This week, I changed much of the tech behind this site. If you see anything that looks like a bug, please let me know!

Evidence of meeting #41 for Access to Information, Privacy and Ethics in the 41st Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was online.

A video is available from Parliament.

On the agenda

MPs speaking

Also speaking

Jennifer Stoddart  Privacy Commissioner, Office of the Privacy Commissioner of Canada
Barbara Bucknell  Strategic Policy Analyst, Legal Services, Policy and Research Branch, Office of the Privacy Commissioner of Canada
Janet Goulding  Director General, Governance, Policy Coordination and Planning, Department of Industry
Jill Paterson  Policy Analyst, Security and Privacy Policy, Digital Policy, Department of Industry
Maxime-Olivier Thibodeau  Committee Researcher

12:45 p.m.

Liberal

Scott Andrews Liberal Avalon, NL

How quickly would notifications of these breaches need to be divulged to individuals?

12:45 p.m.

Director General, Governance, Policy Coordination and Planning, Department of Industry

Janet Goulding

Again, the speed with which the notification needs to happen is commensurate with the potential harm. If there's a significant risk of harm, you would expect that this notification should take place very quickly so that people can act to protect the information that may have been breached.

So for instance, in the example of potential credit card breaches, individuals might want to act quickly to cancel cards or further protect themselves. Again, the legislation is not prescriptive but it does say, “as soon as feasible”.

12:45 p.m.

NDP

The Chair NDP Pierre-Luc Dusseault

Mr. Carmichael has the last five minutes.

May 29th, 2012 / 12:45 p.m.

Conservative

John Carmichael Conservative Don Valley West, ON

Thank you, Mr. Chair, and welcome to our witnesses today.

I'd like to follow up on my colleague's questioning regarding the data breaches. I understand there is an amendment that would safeguard consumers against data breaches.

The concern I have is that the Commissioner was talking earlier about the fact that she lacks the enforcement ability on some of these challenges, so we put in the data breaches. We've covered that off in the legislation, but I wonder what the penalties are. How do we protect consumers? Even though you have it in there, who's responsible to lock that down?

12:45 p.m.

Director General, Governance, Policy Coordination and Planning, Department of Industry

Janet Goulding

Under the legislation, the Privacy Commissioner is responsible for enforcement of complaints. She does have the ability to launch an investigation, to make public her recommendations, and if she feels further action is required, to take that matter to the Federal Court. The Federal Court can order organizations to change their behaviour, and it can also award damages. The current legislative regime is based on an ombudsman approach, but as the commissioner alluded, perhaps in the second parliamentary review of PIPEDA, the issue of her compliance powers might be something that parliamentarians want to study.

12:50 p.m.

Conservative

John Carmichael Conservative Don Valley West, ON

With the amendments to the legislation, I understand we now have some protection built in for children and vulnerable individuals. I watched a three-year-old grandson navigate an iPad with remarkable ease. Certainly he didn't read all the governing bylaws getting into what his responsibilities are.

Then I think of seniors on the other end of the scale. Having run numerous anti-fraud seminars in my riding, I've heard countless stories of fraudulent activity involving seniors on Internet sites or being directed at them through their e-mails, and all kinds of different challenges to their security. I have a real concern about how technology is moving at a pace that's faster than we can be in providing security and protection for the consumers using those products. Would you agree with that?

12:50 p.m.

Director General, Governance, Policy Coordination and Planning, Department of Industry

Janet Goulding

I think the question gets back to digital literacy, and I would agree that it's very hard for consumers to sift through the plethora of information that's probably available on various Internet applications. I think the issue of digital literacy is one that will come back over and over again. Placing requirements on organizations to communicate in a way that is clear and understandable to the target audience is key, and again, something that we hope to see brought into force with the passage of Bill C-12.

12:50 p.m.

Conservative

John Carmichael Conservative Don Valley West, ON

It would be simplified so that we could all understand it.

12:50 p.m.

Director General, Governance, Policy Coordination and Planning, Department of Industry

12:50 p.m.

Conservative

John Carmichael Conservative Don Valley West, ON

How much more time, do I have, Chair?

12:50 p.m.

NDP

The Chair NDP Pierre-Luc Dusseault

You have a minute and three quarters left.

12:50 p.m.

Conservative

John Carmichael Conservative Don Valley West, ON

I like the concept of the third-party audit of corporations, but I'm very concerned that there seems to be quite a time lag between when the audit is completed and when we can see the results and the corrective action.

Again, back to the security, the management, the accountability, and governance—where do you see your role in that as far as speeding up the process so that we can stay on top of those who have serious breaches and maintain the governance so that our consumers are truly protected?

12:50 p.m.

Director General, Governance, Policy Coordination and Planning, Department of Industry

Janet Goulding

The responsibility for enforcement of the legislation rests with the Privacy Commissioner, and the concept of having a third-party audit, which I think is a very good one, is something she has brought into play. I think the Privacy Commissioner is best placed to answer that kind of question.

12:50 p.m.

Conservative

John Carmichael Conservative Don Valley West, ON

I like the concept of third-party audits. She gave us an example, though, of one already being late, and her having, it seems, very little scope to do much about it. That's a concern to me.

That's it. Thank you.

12:50 p.m.

NDP

The Chair NDP Pierre-Luc Dusseault

Thank you, Mr. Carmichael.

The period for questions is now over. I would like to thank the witnesses for appearing before the committee today.

As planned, we are going to spend the last few minutes on committee business.

First, as you've just been informed, there was a mistake in the lobbying report. Since it has already been tabled in the House of Commons, we will have to use a special procedure to correct it. Could the committee researcher please explain the mistake in question? I will then describe what we need to do to correct it.

12:50 p.m.

Maxime-Olivier Thibodeau Committee Researcher

Thank you, Mr. Chair.

A mistake was made in the report, in the part that lists the lobbying commissioner's recommendations that the committee accepted. One number is there that should not be. It has no impact on the rest of the report, but the fact that this number is there indicates that the committee retained a certain recommendation from the commissioner that, in fact, it did not, which is why it needs to be corrected.

12:50 p.m.

NDP

The Chair NDP Pierre-Luc Dusseault

Thank you.

Since the report has already been tabled, what we need to do to correct the mistake is to seek the unanimous consent of the House. So it is a little difficult to make changes without going before the House a second time. It's a fairly simple change, but the mistake could still have certain repercussions, given that it indicates that we adopted a recommendation, when that is not the case. It will be done in the next few days, but we don't yet know when. Regardless, we will need the cooperation of all the parties.

Does anyone have any questions?

Mr. Del Mastro?

12:55 p.m.

Conservative

Dean Del Mastro Conservative Peterborough, ON

Thank you, Mr. Chairman.

I note that we're now into committee business. As is customary for the committee, I just request that the committee move in camera for committee business.

12:55 p.m.

NDP

The Chair NDP Pierre-Luc Dusseault

The motion is not debatable. We are requesting a recorded division. It is moved that the committee now go in camera to discuss committee business.

(Motion agreed to: yeas 7; nays 4)

Therefore, we are going to suspend the meeting for one minute to give everyone time to leave.

[Proceedings continue in camera]