As the Privacy Commissioner said, the accounts of no less than 30 million out of 37 million Canadians were affected.

I would like to tell everyone here and the people watching us at home that their personal information was used. We are talking about a privacy breach. What happens when our personal information is not protected? Obviously, the first thing that comes to mind is the possibility of fraud. The way things stand, fraudsters have quite the opportunity to use the personal information of others.

Madam Speaker, I am sorry. This is my first time without a written speech in front of me and I feel like I could keep talking for an hour. I would like to ask for the consent of the House to share my time with the member for Saint-Hyacinthe—Bagot.

This being a hybrid sitting of the House, for the sake of clarity, I will only ask for those who are opposed to the request to express their disagreement. Accordingly, all those opposed to what the hon. member is proposing, namely, sharing her time with the member for Saint-Hyacinthe—Bagot, will please say nay.

The House has heard the terms of the motion. All those opposed to the motion will please say nay.

There being no dissenting voice, I declare the motion carried.

Thank you, Madam Speaker.

I provided a brief overview of this issue because safeguards have already been implemented in over 30 countries. Our friends in the European Union have been taking the bull by the horns since 2016, and I think we should follow their example.

I applaud the introduction of this bill. It was about time. I would also like to talk about a few things that I look forward to studying as soon as possible at the Standing Committee on Access to Information, Privacy and Ethics.

It was proposed that the commissioner be given additional powers. This bill proves that this proposal was taken into account. The commissioner will be able to impose major penalties. Currently, as all those who grabbed the bull by the horns know full well, businesses are responsible for protecting personal information or face penalties, which vary from one country to another. This bill introduces a 3% penalty, which means businesses such as Facebook, a company worth several billions, could pay up to $10 million if they do not properly protect personal information.

I am also very happy with another part of this bill, which came up earlier, about consent to use and transfer our data. Businesses and organizations that have our data must always have our consent. That is crucial, and I am happy about it.

Once again, I congratulate the government on giving the commissioner the power to issue orders.

However, there is one thing I am very concerned about, and it has to do with organizations such as banks that are under federal jurisdiction. I think that if there is one organization that should lead by example and demonstrate that it is protecting data and working to prevent fraud, it should be the government.

The first time I read the bill, I did not see anything about the government fulfilling its obligations. My hon. colleague talked about this earlier. Many people in Laurentides—Labelle have told me they are worried about finding out at tax time that someone claimed CERB using their name. People have even told me they tested it. They applied, and their application was approved. These are people who are receiving employment insurance benefits.

There are also those who, upon opening their account, discovered that they were victims of fraud. These people have followed up and filed a complaint. Unfortunately, it takes a long time for them to hear back, and some people never hear back. I feel that this bill should also include a requirement to support those who have been victims of fraud and help them through the process.

Right now, it is about prevention and punishment. Let me explain prevention, which is very simple. Prevention is making sure all the necessary elements are in place to validate a person's identity.

However, this bill does not propose a complete reform of the ID authentication processes for individuals through organizations or the government.

Several countries have already taken action and instituted two ID authentication processes. The first involves confirming what the person knows. However, if an individual's personal information is known and their data are open, anyone can immediately commit fraud using their name.

The second involves confirming what the person has using various tools. Some apps already use text message authentication, for example. Sometimes the person has to place a call from their home. This is another important authentication process.

Several countries use other authentication processes based on even more personal information, such as voice recognition or fingerprints. Close attention will have to be paid to facial authentication to ensure that all rules are followed.

I look forward to taking part in the committee deliberations. I welcome this bill, but it needs to be amended properly.