House of Commons Hansard #87 of the 40th Parliament, 3rd Session. (The original version is on Parliament's site.) The word of the day was privacy.

Topics

Strengthening Aviation Security ActGovernment Orders

4:05 p.m.

Liberal

Joe Volpe Liberal Eglinton—Lawrence, ON

Mr. Speaker, the hon. member for Sault Ste. Marie has raised a few very important, serious issues, because they address themselves to the question not only of security but of internal security as well.

I wonder whether he has a reflection on what transpired at the beginning of the year. Remember now, we are all gripped and seized with the issue of criminality, whether it is on the ground or in the air.

The hon. member will know that there was a particular report that received a lot of attention here in Canada, via some of the daily press, regarding an expert who was coming here to attend a conference on the expansion of international criminal elements from a particular criminal organization vested in southern Italy, that there were tentacles here in Canada that were a threat to the peace and security of Canadians and Americans. I wonder whether the hon. member saw that. I know he follows this.

I wonder whether he has any reflections on the reasons that the Government of Canada refused to give that technical expert all of the protection that he receives whenever he travels anywhere else in the world and offers the benefit of his expertise for the safety and security of citizens everywhere around the world. The Government of Canada is presenting legislation to comply with an American act without negotiating, but in that instance, it had a specific situation that would have cost it nothing except to provide a couple of bodyguards. Why did the government walk away and say no? Why did some local off-duty police officers have to provide that individual with security here in Canada?

I am wondering whether the hon. member makes the connection about the intent of the Conservative government to stand up for its citizens and its system. Has he come to the conclusion, as many of us have here, that the Conservative government is a sound bite legislation government? It makes a lot of sound, but no bite.

Strengthening Aviation Security ActGovernment Orders

4:10 p.m.

NDP

Tony Martin NDP Sault Ste. Marie, ON

Mr. Speaker, indeed I do remember that story. I found it odd, to say the least, that in that instance we would not be doing all that we could to make sure the person was made to feel safe in our country. We pride ourselves in being a country that does that kind of thing.

I reflect back on the billion dollars that was spent this summer to protect six or seven world leaders at a big meeting in Toronto. Yet for the small amount of money that it would have cost to extend a courtesy to that expert we brought in, it was a little strange not to do it.

Yes, it speaks to me of a narrowness in scope when it comes to these kinds of things. When the Americans say we should do something, we jump to it, saying, “Yes, sir, three bags full, sir”. We seem to think that if we do not, we are going to be punished.

I think all members, opposition and government, should be sitting down together and looking at what we could do that is in the best interests not just of security, but also in creating a world where we all feel comfortable, and where we can move around without being accosted every time we cross a border to go on a vacation. It is rather odd.

The hon. member raises a good point and makes a good case.

Strengthening Aviation Security ActGovernment Orders

4:10 p.m.

NDP

Claude Gravelle NDP Nickel Belt, ON

Mr. Speaker, I would like to commend the hon. member for Sault Ste. Marie for his concerns about this bill.

The hon. member referred to the tourism industry in his riding of Sault Ste. Marie, which is very close to mine. I remember reading a lot about the problems the tourism industry is having in Sault Ste. Marie, specifically as it relates to the ski hill operations, because Americans are not coming to Canada for a lot of reasons.

This is another reason that they would not come to Canada. This allows data mining of Canadians' personal information, and a lot of information that is unnecessary for the government to have.

I would like the hon. member for Sault Ste. Marie to explain to me what this does to the tourism industry, not only in Sault Ste. Marie but right across Canada.

Strengthening Aviation Security ActGovernment Orders

4:10 p.m.

NDP

Tony Martin NDP Sault Ste. Marie, ON

Mr. Speaker, when we consider for a second, and the member for Windsor West will I think appreciate and understand this, the rigmarole that people have to go through to get across that border, particularly from Canada into the United States, in a jurisdiction that is supposedly the freest in the world, the interrogation, the sometimes harassment, the hours that they spend at the bridge going through one or two or three processes of inspection, who would want to come back and do that more than once or maybe twice? That is the reality.

I know people from the States who have come to Canada and I have relatives who live in the States. They are more and more anxious about coming over to Canada any more, even if it is to spend a day skiing or to visit family, because they worry about what is going to happen to them on the way back as they cross through that border.

So, add on top of that this new layer of scrutiny when we now simply fly through American air space and we begin to see why this is not good public policy.

Strengthening Aviation Security ActGovernment Orders

4:15 p.m.

Conservative

The Deputy Speaker Conservative Andrew Scheer

Is the House ready for the question?

Strengthening Aviation Security ActGovernment Orders

4:15 p.m.

Some hon. members

Question.

Strengthening Aviation Security ActGovernment Orders

4:15 p.m.

Conservative

The Deputy Speaker Conservative Andrew Scheer

The question is on the motion. Is it the pleasure of the House to adopt the motion?

Strengthening Aviation Security ActGovernment Orders

4:15 p.m.

Some hon. members

Agreed.

No.

Strengthening Aviation Security ActGovernment Orders

4:15 p.m.

Conservative

The Deputy Speaker Conservative Andrew Scheer

All those in favour of the motion will please say yea.

Strengthening Aviation Security ActGovernment Orders

4:15 p.m.

Some hon. members

Yea.

Strengthening Aviation Security ActGovernment Orders

4:15 p.m.

Conservative

The Deputy Speaker Conservative Andrew Scheer

All those opposed will please say nay.

Strengthening Aviation Security ActGovernment Orders

4:15 p.m.

Some hon. members

Nay.

Strengthening Aviation Security ActGovernment Orders

4:15 p.m.

Conservative

The Deputy Speaker Conservative Andrew Scheer

In my opinion the yeas have it.

And five or more members having risen:

Call in the members.

And the bells having rung:

The vote stands deferred until the end of government orders later this day.

Safeguarding Canadians' Personal Information ActGovernment Orders

4:15 p.m.

Parry Sound—Muskoka Ontario

Conservative

Tony Clement ConservativeMinister of Industry

moved that Bill C-29, An Act to amend the Personal Information Protection and Electronic Documents Act, be read the second time and referred to a committee.

Mr. Speaker, it is my pleasure to rise in my place today to begin second reading of Bill C-29, the safeguarding Canadians' personal information act.

I would like to thank those following me on Twitter for being so patient. I have been telling them I was going to be rising to speak on this bill for about an hour now. They can rest assured that I am fulfilling my responsibilities as industry minister as I debate this bill.

This bill is about privacy in the digital age and is, therefore, an important element of Canada's emerging digital economy strategy.

Internet technology has brought many benefits and has changed our society in sometimes profound ways. It has made distance irrelevant for many and improved our overall quality of life. It has changed the way we communicate with one another, how we network, how we socialize with another. It has revolutionized our economic models, transforming how businesses, large and small, manage their supply chains and expand their reach. Businesses use the Internet to customize their products and manage relationships with their customers.

However, the digital economy has challenges as well as benefits. The Internet can be used to broaden a company's marketing base and collect a great deal of information. Most of this information is personal, and many would prefer that it remain private. There is basic information such as names, addresses and dates of birth. There is also very personal information about health, criminal records and credit card numbers.

So in the wrong hands any of this information could be used for malicious purposes, such as identity theft or bank fraud. But even when not used for malicious or illegal purposes, the unauthorized revelation of personal information to outside third parties constitutes an invasion of the privacy that most Canadians value highly.

We want to ensure that concerns about privacy and the protection of personal information do not undermine the potential of the digital economy to continue to change our lives for the better. After all, some 80% of Canadians use the Internet and 88% of businesses are online. The total value of online commerce in Canada in 2007 was $62.7 billion. We want to grow that business, and to do so we need to establish an environment of confidence and trust in online transactions.

Currently in this place Bill C-28, the fighting Internet and wireless spam act, is under consideration as well. It would provide a solid foundation for combating spam and various forms of malicious Internet activity. That bill, together with the bill I rise to support today, is part of our agenda for putting Canada at the forefront of the digital economy.

PIPEDA, as it is called, has codified in law a set of privacy principles that had already been well established. The Canadian Standards Association model code for the protection of personal information provides the foundation for privacy protection, no matter what the technology.

The standard was developed through careful consideration among government, industry, consumers and privacy advocates and has been recognized internationally. In fact, international recognition was an important concern when building the PIPEDA regulatory regime.

One of the early tests PIPEDA faced was whether the European Commission would recognize that it provided adequate privacy protection for the purposes of the EU data protection directive. The European Commissioner has recognized PIPEDA's regime. As a result, organizations subject to PIPEDA can receive personal data from EU member states. I point this out as an example of how framework laws such as PIPEDA, our privacy protection legislation, are essential for the competitiveness that we need for the digital economy.

PIPEDA's flexible, principles-based approach has allowed the Privacy Commissioner of Canada to examine challenges to our privacy posed by new technologies that collect and store massive amounts of personal information. We have become international champions of privacy in the age of social media.

PIPEDA is a very effective component of the legislative framework. But a good law can always be made better. Thus, it must be reviewed every five years.

The first such review was completed by the Standing Committee on Access to Information, Privacy and Ethics in May 2007. I want to reiterate the thanks to the committee that were given at that time by my predecessor as industry minister, the current Minister of the Environment.

The committee heard from 67 witnesses and considered 34 submissions from individuals and organizations. The report concluded that PIPEDA does not require major changes at this time, but at the same time it presented 25 recommendations addressing issues raised during review.

In October 2007, the government tabled its response to the report; it dealt with each of the 25 recommendations. Even though no substantive changes are required, our government made a commitment to amend the act in keeping with a number of the report's recommendations. We will also work with stakeholders to ensure that the changes made are as effective as possible.

To guide the government's approach to this commitment, Industry Canada organized more than 25 meetings with stakeholders. It met with businesses, consumer and privacy advocates, Canada's Privacy Commissioner, the provincial governments and enforcement agencies. The department also received 76 written representations in the Canada Gazette after the consultation process.

The bill before us responds to the recommendations of the committee and to what we learned from the Industry Canada consultation. The amendments contained in the bill will further enhance Canada's reputation as a world leader in privacy protection. We will maintain one of the world's most effective regimes for the protection of personal information in the digital age.

The amendments before us can be divided into four broad categories designed to do the following: protect and empower consumers, clarify and streamline rules for business, support effective law enforcement and security investigations and address technical issues.

Let me summarize. First, to protect and empower consumers we have added new provisions to the act and amended existing ones. To protect the privacy of minors online, we have enhanced the consent provisions.

Under the amendments before us, consent is only valid when obtained from an individual who can reasonably be expected to understand the nature and consequences of the transaction or the communication being proposed.

To help deter financial abuse, locate injured, ill or missing persons and to help identify the deceased, the act will be amended to allow for disclosure of personal information to the relevant authorities or the next of kin. Financial organizations, for example, would be able to contact law agencies, friends or family members of individuals who are suspected to be victims or potential victims of financial abuse. This is in response to situations commonly referred to as elder financial abuse.

Even more important, this bill will introduce new requirements. Organizations will have to report significant breaches to the commissioner and notify the people affected when a breach poses a risk of harm.

This is a risk-based approach to providing notifications of privacy breaches. It recognizes that not all breaches pose a risk to consumers. It also recognizes the risk of too many notifications. In fact, consumers might not respond appropriately when a breach poses a real risk. With this approach, the commissioner is informed of the nature and extent of privacy breaches so that she can monitor and defend privacy issues.

The second broad category of amendments will clarify and streamline rules for businesses. We are making these changes in response to calls from business to help clarify their responsibilities under PIPEDA. They will help businesses comply with the law.

These amendments will ensure access to information that is critical to the regular conduct of business. This will facilitate such functions as managing employment relationships and conducting due diligence for business transactions, such as mergers and acquisitions.

The amendments would also allow employers to disclose, as required, professional information, including emails, that their employees produce in the course of their daily activities. The new provisions will facilitate the legitimate activities of the public and private sectors, in the financial sector, for the purposes of investigations and fraud prevention. In accordance with the government's paper burden reduction initiative, these provisions will replace a tedious regulatory process.

The third broad category of amendments will support effective law enforcement and security investigations. These amendments remove barriers to investigations that were unintended by Parliament when PIPEDA was enacted. They will clarify that the act allows organizations to collaborate with law enforcement in situations where there is no warrant.

Amendments will also prohibit organizations from notifying individuals, without prior approval from law enforcement, that the police have requested information about them. This will help prevent the disappearance of suspects and the destruction of evidence.

PIPEDA of course, the current privacy legislation, is a good act. It has put Canada at the forefront of online privacy protection, but we can and we should make a good act even better. The House of Commons Standing Committee on Access to Information, Privacy and Ethics created a road map for us in its report. We are following that route, and with the further help from the advice of the Privacy Commissioner and the many individuals and organizations who have consulted with Industry Canada over the past two years, we will do so.

Taken in a broader context, these amendments are part of a much bigger initiative to put Canada at the forefront of the digital economy. Our economic performance in the 21st century will depend in large part on the trust and confidence Canadians have in online transactions. From the foundation of that trust and confidence, we can build a digital economy that will bring prosperity and quality of life to Canadians for generations to come.

With this in mind, I encourage all hon. members to join me in supporting the bill.

Safeguarding Canadians' Personal Information ActGovernment Orders

4:30 p.m.

NDP

Claude Gravelle NDP Nickel Belt, ON

Mr. Speaker, I would like to ask the minister a question. I want to read something from the bill. The bill permits organizations to collect, use and disclose information without the knowledge or consent of the individual if the personal information is contained in witness statements related to insurance claims, or was produced in employment or business, or to establish or terminate employment relationship. or required to communicate with next of kin, or disclosed to prevent, detect or suppress fraud or financial abuse and used to identify injured, ill or deceased persons; and finally, for policing services.

We will support the bill to send it to committee to make some changes. Would the hon. member be willing to support changes so we can properly identify lawful authority and policing services?

Safeguarding Canadians' Personal Information ActGovernment Orders

4:30 p.m.

Conservative

Tony Clement Conservative Parry Sound—Muskoka, ON

Mr. Speaker, we are seeking to create the appropriate balance between the rights of individuals to their privacy and also protect society in cases of fraud or crime or to help families of victims or themselves, if they are not capable of helping themselves. That is the balancing act we must play.

As I expressed in my remarks, we think we have achieved that balance, but we are always open to criticism and we are certainly open to constructive criticism. If they are ways we can improve the bill that do not do violence to the intentions of the bill, we would be all ears.

Safeguarding Canadians' Personal Information ActGovernment Orders

4:30 p.m.

Conservative

Blaine Calkins Conservative Wetaskiwin, AB

Mr. Speaker, I thank my colleague, the minister, for the work he does on behalf of all Canadians, protecting our personal privacy and ensuring that we are not going to have to share personal private information with the Government of Canada. These changes he is making through PIPEDA address the issues of personal information in the private sector.

I think Canadians are worried about their information. It was a few years ago where Home Sense or one of those companies had credit card information taken from its system. We have known of banks that have lost critical banking and customer information.

Today, with the new technology, photocopiers with hard drives remember digital information and make digital copies of this information.

With all these different forms of technology, whether it is e-commerce, or a customer walking in and doing a credit card transaction or it is photocopy of information on a hard drive, is the bill technology neutral and is will it do more to protect the private information of Canadians in this sense?

Safeguarding Canadians' Personal Information ActGovernment Orders

4:30 p.m.

Conservative

Tony Clement Conservative Parry Sound—Muskoka, ON

Mr. Speaker, I appreciate the member's remarks on this topic. The intention of the bill is to be technology neutral, as the hon. member has suggested. One of the strengthening clauses or improvements from the current legislation is designed to create an obligation on behalf of the private sector when there is a large breach of privacy, a legal obligation to in fact inform customers and inform the Government of Canada that there has been a major privacy breach.

Under the current rules, there is no such obligation. There might be a moral obligation, but there is no legal obligation to do so. We want to ensure that if there has been a large scale breach, there is an obligation to report that.

Safeguarding Canadians' Personal Information ActGovernment Orders

4:35 p.m.

NDP

Jim Maloway NDP Elmwood—Transcona, MB

Mr. Speaker, the previous questioner seemed to be concerned about the privacy of Canadians. Yet we debated for several hours today Bill C-42, An Act to amend the Aeronautics Act. It would allow Canadian carriers to give private information on the PNR to the American security.

How does the minister reconcile this whole effort to update the privacy legislation of the country with Bill C-42, in which we will give information away to American entities without reciprocity? The Conservative government could have demanded the same treatment. The Americans have 2,000 flights a day flying over Canadian airspace. We have 100 flights flying over American airspace.

Surely the government could have said that if the U.S. demanded the information from it, the Canadian government would demand the same information on those 2,000 flights. Did the government do it? I do not believe so.

Safeguarding Canadians' Personal Information ActGovernment Orders

4:35 p.m.

Conservative

Tony Clement Conservative Parry Sound—Muskoka, ON

Mr. Speaker, I feel like I am in a bit of a time warp here. I believe this place was discussing that very bill awhile ago, so I will not rehash that. If the hon. member had a comment at that time, he could have put it on the record.

This deals with is the protection of personal information in the private sector context. We were talking about bank records and transactions, credit card information, all this type of personal information that is now available to private sources, which Canadians are willing to give to be part of the online universe and to be part of a modern economy.

However, at the same time, we have to ensure there are adequate protections that Canadians can reasonably rely on and have confidence in so they can take part in the normal transactions that we do nowadays online or with our banks, or with other private sector institutions. We need to have the faith that the system is designed, in most cases, to protect our privacy, unless there are extraordinary circumstances as outlined in the bill.

Safeguarding Canadians' Personal Information ActGovernment Orders

4:35 p.m.

NDP

Claude Gravelle NDP Nickel Belt, ON

Mr. Speaker, the minister and other members of Parliament are always concerned about privacy issues. Has the government taken into account people or companies that might abuse the bill, if it passes, and are there any penalties for that?

Safeguarding Canadians' Personal Information ActGovernment Orders

4:35 p.m.

Conservative

Tony Clement Conservative Parry Sound—Muskoka, ON

Mr. Speaker, there are sanctions. It would not be much of a bill if there were no sanctions to ensure these rights are enforced appropriately. We have been working with the Privacy Commissioner to ensure that she is fully cognizant of this legislation. She has been an active interlocutor in the drafting of the bill to ensure it has teeth and to ensure it can actively do what it intends to do. This has been a most collaborative process with the Privacy Commissioner as well as with other deponents, including consumer rights groups, who have particular expertise in this area. Again, I believe we have the appropriate balance.

Safeguarding Canadians' Personal Information ActGovernment Orders

4:35 p.m.

Conservative

The Deputy Speaker Conservative Andrew Scheer

I would like to inform the House pursuant to Standing Order 38 that the question to be raised tonight at the time of adjournment is as follows: the hon. member for London—Fanshawe, Aboriginal Affairs.

Resuming debate, the hon. member for Eglinton—Lawrence.

Safeguarding Canadians' Personal Information ActGovernment Orders

4:35 p.m.

Liberal

Joe Volpe Liberal Eglinton—Lawrence, ON

Mr. Speaker, the closing comments by the minister, when he referred to bites, et cetera, reminded me of a statement made by our colleague from Montmorency yesterday. So much of the government legislation is sound bite legislation, “safeguarding Canadians' personal information act”. It almost as if we had a guard dog on site. The only problem is that the guard dog has a bark like a sheep dog and a bite like a chihuahua. When is the government going to get away from sound bite legislation and actually do something worthwhile?

The minister justifies it all by saying we have an Internet economy that is worth some $62.7 billion and so we will ensure we can grow that. The government is not going to do anything about that at all.

What is going to happen is companies that want to get on the Internet for the purposes of expanding their commerce are going to do so. They are not going to worry about whether the government wants to jaw-jaw its way into this. They are going to take a look at this legislation and say that the member from Montmorency is right, that those guys have a bite and a bark like a chihuahua.

This is especially so after the industry committee has made some recommendations to the minister. With the benefit of those recommendations, he still goes ahead and presents legislation that he himself acknowledges requires further study from the committee and make the kinds of suggestions to improve the bill that he knows he must put in place if this will be acceptable legislation.

All of us are desirous of maintaining our privacy, in keeping what is ours to ourselves, keeping our security safeguarded at all times, to ensure that anything that pertains to our person, our businesses, our interests is released only when we think it is appropriate for our sake, for our interest.

For the government to come forward and say that it will safeguard all of that, except in certain circumstances, does not make safeguarding personal privacy interests very secure. What it does is introduce exceptions to kinds of privacy and security that it claims to be support.

Its sound bite title is, like everything else the government does, smoke and mirrors, deception and manipulation.

One can easily applaud the fact that there are amendments to PIPEDA, the Personal Information Protection and Electronic Documents Act, and notice that there is nothing in that title that sounds like a sound bite that it is actually a factual issue, but the government decides to take this legislation and make it look like it has done something else with it. That might enhance its opportunities to sell itself as something proactive.

It took the government four and a half years to discover that 80% of businesses are on the Internet, that means they have a website, and that 88% of Canadians are Internet savvy, that means they can browse the net. All of these things do not a business make, but they are the fertile ground for businesses interested in making their commerce more time sensitive, more immediate and more global.

Bill C-29 amends PIPEDA to, among other things, permit the disclosure of personal information without the knowledge and consent of the individual who possesses that for certain purposes. Some of the purposes will make sense. It is a little bit like the Trojan horse that gives access to a treasure trove in somebody else's domain.

The first of these does sound as if it makes sense. Number one is for identifying an injured, ill or deceased individual, communicating with their next of kin. There are very few people who would say that is bad.

Second is for performing police services. There are no other qualifiers. There are a lot of people who want to know what that means.

Third is for preventing, detecting or suppressing fraud. Successfully or unsuccessfully? What is the intent? Which organization?

Fourth is for protecting victims of financial abuse. How so? By releasing their information?

Another series of amendments is to permit organizations, any organization, for certain purposes not specifically outlined, to collect, to use, to disclose without the knowledge and consent of the individual, his or her personal information, number one, contained in witness statements related to insurance claims. Whose commercial interests are we looking at there? Second is information produced by the individual in the course of his or her employment, business or profession. That is virtually anything. Everybody in this place is producing information literally on a minute-by-minute basis, but some organization is going to have access to that.

Members might say that in a great, open and transparent environment such as the Parliament of Canada, such as the House of Commons, anybody who is engaged in this ought to so admit. It is something that we might have asked the Minister of Defence, for example, who today talked about the complexity of the procurement process and military hardware acquisition as being a little too complicated for the simple-minded public that wants to find out whether it is transparent and whether it meets the test of value for money, as being a bit of an intrusion and just barely tolerable.

This is hardly accountability. It is hardly transparency and it certainly does not lead to the business of openness, but under PIPEDA, everybody else has to operate that way.

A third set would require organizations to report material breaches of security safeguards to the Privacy Commissioner and to notify certain individuals and organizations of breaches that create a real risk of significant harm. Somebody is going to make a judgment. I will come back to that in a moment.

As I go through this, I ask how we can safeguard Canadians' personal information. I am a consumer like everybody else in this House. As an individual and like many people in this House, excluding all those who serve the House, I am a legislator, and I do not believe that my personal information will be any safer, believe it or not, under the current drafting of Bill C-29.

The Government of Canada prepares a piece of legislation by which I, as a member of Parliament, as a consumer, as a private citizen, just like the Minister of Immigration, who is really listening to this, think that my information is easily protected by some of these measures that have gaping holes, in a legislation that did not exist before. It is going to need a lot of amendments in order for me to feel comfortable.

Why do I focus on me, Mr. Speaker? Just like you, we represent the general public and the general public expects us to feel what they feel, to see what they see, to experience what they live every day. There is not a Canadian out there who is not thinking, “Hold up. Is this legislation really designed to protect my privacy, or are they beginning to insinuate some sort of little loophole for others who are involved in business or whatever, to use to my disadvantage?” There are a lot of them out there already.

It is interesting that this legislation did not have this sound bite title that said, “We are going to go after all the crooks. We know they are out there but they are not being reported. We are going to build jails for them so that when we catch them, if we ever put police on the beat and if we ever sustain the court system enough that they will be able to process all of these accused and alleged criminals, we will actually be able to house them”.

That is not what this is about. If that is the kind of intention they have, I do not see that intention in the legislation. Primary in this kind of assessment relates to the requirement that I mentioned a moment ago to report a “material breach of security safeguards involving personal information under its control” to the Privacy Commissioner. That is what is going to happen. All of this is going to be reported to the Privacy Commissioner.

First, the threshold for determining that requirement for that disclosure is ambiguous. I noted that the minister did not make any effort to be specific to give us an indication of where the intent is. He did not give us any indication of the precision of the language. Not only is it ambiguous; it is confusing, quite frankly. As I said a moment ago, it has more holes in it than a retaining wall that has been breached by an invading army.

Second, there is no enforcement provision included in the bill to ensure that this will be done. When my colleague from Montmorency—Charlevoix—Haute-Côte-Nord says that the sound-bite legislation that the Conservatives put in place is a little bit like a chihuahua barking away and trying to bite, he is right. If there is no enforcement mechanism, what is the purpose of making all of these statements? Who are they playing for fools? Do they really think Canadians do not look, do not listen, do not watch, do not critique?

I took a look at what the bill states and under proposed section 10.1:

(1) An organization shall report to the Commissioner any material breach of security safeguards involving personal information under its control.

It does not tell us how it got there in the first place or whether the organization had the right to get it there. It goes on:

(2) The factors that are relevant to determining whether a breach of security safeguards is material include:

Here is a definition for them, and so when I say it is ambiguous, confusing, wide open, it says, first of all, the “sensitivity of personal information”. Who is the best judge of whether personal information is sufficiently sensitive? Is it going to be the organization? Is it going to be the Privacy Commissioner? Is it going to be the person about whom that information is rendered? The proposed section continues:

(b) The number of individuals whose personal information was involved...

This reminds me of days gone by when priests in a confessional were trying to explain to penitents the significance of lies. One of the penitents said, “Father bless me for I have sinned, but it is no big deal; I just told a lie”.

The priest did not know any other way to get the penitent to understand the severity of that lie and said, “I tell you what. Here is a pillow full of feathers. Go up to the top of the hill. It is rather windy right now. I want you to open that pillow.”

The penitent went to the top of the hill, opened the pillow full of feathers and, behold, the wind blew them all over the place.

The penitent went back to the confessional and said, “Father I did what you asked me to do”.

The priest said, “Good, go pick them all up”.

The penitent said, “I cannot do that. Those things have gone for miles and miles now”.

Members can understand what the priest said then. That is the gravity of personal information about which one spreads lies, but the bill does not say that the person about whom information is being supplied has any control over it. Somebody else is shaking that pillow at the top of the hill. The proposed section continues:

(c) An assessment by the organization that the cause of the breach or a pattern of breaches indicates a systemic problem.

Yes, that will happen. Every organization is willing to beat its chest and say, “Mea culpa, mea culpa, mea maxima culpa”. It is not going to happen. Very few people did it in times when people spoke Latin, and now that English has replaced Latin as the lingua franca, there are even fewer people.

So who makes the determination? Mr. Speaker, I guess you are like me. If it were my personal information that was being breached, I would want to report it to the commissioner. Yet Bill C-29 leaves that decision up to the organization that is supposedly making the report if not, in fact, the breach.

Bill C-29 also states that under proposed subsection 10.2(1), “Unless otherwise prohibited by law,” and look at that loophole:

an organization shall notify an individual of any breach of security safeguards involving the individual’s personal information under the organization’s control if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to the individual.

As the hon. member for Elmwood—Transcona said a few moments ago, so now the Americans, under Bill C-42 that the House had discussed before, can ask any of our domestic airlines, our carriers, to give them every piece of information in their possession, including everything one can name from there on in, everything one has to lay bare when one goes to buy a plane ticket. Bill C-29 essentially says that organization can do all of that.

What is the definition of significant harm under proposed subsection 10.2(2)? It is:

For the purpose of subsection (1), “significant harm” includes bodily harm, humiliation, damage to reputation or relationships, loss of employment, business or professional opportunities, financial loss, identity theft, negative effects on the credit record and damage to or loss of property.

Now one has to prove how significant that was. There are not very many people who are going to be better defenders of one's character and one's interest than oneself.

Real risk of significant harm and the factors that have to be included are those that are relevant to determining whether a breach of security safeguards creates real risk of significant harm to the individuals, and have to include the following. Listen to this. They have to include this:

(a) the sensitivity of the personal information involved in the breach;

Who is making the decision on the sensitivity? Somebody else.

It goes on:

(b) the probability that the personal information has been, is being or will be misused.

I am just thinking of Bill C-42. Any foreign state can ask of a Canadian carrier information that it will say is not going to be a problem and it is not going to do anything nasty with it, so the probability of that personal information being used or misused is practically nil, so it will take it all. Oh, good.

Again, while the conditions are defined, the interpretation is wide open and even includes variables that are impossible to determine. For example, how can an organization assess the probability that the personal information will be misused?

Most critical is that there is no enforcement and there are no penalties if the organization does not disclose a breach. This is untenable.

Other jurisdictions with similar laws have very high penalties for non-prompt disclosure. Let me see. I wonder where those other jurisdictions are.

Well, for example, right here in Canada, under the Alberta Personal Information Protection Act, PIPA, individuals and organizations can be fined up to $10,000 and $100,000 respectively for failing to notify the commissioner of a breach. There is an onus of responsibility. There is none in Bill C-29.

In Florida, which is just down the road, there are penalties of up to $500,000 for similar breaches. I mention Florida especially since our carriers are going to have to reveal everything to the Americans anyway; it is about a three-hour flight from Pearson Airport in Toronto. In Michigan, penalties run up to $750,000. Bill C-29 has no penalty. Why would these jurisdictions, including Alberta, have penalties and not the federal act that the government wants us to believe is the best thing since sliced bread?

Safeguarding Canadians' Personal Information ActGovernment Orders

4:55 p.m.

NDP

Jim Maloway NDP Elmwood—Transcona, MB

Mr. Speaker, the minister made his speech with a lot of flourish and he answered a couple of questions. He talked about $62 billion in e-commerce in Canada. The question comes down to the nature of the government's role in e-commerce and government online.

We have seen a big change in the last five years, in comparison with the previous government. The Conservative government has no vision when it comes to e-commerce. It has no vision when it comes to government online programs and broadband development.

I would like to know how much money the government is collecting on a transactional basis. Under the old Liberal government, there were a number of e-government programs that provided services to the public. They were transactional, and they contributed to the general revenues.

I would like to know what the Conservatives have done in the last five years to expand e-government services to the people of Canada. How much of it is transactional?