Mr. Speaker, first of all, this is only the second time I have spoken in this House.
I would like to thank the people of Moncton—Riverview—Dieppe for their support in the recent election.
I would like to underline that Moncton hosted the Memorial Cup. It is a hockey town and a Hockeyville, but that Memorial Cup was sponsored by MasterCard and what a fitting title for the MasterCard Memorial Cup when we are talking about identity theft and credit card misuse.
The issue of identity theft is becoming a concern for many Canadian citizens and the media reminds us of this daily. Canadians want to know that their information is safe and that misuse of their personal information will not take place. The unfortunate reality is that in Canada we are known for our mass marketing frauds. Many fraudsters operate from this country targeting Americans, the British, and to a lesser degree our own Canadian citizens. Let us not forget the Nigerian scams that Canadians and many others have been subjected to for a number of years.
One goal of these fraudsters is to gain the personal information of their victims and to use this information to further their illegal schemes. One example of the use of personal information is to obtain a credit card in the name of an innocent victim and use the card to its maximum without of course making any payments. It may take months, maybe years, for the payments to be made and the victims are probably not in a position to re-establish their credit rating.
In the United States data brokers are being sued by the trade commissioner of that country for the acts that are impugned in this proposed act. Unfortunately, many of our global partners are of the opinion that not enough is being done in this country to curtail this illegal activity and in that vein I welcome this bill.
Our American counterparts are being told by Canadian agencies, such as the RCMP, that it is better to have those committing the frauds from Canada on American victims deported to the United States so proper sanctions can take place. In the United Kingdom the information commissioner has just released his report on this very vexing problem.
Bill C-299 puts us on the right track. It targeted the existing problem, but does it go far enough? That is the question.
First and foremost is the definition given to personal information. Bill C-299, the bill in question, uses the definition found in PIPEDA. We ask ourselves whether that goes far enough. Personal information in that regard means information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee or organization.
PIPEDA is designed to protect people. The hon. member plucked the definition of personal information from the act without perhaps giving it some thought, which at committee it will likely get, to ensure that the information which is stolen is in fact valuable information which does include the name, title and business address of the person in question. Otherwise, what use would the information be? The definition section may be a minor thing. With all due respect to the hon. member, that begs the question: Why limit the definition of personal information? A better definition could be drafted.
The material sought to be protected is also very much in question. By simply shadowing the definition found in another act of Parliament, it probably does not go far enough. It is necessary to broaden the definition with a non-exhaustive list. We should think wide if we are trying to protect our citizens.
In the proposed amendment to subsection 362(1), the offence in question is obtaining personal information from a third party. This subsection does not create the offence that is necessary in order to combat the theft or illegal use of personal information.
This amendment does not properly address the unlawful conduct that is at the crux of this problem. In its present state, the amendment to the Criminal Code does not deal with the victim who is directly targeted. Should the offence not be “obtains from any person”, and this would be more Catholic, if we like, and would be more inclusive. The argument will be made that a third party is a person who facilitates the obtaining of the personal information. It does not automatically follow that it comes directly from a victim.
The term “third party” is ambiguous and must be replaced by “any person”. It removes the ambiguity and it gives greater protection to Canadian citizens.
Further, the amendment to the Criminal Code limits that the personal information was obtained by false pretence or by fraud. If the mover were serious about tackling the misuse of personal information, and I have no doubt that he is, with his integrity and track record in Parliament, why would we limit the unlawful manner in which the material is obtained?
I suggest that the proper amendment should be “obtains in any manner”. It therefore does not really matter whether it is obtained falsely, which is certainly bad, or illegally, which is very bad. If it is obtained in any way and misused, that is the crime that should be protected as well. We could of course be looking at tiers or subsections to an amendment to the Criminal Code.
Finally, the information could be acquired illegally and used for an illegal purpose. This is very debatable. I really do look forward to the debate in committee on this. Law enforcement officials and in some cases journalists, ombudspeople, and committees recently created that I am on studying Bill C-2 may in fact find ways and means to use information for illegal purpose. This either must be eliminated completely or addressed in a section of this amendment.
I am not of the same mind as my hon. friend across the way that there must be an exemption, but there probably could be an exemption for illegally obtained information which is used for illegal purpose, and it should be in the section.
Clearly, the use to be made of the obtained personal information must then be attacked, but the offence is to use the material for a fraudulent purpose. Whether it is for personation, to utter forged documents, et cetera, the issue is one where the use of the material needs to be dealt with.
We talked about credit card fraud, which I think is on everybody's minds, but these uses, these personations and using personal information can be a lot less illegal and a lot less damaging, but nonetheless deserve the same protection under this law. The amendment does not deal with the person who steals personal information directly.
An example is the thief who enters a residence and sees the personal documents on a table. Many people just keep their PINs for the ABMs and Aeroplan points and so on by the phone in case they forget them. That personal information, including the social insurance number, might just be there for a thief to see. It might be a friendly worker who appropriates this information.
This information could be used to obtain a credit card and to use the credit card. The victim is not aware of any loss since a theft, as defined by the Criminal Code, never occurred. A year or so later the victim applies for credit and we know the rest of the story. He or she is refused because of a bad credit rating.
In its present form then, Bill C-299 deals with the matter in a less than complete way. On the other hand, should the thief sell the information, he or she may fall within one of the amended sections. This cannot be the intent of the amendment to the Criminal Code.
The other proposed amendments to the Canada Evidence Act and the Competition Act are made as a result of those made to the Criminal Code. I applaud the part of my colleague's bill that creates a civil wrong, or a tort, out of what we always thought of as a criminal act. I cannot say enough about how important it is for government to have hybrid motions and bills like this which encompass both the civil reality and civil loss.
The previous comments apply. The CEA and the Criminal Code must reflect that the personal information may be obtained in any manner. The use of the material is the crux of the issue, I submit.
Bill C-299 is a good idea in principle. I congratulate the hon. member.
The issue of dealing with personal information is complex and must be dealt with effectively. In its present form, this bill needs some work.
To combat the theft and the misuse of personal information, it is necessary, however, to draft a more comprehensive bill attacking the problem from all angles.
Only in this way will we be able to protect all Canadians' personal information.