Mr. Speaker, this bill establishes a mechanism to be used by organizations to report data breaches, data thefts, and so forth, which is very important. I called for such a mechanism in the House and proposed one in my Bill C-475.
However, the model proposed by the government in this bill is extremely subjective. The organization itself determines whether or not the data breach is serious and whether or not to notify the people concerned. Some data breaches may not be reported to the commissioner or the individuals in question. The individuals would not have the opportunity to take the necessary steps to properly protect themselves.
Instead of implementing a subjective measure, why not implement an objective measure that would put more power in the hands of the individuals whose identity or personal information has been stolen or breached?