Bill C-29, which was in the former Parliament, made some changes to PIPEDA, and Bill C-12, which was reintroduced on September 29, 2011, had a key amendment that required organizations to report data breaches—referred to in the bill as breaches of security safeguards involving personal information—to the Privacy Commissioner and notify affected individuals when there is real significant harm, such as identity theft or fraud.
I have a lot of folks in my community who are concerned about identity theft. It seems that every once in a while we'll hear about a significant security breach. In fact, your office has reported on some of them. This reporting requirement for security breaches, is it something you would support, these changes that are suggested in Bill C-12?