Mr. Speaker, I am pleased to rise today to speak to Bill S-4, the digital privacy act. I support the bill.
The purpose of the digital privacy act is to strengthen the rules for the safeguarding of Canadians' personal information when they shop online or surf the web. The digital privacy act would amend the Personal Information Protection and Electronic Documents Act, more commonly known as PIPEDA, which provides a legal framework for how personal information must be handled in the context of commercial activities.
Last April, our Conservative government introduced the Digital Canada 150, an ambitious plan for Canada to take full advantage of the digital economy as we plan to celebrate our 150th anniversary in 2017. Digital Canada 150 has five pillars and 39 new initiatives that will allow Canada to be a leading nation in the digital domain. One of the most important pillars in Digital Canada 150 is the “protecting Canadians” pillar, which is what we are talking about today. The digital privacy act would introduce new amendments and stronger rules to help protect Canadians' personal information.
As we live in an increasingly digital age, the need to protect our personal information becomes stronger. We use credit cards to purchase items online. We use the Internet to browse websites that may ask us for our personal information, and so on. Just last month, Home Depot was the victim of a massive data breach. The information of 56 million debit and credit cardholders was stolen.
It is surprising that, under the current law, it is not mandatory for companies to disclose to their clients that they have been the victims of hackers or if they have lost personal information. That means that if someone's credit card information was stolen, under current laws, that person may never know his or her information was compromised. It may be surprising to some, but it is not currently mandatory that companies inform their clients if their personal information has been lost or stolen.
Under the digital privacy act, however, if a company fails to notify its clients of a data breach where their information has been compromised, it can face a fine of up to $100,000 for every client it fails to notify. In addition, companies are now required to keep a record of all data breaches, and all documents must be handed over to the Privacy Commissioner upon his or her request.
The digital privacy act would also put in place new provisions that would allow the limited disclosure of personal information when it is in the public interest. One such example is the unfortunate reality of financial abuse. As it stands now, banks and other financial institutions are prevented from reporting suspected financial abuse to the proper authorities. The digital privacy act would give the exception to allow banks to alert law enforcement when they suspect that a senior is being financially abused.
The Canadian Bankers Association has endorsed these amendments. It said:
We were pleased to see that Bill S-4 includes amendments that would give banks and other organizations greater ability to assist their clients to avoid financial abuse.
As our society spends increasingly more time online and on the Internet, it is important that we have the proper safeguards in place for our children. Educational websites and virtual playgrounds are becoming more and more popular with young children. Sometimes, for marketing purposes, these websites will ask for the users' personal information. Under the digital privacy act, there is a clearer set of rules for when companies ask to collect personal information from a child. The request for information now must be written in a way that a child can understand. If the wording is too complicated for a child to understand, the consent is not valid.
The digital privacy act would also ensure that online privacy laws reflect the realities of business, such as allowing businesses to share employees' contact information and information necessary to manage an employment relationship. Businesses also need to be able to use the information employees produce at work as well as the information necessary to conduct due diligence during a business transaction such as a merger.
The digital privacy act also puts forward rules that align with provincial privacy laws. For organizations, it is important that consistent rules for the protection of personal information apply and that wherever they operate their businesses, their obligations would be the same. Consistent rules also provide individuals with confidence that wherever they conduct their business in Canada their information will benefit from the same level of protection. The bill before us takes steps to align our privacy rules with provincial laws.
The bill before us is a much needed update to privacy laws in Canada. It is a balanced approach that includes stronger rules to ensure companies are held to account, exceptions to allow for seniors to be protected from financial abuse, and new rules to ensure our children are protected online.
Now is the time for these measures to be passed into law through the passage of the Bill S-4. I hope hon. members will join me in supporting the digital privacy act.