Evidence of meeting #101 for Public Safety and National Security in the 44th Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was information.
A recording is available from Parliament.
3:50 p.m.
Liberal
Jennifer O'Connell Liberal Pickering—Uxbridge, ON
I'll just move it, and the explanation is exactly that. We're just removing the word “private”.
3:50 p.m.
Liberal
The Chair Liberal Heath MacDonald
Shall G-7 carry?
(Amendment agreed to [See Minutes of Proceedings])
Next is G-8.
Go ahead, Ms. O'Connell.
3:50 p.m.
Liberal
Jennifer O'Connell Liberal Pickering—Uxbridge, ON
Thanks, Mr. Chair. I'll move that amendment.
It's the same as G-7. The rationale is to remove the word “private” from “federally regulated private sector” just to expand and ensure everything is captured.
(Amendment agreed to [See Minutes of Proceedings])
3:50 p.m.
Liberal
Jennifer O'Connell Liberal Pickering—Uxbridge, ON
Thank you, Chair.
I'll move this. It's just to correct a drafting error to ensure that publicly owned and operated organizations can also be captured. It's similar to G-7 and G-8.
(Amendment agreed to [See Minutes of Proceedings])
3:50 p.m.
Liberal
Jennifer O'Connell Liberal Pickering—Uxbridge, ON
Thank you.
We're just moving so fast. I have to catch up with my notes.
I'll move this again. It's essentially to ensure the federal government can enter into agreements with provincial and territorial governments. It's to include, as one of the provisions, “with the provinces and territories”. That's the language it's adding.
(Amendment agreed to [See Minutes of Proceedings])
3:50 p.m.
Liberal
Pam Damoff Liberal Oakville North—Burlington, ON
Chair, I'll move this one, and maybe the officials could just explain to us how this preserves the due diligence defence, which is the intent of the amendment.
3:50 p.m.
Director General, National Cyber Security Directorate, Department of Public Safety and Emergency Preparedness
Thank you for the question.
The amendments will reinforce the policy intent of these sections, which was to create a strict liability offence for contravening the act as well as to ensure the applicability of a due diligence defence.
In strict liability, the defendant is liable for the offences, regardless of intent. For example, in drug possession cases, it is assumed someone found in possession of drugs has committed this offence, and they are responsible to prove their innocence.
In the case of the CCSPA, for example, you could say a designated operator failed to establish a cybersecurity program within the 90 days designated under the act. This is a punishable offence.
It's currently written that the Crown must demonstrate that the designated operator did not meet this requirement. Instead, and what was originally intended, is that the amendment would assume the offence occurred, and the designated operator would then have the opportunity to prove otherwise in a judicial review process by showing they tried to comply. This is otherwise known as the due diligence defence.
3:55 p.m.
Liberal
Pam Damoff Liberal Oakville North—Burlington, ON
Thank you.
I think this amendment is needed to make sure that due diligence defence is in the legislation.
3:55 p.m.
Liberal
3:55 p.m.
Liberal
3:55 p.m.
Bloc
Kristina Michaud Bloc Avignon—La Mitis—Matane—Matapédia, QC
Thank you, Mr. Chair.
The purpose of BQ‑12 is to avoid regulatory overlap. It stems from a request Electricity Canada made in its brief. As you can well imagine, some organizations already have cybersecurity programs, so adding this provision would ensure that they were exempted from the cybersecurity program requirements.
The idea is really to avoid regulatory overlap. Electricity Canada submits that infrastructure already subject to stricter standards won't be made any more secure. In its brief, Electricity Canada refers to the standards set by the North American Electric Reliability Corporation, which many provincial regulators have adopted, applied and reviewed.
That's the purpose of this amendment.
3:55 p.m.
Liberal
3:55 p.m.
Liberal
Jennifer O'Connell Liberal Pickering—Uxbridge, ON
Thank you, Chair.
Through you, to any of the officials who could answer this, would this effectively mean that designated operators could determine, themselves, if they meet the threshold, and therefore wouldn't be subject...?
I understand the intention. I just want to make sure there isn't a self-regulating thing like, “Oh, we have these cybersecurity policies, and therefore there's no need to look here.” That's how I am reading it, but perhaps you could elaborate if this is of concern.
3:55 p.m.
Director General, National Cyber Security Directorate, Department of Public Safety and Emergency Preparedness
We absolutely appreciate the intent behind this provision; however, I think an unintended consequence could be that it would effectively allow designated operators to determine, themselves, whether their existing cybersecurity programs meet the requirements of the CCSPA and whether they are therefore obligated to comply with the obligations regarding the cybersecurity programs.
Unfortunately, this would undermine the purpose of the CCSPA, which is to ensure that all designated operators meet a base level of cybersecurity.
3:55 p.m.
NDP
Peter Julian NDP New Westminster—Burnaby, BC
Although I very much appreciate the intention behind the amendment, I can't support it since it would mean that operators themselves could determine that they met the requirements.
3:55 p.m.
Liberal
The Chair Liberal Heath MacDonald
Is there any further discussion?
Shall BQ-12 carry?
(Amendment negatived [See Minutes of Proceedings])
We are now on G-11.
Ms. O'Connell, please go ahead.
3:55 p.m.
Liberal
Jennifer O'Connell Liberal Pickering—Uxbridge, ON
Thank you.
This amendment, again, is dealing with the prescribed time frame for notification of changes.
We had lots of discussion around this, and the proposed language, which would be “within a period prescribed by the regulations” instead of “without delay”, will provide more clarity.
Not every industry will require the same time frames. Some might be more complicated than others. Through the regulations, industry would probably welcome the ability to have those conversations.
This language achieves the same things, but provides a little bit more certainty to the private sector or those who might have to comply under this legislation.
4 p.m.
Liberal
The Chair Liberal Heath MacDonald
Thank you.
Is there any discussion?
Shall G-11 carry?
(Amendment agreed to [See Minutes of Proceedings])
Next we have G-12.
Ms. O'Connell, go ahead.