Mr. Speaker, I am pleased to rise in the House today to highlight the measures that our government has taken to protect the privacy of individual Canadians.
First and foremost, I would like to discuss Bill S-4, the digital privacy act. The bill would make important amendments to the Personal Information Protection and Electronic Documents Act, otherwise known as PIPEDA, with the express purpose of providing new protection for Canadians when they surf the web and shop online. PIPEDA was passed in the House of Commons in 1999 and implemented in 2001. There is nothing new about it, and there has been no mention from the opposition on amendments since that time. With Bill S-4, the government would implement new measures to better protect the personal information of Canadians.
Let me speak a little about PIPEDA in general. PIPEDA is our primary piece of legislation that lays out the ground rules for how private sector businesses collect, use, and share personal information. What kind of personal information are we speaking about? It includes name, age, banking records, shopping history, et cetera.
We know that this kind of information is gathered by many companies and organizations in the course of their day-to-day transactions. The fear, of course, is that in the wrong hands this kind of information can be exploited. In the worst cases, it is used to commit fraud, identity theft, or other harmful acts. To combat these kinds of malicious deeds, the digital privacy act would implement tougher rules to protect the privacy of Canadians.
Protecting Canadians is a major pillar of digital Canada 150, which the Minister of Industry launched last month, to help our country take full advantage of the economic opportunities of the digital age. Under the pillar of protecting Canadians, the digital privacy act would protect consumers online, simplify rules for businesses, and increase overall compliance with our privacy laws.
Before we tabled Bill S-4, the government consulted the Privacy Commissioner and got her views on how to best move forward with modernizing Canada's intellectual property laws. The minister spoke to her again before tabling the legislation. In fact, here is what she said about our digital privacy act and our efforts to best protect Canadians online. She said she welcomed the proposals in the bill. She said this bill contains “very positive developments for the privacy rights of Canadians”.
In addition, the NDP digital critic, the member for Terrebonne—Blainville, said this about our government's digital privacy act: “Overall, these are good steps. We have been pushing for these measures and I'm happy to see them introduced”.
The first element I would like to touch on is a familiar one to Canadians in this digital age, data breaches. New rules in the digital privacy act would require organizations to tell Canadians if their personal information has been lost or stolen. As part of this notification, organizations would also have to tell individuals what steps they can take to protect themselves from potential harm, actions that could be as simple as changing their credit card PIN or email password. At the same time, the bill would require organizations to report these data breaches to the Privacy Commissioner of Canada. With the passage of the bill, organizations that deliberately break the rules would face significant penalties, of up to $100,000 for every individual they fail to notify.
In keeping with the motion before us and its reference to the Privacy Commissioner, I would like to address the changes in the digital privacy act that would ensure that the Privacy Commissioner has the right tools to help protect Canadians' privacy. Bill S-4 would give the Privacy Commissioner the ability to negotiate voluntary compliance agreements with organizations. Under these agreements, organizations would make binding commitments to ensure the privacy of Canadians. This would allow organizations to be proactive and work collaboratively with the Privacy Commissioner to quickly correct any privacy violations that may have been discovered. In exchange, those organizations can avoid costly legal action. At the same time, the agreements would be binding and would give the Privacy Commissioner more power to hold organizations accountable in court and make sure that they follow through on promises to fix privacy problems.
The digital privacy act will also provide the commissioner with more power to name and shame companies that do not play by the rules. This will ensure that Canadians are informed and aware of issues that affect their privacy.
Finally, the digital privacy act will extend the timeframe, to one year, for Canadians as well as the Privacy Commissioner to take a company to court. Under the current rules, the Privacy Commissioner has only 45 days. In many cases, this is not enough time for an organization to either voluntarily fix the problem or for the Privacy Commissioner to prepare a proper application.
At all times an individual's right to privacy, as guaranteed by the Canadian Charter of Rights and Freedoms, must be respected. Despite any exception provided for in PIPEDA, law enforcement agencies must respect the charter and have a warrant or other justification to obtain private information.
Equally important in any of these circumstances, nothing in PIPEDA forces a company to turn over private information to police, government agencies, other private companies, or anyone. PIPEDA protects privacy; it does not force companies to violate it.
Bill S-4 makes sure that organizations can share information with appropriate authorities in situations that would involve providing information that will allow police to contact and communicate with the family of an injured or deceased person, sharing information in order to detect and prevent fraud, or allowing organizations to report suspected cases of financial abuse to appropriate authorities. All of these exceptions are clearly defined, and limited to circumstances where sharing this information is in the best interests of the persons involved.
Here is an example. Let us say that a bank teller notices a regular customer, a senior citizen, has been coming in lately with another person who is unfamiliar to the teller. They are making more frequent withdrawals, for more money than usual. The teller witnesses the senior handing over the withdrawn cash to the unfamiliar person. Most tellers or financial institutions would like to have the power to inform appropriate parties of this situation, such as the police, public trustees, or the client's next of kin. At the moment, our privacy law prevents the bank from informing those people who could help. The digital privacy act will remove this barrier and make sure that suspected cases of financial abuse can be reported, and the interest of seniors protected.
The digital privacy act also creates new rules whenever an organization asks an individual for their approval to collect, use, or share their personal information. This new measure will establish stronger protection for the privacy of more vulnerable Canadians, such as children. As children and adolescents spend an increasingly large amount of time online, it is important that they clearly understand the choices in front of them before they hand over private information about themselves.
The digital privacy act strengthens informed consent. Informed consent means that individuals are not just told of what is being done with their information, but that they understand the potential consequences of clicking on yes or no.
This change will require organizations to clearly and plainly communicate with their target audience when asking for their consent to collect personal information. They will have to consider whether their target audience is able to understand the consequences of sharing their personal information.
I am very proud of this aspect of Bill S-4. Given the proliferation of iPads, laptops, and BlackBerrys among our youth, the stronger rules included in this bill will make sure that individual Canadians, in particular children and adolescents, can understand the potential consequences of the choices they make.
In conclusion, the elements of the digital privacy act that I have laid out today have been carefully thought out, with the best interests of all stakeholders in mind. Our government is confident that by better protecting consumers, streamlining rules for business, and increasing compliance, the digital privacy act will make Canadians safer and more secure.
The digital privacy act will strengthen Canada's privacy laws by making sure that Canadians are informed if their privacy has been put at risk, and by holding to account those organizations that deliberately break the rules.