Thank you, Mr. Chairman.
I think most members will be familiar with RCC, which has been the voice of retail in Canada since 1963. As a not-for-profit industry association, we represent over 45,000 storefronts on a national basis, of all formats ranging from independent through grocer, online, and mass merchandise merchants.
We appreciate the committee's invitation to appear today. While we're not in as strong a position as my friends here from BCCLA and OpenMedia to comment on the legal intricacies of Bill S-4, we would be pleased to provide some general observations from a retail perspective.
Retailers are generally supportive of the proposed legislation, but do believe that it could be improved upon in some areas, which I and my colleague will address.
Generally speaking, Bill S-4 strikes the right balance between action to protect digital privacy on digital fraud and financial abuse, while recognizing the strengths of PIPEDA and its forward-thinking technologically neutral approach. More specifically, we support the clarification on the exclusion of business contact information, as this was clearly not meant to be captured. This section 4 clarification will better equip businesses to conduct their ongoing operations. We also support the provision for more flexible resolutions to breaches of the act's requirements, notably the provision for voluntary compliance agreements in section 15. We also support the reasonable belief basis for reporting in proposed section 10.1.
Turning to the issue of consent in section 5, we do note that it provides that consent is not valid unless how the information will be used is clearly communicated in a language appropriate to the target audience. We certainly agree with the principle. We understand this is the target of that section, that a vulnerable population such as children should be protected.
We don't take the position that some previous witnesses have that this proposal is superfluous and should be withdrawn. That said, we would encourage the inclusion of a provision for regulation to specify which vulnerable groups are covered. While it may be challenging to do so, a regulation could specify a non-exhaustive list including the obvious examples of minors through to those with cognitive disabilities and those lacking full fluency in the language in which they're being served. Further from that, non-prescriptive guidance from the commissioner's office on appropriate best practices would provide practical guidance for merchants.
With regard to record-keeping, we note that proposed section 10.3 requires that records of breaches be kept in a manner prescribed by regulation. Retailers encourage the inclusion of a materiality test for record-keeping specifically, as it would allow for greater certainty and would tend to limit onerous and less helpful record-keeping, where a breach has occurred technically but without any reasonable prospect of material harm. We're thinking of instances like a computer screen being left unattended or a filing cabinet being left open, where a third party may have passed by. We want to avoid the trivial and ensure that there is some material requirement here for the keeping of records.
We would also suggest including a provision specifying a reasonable length of time for record-keeping, perhaps one year, but we're obviously open in that regard. What we don't want is an obligation to keep records in perpetuity, where they may be diminishing in use from the perspective of the public good and would be onerous for merchants to maintain.
With your indulgence, Mr. Chair, my colleague, Jason McLinton, will make two further observations and conclude on our behalf.