Debates of May 12th, 2015

Mr. Speaker, I thank my colleague for the question.

Indeed, the way this bill was examined is very problematic. From what I remember, and someone will correct me if I am wrong, this is the only time a bill has been sent to committee for study before second reading. In such a situation, one might think there are changes to be made, otherwise why would we do that? Furthermore, this exceptional measure would allow the committee to put forward amendments that go further than the strict substance of the bill, and it is therefore a good opportunity.

We were not able to seize the opportunity, however, because the Conservatives came into the committee room saying that we should just accept the bill, otherwise there would be no changes at all to the Personal Information Protection and Electronic Documents Act, or PIPEDA.

Yes, we are running out of time. We understand that. However, the Conservatives had many opportunities to amend this legislation. They waited for years to review PIPEDA as they were supposed to do, given that under the existing legislation, the act is supposed to be reviewed every five years. We could have passed my bill, Bill C-475, which could have become law. Bill C-12 disappeared. In short, they had many opportunities.

Instead, they dragged their feet for years. When we were hearing evidence and during the study in committee, they said that time was running out and we had to accept the bill as is. Well, that is no way to operate, especially in a democracy like ours.

Mr. Speaker, we can learn quite a lot about protecting personal information from others. For example, Europe is bringing forward some very interesting ideas. However, are these the ideas that we want to include in our system or to consider for our Canadian system? We can consider them, but that does not necessarily mean that we will accept them in their present form. There are discussions under way about this. Unfortunately, we are not even able to have these discussions in this place because only the Conservatives' approach is the right one, and so it is that or nothing. That is really a problem.

We could also look to the provinces, especially British Columbia, Alberta and Quebec, which have good legislation and systems. In British Columbia and Ontario, the information and privacy commissioners have the ability to make orders following their investigations. Thus, there is already a precedent in Canada, within our own country, that we could use as a model.

I cannot understand why the bill before us does not include a clause to give the privacy commissioner the authority to issue orders. That is really ridiculous.

Mr. Speaker, I would like to thank my colleague from Terrebonne—Blainville for her work on this issue, which she knows a lot about.

We know that the Conservative government introduced Bill S-4 as a way to protect consumers. It is trying to sell the bill as a bill for consumers. However, consumer advocacy groups, lawyers, professors and even the Privacy Commissioner have indicated that there are problems with the bill, such as the provision on voluntary disclosure.

Can my colleague comment on the lack of balance in this bill?

Mr. Speaker, we heard from a lot of witnesses. We could always hear from more, since the study of a bill can go on for a long time. We heard from professors, the Privacy Commissioner and many experts. Most of them pointed out the problems that could arise because the bill opens the door to sharing personal information without consent, without authorization and without even informing the person concerned. The bill is opening that door even wider. That concern was raised, but unfortunately, the proposed amendments were not accepted.

Some amendments were very reasonable. The Privacy Commissioner even made some suggestions, which were submitted in the form of amendments during the clause-by-clause study of the bill, but those amendments were rejected. We proposed implementing a system to at least ensure that when an organization shares personal information under exceptional circumstances, a public report is issued indicating how many times such information was requested and why it was requested so that we know and we at least have a little transparency when it comes to the sharing of personal information.

There have been cases of abuse. This government and government agencies made 1.2 million requests to Internet service providers. There were no explanations, which is extremely problematic. We want to fix this problem, but instead, the Conservatives decided to keep doing things their own way, without consultation and without including what witnesses told us in committee about this bill.

Mr. Speaker, I thank my colleague from Terrebonne—Blainville for her speech.

There is something that strikes me and is very upsetting. Every time we meet in committee, the Conservatives block the committee from seriously studying opposition amendments. It is especially disturbing because one of the Conservatives' excuses, if I understand correctly, is that we cannot amend this bill since it came from the Senate and it will go back to the Senate. We have to wonder why the government chose to introduce such an important bill through the Senate.

Could my colleague tell us what she thinks about the government blocking the work that could have been done in committee to improve a bill that could potentially lead to some serious breaches of privacy?

Mr. Speaker, I thank my colleague for his question. He is right; this is a huge problem.

We heard the witnesses talk about problems, but from the very beginning, the Conservatives were not willing to give anyone the benefit of the doubt. They said that they would not change a single thing because they did not have time. There is always a way to speed things up. Where there is a will, there is a way.

I would like to emphasize another aspect of this issue. The Conservatives said that, since the Senate had already studied the bill, senators had already heard from all of the witnesses and studied the proposed changes. That is false.

Many of the witnesses who appeared during the study by elected members of the House of Commons had not testified during the Senate's study.

Furthermore, the Supreme Court's ruling in Spencer had not yet come down when the Senate was studying this bill. That is an important element to consider because it may have a direct impact on the way we treat personal information here in Canada. The Conservatives wanted to ignore all of that.

They said that the Senate studied it, but I am sorry: senators are neither elected nor accountable. I have a problem with that.

It would be better for us, the elected members who represent the ridings, to be able to make changes ourselves.

Mr. Speaker, I want to start by expressing my sincere thanks to my colleague from Terrebonne—Blainville, who just delivered a very important speech. She worked very hard on her own bill on this topic, and I think her bill should have been passed. In my opinion, her bill was far superior to Bill S-4.

I share the sentiments of the hon. member for Winnipeg North. He, like the member for Terrebonne—Blainville, said that all the opposition parties thought that in light of the work that went into the current bill and all the others, such as Bill C-12, the government might make the effort to take a collaborative approach with the other parties. Unfortunately, that was not the case.

Here we are, looking at Bill S-4, a bill that comes to us after, as we have heard from other members, a convoluted process, a bill that died on the order paper, a superior private member's bill that failed when the Conservatives did not support it. It is an effort to bring up to date the Personal Information Protection and Electronic Documents Act, otherwise known as PIPEDA.

This is, of course, a very significant area of citizen and consumer concern. PIPEDA was passed in 2000, and a lot has changed in the world of digital information, privacy concerns, and information held by Internet providers, banks, and a great number of organizations to which Canadians trust their private information online.

Bill S-4 should have been an attempt, and may in fact have been an attempt that failed, to adequately balance the privacy rights of Canadians and the important facilitation of commerce in Canada. That would certainly be the expectation.

The larger context around which the bill comes to us is one in which we have had some rather spectacular accidental breaches of the privacy of Canadians through the release, through various errors, human errors, of health information, consumer information, and banking information because of breaches in the system.

One would have thought, especially in the specific context of the last year, that in drafting the bill, the government would have been very cognizant of the decision of the Supreme Court of Canada in June 2014 in the Spencer decision. That was a decision written by Mr. Justice Tom Cromwell, one of my former friends and professors from my time at Dalhousie Law School, a brilliant legal mind and someone who has, within the Supreme Court of Canada, written a number of critical and important decisions. The Spencer decision is one of them.

The Supreme Court of Canada, in Spencer, came down very clearly on the side of the privacy rights of Canadians. Mr. Justice Tom Cromwell wrote in his decision:

...the Internet has exponentially increased both the quality and quantity of information that is stored about Internet users. Browsing logs, for example, may provide detailed information....

He went on to note that users would never really know when their information was forming some sort of pattern that resulted in a review, and users, consumers, would not know when their information might be becoming accessed. However, in entering into agreements with ISP providers, the Supreme Court of Canada, through Mr. Justice Cromwell, noted that there is a “reasonable expectation of privacy in subscriber information”.

There is no denying that Bill S-4 would do some things that are fairly universally approved of by those who are leading critics in this area. The Privacy Commissioner for the Government of Canada, and of course, the Privacy Commissioner is an officer of Parliament, saw a number of significant improvements.

The Privacy Commissioner started his review by turning his attention to the purpose of PIPEDA in the beginning, back in the year 2000, noting:

The purpose...is to establish, in an era in which technology increasingly facilitates the circulation and exchange of information, rules to govern the collection, use and disclosure of personal information in a manner that recognizes the right of privacy of individuals with respect to their personal information and the need of organizations to collect, use or disclose personal information for purposes that a reasonable person would consider appropriate in the circumstances.

Given the fast-changing world of digital communications, with the Internet, the cloud, and all the various ways in which we now store information online, fortunately Parliament saw fit in the year 2000 to include a five-year mandatory review of PIPEDA so that we could keep up with the ways in which technology moves so rapidly.

Generally speaking, some of what is being done here has met with universal support. The risk-based approach that would allow organizations to assess each incident on a case-by-case basis was supported by the Privacy Commissioner, at least. The Privacy Commissioner would have an opportunity to enter into compliance agreements, but while the Privacy Commissioner found this acceptable, numerous other commentators did not. They did not feel it went far enough or actually protect privacy information adequately.

The things that met universal approval I will list briefly. The improvements in Bill S-4 include the additional qualification and clarification of what is meant by the standard of consent, the extension of a deadline to take cases to the Federal Court, and of course, the expansion of the powers of the Privacy Commissioner to publicly disclose information related to findings. These were things the Privacy Commissioner liked.

Leading critics include, and my friend from Terrebonne—Blainville has already pointed to one of the leading critics in this area, Professor Michael Geist, advisers, and a very exceptional group of lawyers who now work a lot on information privacy law at the Public Interest Advocacy Centre, where, in the 1980s, I was also associate general counsel. However, in those days, believe me, we did not have open files on Internet data and privacy, because we were mostly dealing with trying to advocate in areas of technology that now seem very outdated. In any case, the Public Interest Advocacy Centre has stayed on top of the technology.

We had from the Canadian Bar Association, the Public Interest Advocacy Centre, Professor Michael Geist, and of course, members of opposition parties a rich group of substantive and helpful amendments that would have led to universal support for this bill at that moment. Unfortunately, those amendments were all rejected.

I want to look at three aspects in the time I have left this afternoon: compliance agreements, the expansion of voluntary disclosure, and transparency reporting.

Compliance agreements are a source of concern. The way in which they are drafted in Bill S-4 would have been acceptable had they been strengthened and had penalties or had an order-making power been available to the Privacy Commissioner, but they have none of those things. The Canadian Bar Association brief made this point about it:

Our principal concern is that while entering into such an agreement with the Privacy Commissioner stays any court enforcement by the Commissioner, it does not have any effect on any affected individual’s right to go to court against the organization for the same matter under investigation. This omission means that there is a much lower incentive for organizations to enter into such agreements. Also, it is not consistent with the regime in other similar schemes.

Despite recommendations to improve this, no improvements were made.

Second, the expansion of voluntary disclosure is probably for me the most significant failure of Bill S-4 and is quite inexplicable in that it runs directly counter to the Spencer decision I referenced earlier. This needed to have much more rigour to ensure that there was no warrantless access. This is the key issue. The task force should have come down harder for privacy rights.

Last, in transparency reporting, there should have been reforms to require organizations to publicly report on the number of disclosures they make without knowledge or consent and without a judicial warrant.

This information should have been disclosed on a regular basis for transparency, and organizations should have been required to notify affected individuals within a reasonable time of any accidental disclosure.

With that, I regretfully conclude that Bill S-4 does not meet the standard this Parliament should expect of an update to PIPEDA.

Mr. Speaker, the hon. member spoke at length in her comments about the Spencer decision.

The digital privacy act, to be clear, would not force companies to hand over private information to the police or anyone else without a warrant, and the independent officials who came before the committee, not cabinet ministers, who the hon. member has apparently such a hatred for, said that the Spencer decision has absolutely nothing to do with this piece of legislation.

I would like the hon. member to take this opportunity to point out very specifically where the Spencer decision has anything to say about PIPEDA or this particular legislation.

Mr. Speaker, first, I hasten to correct my friend. I have never spoken in this place, or in any serious location, with anything but respect and love for my colleagues.

My second point runs to the testimony provided by Professor Michael Geist that Bill S-4 runs contrary to the spirit of the Spencer decision and that, in fact, by allowing the disclosures to be made with upfront Internet service providers from telecom companies and so on without having the notification to the holder of the information, in his words:

The provision opening the door to massive expansion of warrantless, non-notified, voluntary disclosures should be removed....

Mr. Speaker, I have a question as a follow-up to the question that my Conservative colleague asked the hon. member.

The R. v. Spencer ruling came down after this bill was studied in the Senate. What is more, Bill S-4 is based on models from British Columbia and Alberta. Some aspects from Quebec are included as well.

However, we saw that a report was tabled by the Legislative Assembly of British Columbia, the region my colleague represents, saying that in light of the ruling in Spencer, it would amend its personal information protection legislation, known as PIPA. If we are basing our legislation on a model that is changing, then I think we have a problem.

Why are we incapable of working together to see what repercussions the Supreme Court ruling might have on our laws, when other legislation, on which we are basing our bills, is in the process of changing?

Mr. Speaker, I agree with my colleague.

With Bill S-4, the government missed out on an opportunity to introduce a system that is in line with the Supreme Court decision in R. v. Spencer.

It is too bad, because this really could have been possible with the amendments brought forward by the opposition parties. Every party here brought forward amendments that would have worked. However, the government decided to reject all of them.

Mr. Speaker, certainly the amendments the hon. member had presented at committee, both from the official opposition and by us, were just routinely dismissed. There was very little discussion, if any, and absolutely no room for any kind of serious work to be done because of the issue that if there were any changes, the bill would have to return to the Senate.

I would like to ask my hon. colleague if that was the reason all of our amendments were so quickly dismissed.

Mr. Speaker, I would have to say for my hon. friend from York West that I cannot offer any explanations for why amendments are rejected. We can say, though, that there is a pattern.

I have had the great good fortune—and I have to say I was very pleased—that in the committee looking at the pipeline safety act, two of my amendments were accepted. That is far more the exception than the rule. The vast majority of times in this place recently, bills go from from first reading to royal assent without any amendments. That is quite against the tradition of the Parliament of Canada and the legislative drafting process and the role we all play as members of Parliament in improving legislation. That is supposed to be the point of the committee process. The legislative process is that we work together to improve legislation, not turn it into a partisan battle over every single amendment.

Mr. Speaker, I am pleased to be here today to speak to Bill S-4, the digital privacy act, which has been referred back to the House by the Standing Committee on Industry, Science and Technology.

As consumers, we are all aware that, in the digital world we live in today, our personal information has become increasingly more accessible. People and organizations exchange huge amounts of information over the course of the day, whether it be through email, Internet browsing, or financial transactions. Digital networks have fast become the most efficient and convenient method of communication for Canadians.

Our government takes the protection of this personal information very seriously. We recognize the importance of having strong privacy protections in place to ensure that organizations are properly safeguarding the personal information of individuals across this country. Bill S-4 would implement changes to the Personal Information Protection and Electronic Documents Act, known as PIPEDA. These modifications would ensure that organizations are taking the appropriate steps to address the handling and protection of information in today's digital era. This bill, entitled the digital privacy act, sets out specific rules that businesses and organizations must follow when personal information they hold is lost, stolen, or accessed, either for malicious purposes or as the result of an accident.

As we have seen in the past year, data breaches continue to present themselves as a major challenge to the privacy and security of information. Breaches can happen in any number of different ways and to any type of organization. Digital information can be stolen through sophisticated cyberattacks or through simple software vulnerabilities that are made public.

Take the Heartbleed incident, for example. According to Symantec, this software glitch that was exposed in 2014 left approximately 0.5 million trusted websites at risk of a serious data breach. Financial information and sensitive customer data can also be left vulnerable in the event of a data breach. Unfortunately, this is a familiar topic for Canadians in today's digital age. Take, for example, last September when Home Depot announced that a data breach by unknown hackers left as many as 56 million debit and credit card customers across North America vulnerable to fraud.

Research shows that the majority of today's data breaches are conducted with malicious intent. The Symantec Internet threat report states that nearly half of all breaches are caused by outside attacks and that these attacks are becoming increasingly sophisticated. Canadians are concerned about this. A recent nationwide survey on Canadian attitudes around data breaches concluded that this issue is creating significant public anxiety. The survey found that 79% of Canadians are worried about being a victim of a data breach. Data breaches are a top-of-mind issue for Canadians. This is not surprising, given the importance of the Internet in the day-to-day lives of Canadians.

Organizations should also be concerned about data breaches, given how expensive these incidents can be to businesses. It is estimated that the cost to combat and recover from data breaches worldwide last year was approximately $364 billion. Business owners need to know that consumer demand for responsiveness to data breaches is increasing. A nationwide survey highlighted that Canadians assume that companies will take immediate action in the event that personal information is lost or mishandled.

That is not all Canadians expect. The same study concluded that over half of all respondents want companies to do the following: provide clear information and instructions on how individuals can protect themselves; and provide them with free credit monitoring for a certain period of time in the event that a breach occurs.

With the digital privacy act, our government is responding to the needs and concerns of Canadians. First, companies would be required to put in place strong security measures to prevent data breaches. Second, companies would be required to respond to a breach if and when it does occur or risk facing a strong penalty. With the changes we have proposed in the digital privacy act, if a company has its computer systems hacked and believes personal information has been stolen, or if that information has been lost inadvertently, the company would need to take a number of steps.

The company would be required to assess the risk resulting from the breach, and if it determines that the incident poses risk of harm, it would need to notify the affected individuals and file a report with the Privacy Commissioner of Canada. On the subject of mandatory breach reporting, the Privacy Commissioner has stated that:

Mandatory breach notification will bring enhanced transparency and accountability to the way private sector organizations manage personal information.

An organization would also have to keep a record of the event, regardless of whether a breach poses an obvious risk of harm. These records would not only allow organizations to demonstrate due diligence in their risk assessment, but they would also require companies to keep track of when their data security safeguards fail. This would help businesses determine whether or not they have a systemic problem that needs to be corrected.

What is more, organizations would be required to provide these records to the privacy commissioner at any time, upon request.

This record-keeping requirement would provide a mechanism for the commissioner to hold organizations accountable for their obligation to report serious data breaches.

Here is what the Privacy Commissioner had to say on record keeping:

I believe that the organization experiencing the breach is in the best position to assess risk and decide whether notification of individuals is warranted.

To provide an appropriate incentive to implement these measures, we believe that there should be serious consequences for intentionally ignoring them or attempting to cover up a data breach. Bill S-4 would make such deliberate acts a serious offence, punishable with fines of up to $100,000 per offence.

These changes are widely supported by stakeholders, as is evidenced by witness testimony during the committee's review of the bill.

The Canadian Internet Policy and Public Interest Clinic said that:

...we're very grateful to see this notification obligation coming into force. It's much delayed and needed.

The Canadian Bankers Association also came out in favour, stating that:

The banking industry supports the requirements in the Digital Privacy Act for organizations to notify individuals about a breach of their personal information where there is a real risk of significant harm.... We also support the Commissioner’s new oversight powers to ensure organizations comply with these new provisions.

Finally, the Canadian Pharmacists Association also expressed its support, saying:

For pharmacists who access a significant amount of sensitive information related to the medication and health of their patients every day, a breach or disclosure of this information has the potential to put the patient at risk.... As a result, CPhA believes that...reporting this breach to the individual concerned and the Privacy Commissioner are reasonable steps to take in order to mitigate any risk that may occur.

It's also reasonable for the organization in question to maintain proper records of these occurrences....

While there was broad-based support for the bill among stakeholders, the committee did hear some concerns about certain elements. One issue on which the committee heard different views is the threshold for reporting data breaches to the commissioner. Some stakeholders felt that the threshold is too high and that more breaches should be reported. Others thought the threshold is too low and that only material breaches should be reported to the commissioner.

The digital privacy act would take a balanced approach, one that avoids over-reporting of harmless incidents and yet allows the commissioner to oversee how organizations are meeting their obligations. The Privacy Commissioner agreed, telling the committee:

I support the risk-based approach that will require organizations to assess the seriousness of each incident and its impact on affected individuals.

Some stakeholders also expressed concern that the obligation to keep records of all data breaches is burdensome. However, the Privacy Commissioner, again, believes that the digital privacy act would get it right, telling the committee:

Requiring organizations to keep a record of breaches and provide a copy to my Office upon request will give my Office an important oversight function with respect to how organizations are complying with the requirement to notify.

Record-keeping can be done in a way that would minimize burden while still allowing businesses to demonstrate that they are conducting the proper risk assessments. The government would need to enact regulations to elaborate on what these records would need to look like and how long companies would need to hold on to them.

As a result, consultations during the regulatory development process would allow for further discussion, with stakeholder input, on this important issue.

Finally, some have questioned the need for fines in this area. The government recognizes that many organizations already notify individuals of data breaches in a responsible manner. However, we know from experience that there will always be those who try to break the rules.

The penalties in the digital privacy act would target those organizations that wilfully and knowingly disregard their obligations under the law or, worse, cover up a breach. These fines would not apply to organizations that make a mistake in good faith.

The Canadian Internet Policy and Public Interest Clinic at the University of Ottawa told the committee that:

We're very grateful to see a penalty regime for instances where the breach notification obligations are knowingly ignored.... The fines currently in PIPEDA are designed as penalties for very overt offences.

Bill S-4 would encourage all organizations to play by the same rules and implement adequate controls and safeguards around the personal information they hold.

Furthermore, I encourage the House to oppose the motion put forward by the Green Party to delete clause 10 of Bill S-4. This would remove the new requirements for organizations to notify individuals who have been put at risk if their personal information is lost or stolen. The amendment ignores the advice of numerous privacy advocates including the Privacy Commissioner of Canada.

On several occasions, the commissioner has recommended that PIPEDA be amended to require mandatory data breach reporting. The digital privacy act would act on this recommendation, and the commissioner has expressed strong support for the approach taken in Bill S-4. The Privacy Commissioner and the majority of witnesses who appeared before the standing committee agreed that Bill S-4 is a significant improvement to PIPEDA and a necessary step in ensuring Canadians' personal information is safeguarded.

I think the Canadian Life and Health Insurance Association said it best in its witness testimony. It said that Bill S-4 takes a balanced approach to the responsibilities placed on business and organizations, but most importantly, it would protect the consumers of those businesses and give individuals the information they need to take corrective action when necessary.

Both business and consumers have been empowered in the digital age, but if Canada is to remain a leading digital nation, Canadians need to have confidence that their online transactions are safe and their privacy is secure.

Bill S-4 would strengthen these rules and increase the protection of Canadians' personal information. In summary, the digital privacy act would balance the privacy needs of Canadians and the ability of businesses to access and use personal information in their day-to-day operations. It would do this in a way that avoids over-reporting of harmless incidents while making it clear to businesses what their legal obligations are.

I hope we can count on the opposition's support and quickly pass the digital privacy act into law.

Mr. Speaker, the Conservatives came to the committee study of this bill with their minds already made up. They said that we absolutely had to pass this bill in its current form without any changes, otherwise the process would take too long, especially with the upcoming election. Everyone in the House knows that we will be having an election soon, but the Conservatives had four years to do something.

The member even said in his speech that this bill was overdue and that it was needed. Of course this bill is long overdue, because the Conservatives waited four years before they introduced anything. Bill C-12 disappeared completely, and some reviews of PIPEDA simply fell through the cracks because the Conservatives did not act. They could have voted in favour of my bill, Bill C-475, and the legislation would already be amended.

Why did they adopt that attitude at the committee meetings? How can they justify such an undemocratic attitude towards this bill?

Mr. Speaker, I find this question very interesting. Oftentimes we hear members of the opposition stand and complain that we are passing legislation too quickly. However as we pass this legislation, legislation that is really important to Canadians from coast to coast to coast, on the other hand, members obstruct time and again, moving motions that delay the operations of the House so that we cannot pass legislation that we need to get passed.

In this case, we have a piece of legislation that is incredibly balanced. Witness after witness throughout the committee process said as much. Certainly there were people on one side of some parts of the legislation and people on the other side of other parts of the legislation. We found time and again that the legislation came right down the middle.

Witness after witness said it is important for us to get this legislation passed, and I hope we can count on the opposition members. The opposition member who just asked the question has come out praising the legislation. We hope we will be able to get this legislation passed soon with the help of the opposition.

Mr. Speaker, I was not planning on asking my colleague a question, but I absolutely have to, when my hon. colleague talks about all of these witnesses after witnesses. It is like most of their legislation. I believe we had four or five meetings in total. At the Senate there were two or three, and in fact Professor Geist was one of the first witnesses who came to committee, and his first complaint was the fact that at the Senate there were two or three meetings, and that was it.

This is an important piece of legislation. My colleague suggests that there were so many meetings and lots of witnesses who came out. Yes, there was support because this is needed legislation, but there are ways of making the legislation better, which is what the official opposition, the Liberal Party, and the Green Party were trying to do. We were trying to improve the legislation, but we were given no chance at all.

Mr. Speaker, I do not know if there was a question there. It sounded more like a statement, and I find the statement interesting, because she sits on the committee. She is a good friend, but I do not remember her at any point, in committee or even privately, coming up to me and saying that we were not having enough meetings on this legislation. No one made that argument. Certainly amendments were put forward and were voted on by the committee.

I would also point out that the legislation we are looking at today largely comes from a unanimous report in 2007 that was supported by members from all parties. Many of the measures that we are talking about and hearing about in speeches from the other side are measures that were put in place based on the recommendation of a unanimous report from all parties in 2007.

Mr. Speaker, I thank my colleague for his presentation today on this important legislation. I would like to ask him, with regard to Bill S-4, if he could elaborate on how our government is working to protect and help vulnerable Canadians, especially children.

Mr. Speaker, again, that was an important part of the committee hearings. Witnesses came before the committee and talked about how the legislation needs to be changed to enable the sharing of information about financial abuse of senior citizens and others, for example, and not just information dealing specifically with children. They said that we needed to ensure that we struck a balance in protecting people's privacy while still being able to share information when people were vulnerable to financial abuse.

They also talked specifically about taking steps to ensure that when organizations are specifically targeting children, the information that they are asking for is clearly communicated in a way that a child or the person being asked for information would understand.

These are common sense changes that make this legislation even better.

Mr. Speaker, I find the question that was just asked to be a bit rich, given the fact that it is the current government that refused to spend $10 million and ripped it out of the RCMP budget. It was actually geared toward sexual exploitation. If the Conservatives are really serious about protecting youth, that is where they should have spent that money.

With respect to the bill, when we look at the amount of testimony and the number of people who indicated that there should be some amendments to it, we see that the opposition submitted 18 amendments, all of which were rejected. It is as if on that side of the House, they do not think anything can be improved unless it corresponds to their mindset.

Given that we proposed several amendments and that they refused to listen to the concerns expressed by the witnesses during the study, and given that every single witness and group that appeared before the industry committee argued in favour of amending the bill and making it better, I wonder why they did not do it. Why are they rejecting all amendments that could give Canadians the protection they want for their personal data and electronic documents? Why push forward with this legislation, which would likely not withstand a constitutional challenge? Can the member guarantee that this legislation would actually pass a constitutional challenge?

Mr. Speaker, let us start by saying that the hon. member was not on committee and was never at any of the hearings, so I reject the vast majority of her question.

Regarding this idea that the committee did not hear from witnesses, the fact of the matter is that for almost every one of the suggested amendments, there was a group of witnesses on one side saying that we should be tougher and another group of witnesses on the other side saying that it should be easier. We struck a balance somewhere in between. Certainly we had the opportunity to hear a variety of witnesses across the board.

When it came to hearing amendments, there were several amendments moved by the opposition. Someone mentioned 18, but I cannot remember what the number was. Many of them were redundant, in that many of them were the same amendment moved in different areas. In several cases, I remember that the member's own party moved amendments that did not make any sense and had to withdraw those amendments before they were even debated at committee.

Certainly we had the opportunity to hear the experts from Industry Canada weigh in on the legislation and give very well-reasoned arguments about why the legislation was the way it was. I think we came forward with a piece of legislation that would make PIPEDA stronger than it has ever been.

Mr. Speaker, surely the member would recognize that Bill S-4 was put in a unique situation in that it went to committee before it received second reading, thereby creating what turned out to be a false expectation that the government was open to making changes. In reality, all the amendments brought forward were defeated. It was almost like a normal routine of other pieces of legislation that have just gone through the normal process at second reading.

My question to the member is this: why did he feel it was important to isolate this piece of legislation by bringing it to committee before it completed second reading and then sending it to committee stage? Why change the normal procedure, given that the government had no intention of making amendments?