Debates of Nov. 24th, 2020

Madam Speaker, the question was with regard to algorithms, which I went into quite extensively in my speech.

Again, I would certainly applaud the government for taking responsibility and putting within the bill the need for transparency around algorithms, but here is the deal: if, as a consumer or as a user, I ask for the algorithms that are being used when I am on a certain website, and those algorithms come back to me as numerous pages of scattered numbers and letters, what does that mean to me? What good is that to me?

Therefore, in this legislation, we actually need to make sure it is not just the transparency of the information being used and the algorithms being used. We also have to make it accessible to Canadians. They have to understand what is actually being done. They need transparency, and to know, when algorithms are being misused, if they will have the opportunity to take action and to seek justice.

This legislation falls short. It does not provide that for Canadians.

Madam Speaker, there have been discussions among the parties, and if you seek it, I believe you will find unanimous consent for the following motion. I move:

That, during the debates on November 24, and November 26, 2020 on the Business of Supply pursuant to Standing Order 81(4), no quorum calls, dilatory motions or requests for unanimous consent shall be received by the Chair and, within each 15-minute period, each party may allocate time to one or more of its Members for speeches or for questions and answers, provided that, in the case of questions and answers, the Minister's answer approximately reflect the time taken by the question, and provided that, in the case of speeches, Members of the party to which the period is allocated may speak one after the other.

This being a hybrid sitting of the House, for the sake of clarity, I will only ask those who are opposed to the request to express their disagreement.

Accordingly, all those opposed to moving the motion please say nay.

Hearing none, it is agreed.

The House has heard the terms of the motion. All those opposed to the motion will please say nay.

There being no dissenting voice, I declare the motion carried.

(Motion agreed to)

Madam Speaker, I will be sharing my time with my colleague from Egmont.

It is with great pleasure that I rise in the House today to speak to the consumer privacy protection act and explain why this reform is important for enhancing the protection of our personal information.

When we talk about consumers, we are talking about all of us. All Canadians deserve the peace of mind of knowing that their personal information is protected.

As the Privacy Commissioner of Canada has said, the pandemic has accelerated the digitization of our lives, which inevitably increases risks to our privacy and the security of our data. This has raised serious concerns about our personal freedoms, our societal values, the public good, and the compliance and oversight measures required to manage this public health crisis.

Clearly, this crisis has laid bare the need for a certain use of available data, including personal information. In this context, we have seen many different approaches around the world. Different countries have deployed an array of technologies to support their efforts.

In some cases, their approach has focused on collecting location data for contact tracing or population monitoring or even for tracking an individual's movements. In other cases, telecom service providers have given the government location data from their network. On that, let me make it clear that our approach, Canada's approach, does not use those types of technologies.

This federal government will always defend our privacy and our personal data. Many stakeholders and experts have noted the potential impacts on the right to privacy arising from technologies being used elsewhere around the world. We heard those concerns, and that is why our Canadian approach does not involve these types of technologies.

For example, in the case of the COVID Alert app, our government worked with a variety of partners to support public health efforts to limit the spread of the virus, while also making sure we protected Canadians' privacy. The application was designed with this very objective in mind. As we have said before, the app has no way of knowing one's location, name, address, contacts or other information. In fact, following a review of the app, the Office of the Privacy Commissioner fully supported it.

I hope that this dispels any lingering myths about the app, and as we are very much still in the midst of this pandemic with rising community cases throughout the country, I would like to take this moment to encourage everybody to download the COVID Alert app.

Bill C-11, before us today, would create a strong framework for the protection of personal information in the private sector. The new consumer privacy protection act would impose requirements for obtaining individuals' consent to collect and use their data. Consent must be granted prior to data collection, and consent forms must be written in plain language that absolutely everybody can understand.

While this is extremely important, I know from my own experience, the experience of my friends and speaking to my constituents, and surely this is the case for many Canadians across the country, that not everybody reads the disclosure and consent page before clicking “I agree”. That is why we have proposed in this bill to legislate that organizations can only seek consent for data that are strictly necessary for their purposes. They can collect credit card information if they are selling something; they can collect an address if they will be delivering something.

Critically, this bill also would further empower consumers. It would give us the unfettered right to ask what information has been collected about us, how it has been used, whether it has been shared, and whether it has been sold. We, as consumers, would have the right to access the information that an organization might have on us and request its immediate deletion.

Another groundbreaking provision involves AI and algorithmic transparency. We are all familiar with these algorithms which make predictions and recommendations with the aim of influencing and impacting our decisions. Whether our experience is seeing advertising on Facebook or Google, which, very strangely, resembles some searches we recently did, or recommendations of videos on YouTube, for example, Canadians are constantly being fed information and suggested purchases based on algorithms that we know very little about.

Without going on too much of a tangent, I watched a few weeks ago a documentary called The Social Dilemma. I imagine many of us in this House who are interested in the topic of privacy protection and the Internet are familiar with the documentary. Let me say it scared the you-know-what out of me.

This bill would make it mandatory for companies to provide answers and an explanation, upon request, about how any predictions or recommendations targeted toward us were obtained. Legislating that right, providing that opportunity for consumers, is itself a deterrent for companies seeking to make use of algorithms for nefarious purposes. This is a critical step forward.

This bill deals with a very complex issue for individuals and consumers and for businesses. It recognizes individuals' right to privacy as well as the need of organizations to collect, use or disclose personal information in the course of reasonable commercial activities.

Our privacy bill is flexible enough to allow companies to apply the general requirements to practices specific to their sector. However, I want to make it very clear that good intentions on the part of private-sector organizations are not enough.

We know that for the new protections included in the legislation to really be implemented, we need binding and effective mechanisms to protect the rights of Canadian consumers. That is why this bill includes serious penalties for those who try to get around it. We are talking about monetary penalties of up to $10 million, or 3% of global revenues, for large corporations that break the law. For more serious offences, fines up can go up to $25 million, or 5% of global revenues.

These measures would be among the toughest in the G7. Our government takes the privacy of Canadians very seriously, and the web giants must do the same. We have seen major innovations and digital solutions that not only serve the public interest, but also protect the privacy of our citizens.

The legislation would allow companies to innovate in a responsible manner and enable Canadians to have more control over their personal information. It is true that the digital environment presents many challenges, but we must not let that stop us. There are tremendous opportunities. Back home in Montreal, I am seeing the potential of AI and responsible data usage. I am thinking about Mila, Element AI, Hopper, AlayaCare and all the start-ups and small businesses that are opening every day in Mile End and Mile Ex. We must continue to encourage the development of this sector while ensuring that the public has confidence in the regulatory and legal framework governing these companies.

As legislators, we must give Canadians our assurance that their data is safe and their privacy is respected. This assurance is necessary not just to foster creativity and innovation, which are essential ingredients for building a strong economy, but also to give us all peace of mind.

Madam Speaker, I listened carefully to my hon. colleague's speech and I saw that the government did its homework by looking at what is being done elsewhere in the world and learning from the experience before legislating on this issue.

It is a good idea to see what other countries are doing wrong so as not to make the same mistakes, but it is also a good idea to look at what other countries are doing right. The Europeans implemented a whole set of regulations to force financial institutions to verify people's identity before authorizing transactions. That is missing from this bill, so we are failing to protect our constituents. I will repeat that we work for them. This does not protect them from fraud.

Does my hon. colleague not agree that this is a weakness of the bill?

Madam Speaker, I think what we have before us is fairly comprehensive.

We do need to look at what is being done right elsewhere, but we have also created a whole framework. We have also created a tribunal where consumers can file complaints and appeal their case. I believe that what we are presenting today is quite substantial, but I am of course very open to looking at what other countries are doing if my colleague wants to present specific amendments in committee.

Madam Speaker, we have had a lot of time to talk about the current situation of privacy in Canada. As the member forPortneuf—Jacques-Cartier mentioned, there are many situations in Canada where privacy has already been a problem. I wonder what the member's thoughts are on this. We are like a sinking ship. We have many holes in the Canadian privacy ship. Meanwhile, the government is talking about a scheme that would make it perfect. Why not just plug the big holes, such as the infiltration by Russia, Iran, or even China through Huawei's 5G network? To me that is not the wisest way to handle our current situation.

Madam Speaker, I did have the opportunity to rise on the Conservative motion with respect to Huawei. As I made clear at that time, there are no providers in Canada at the moment that are using Huawei's 5G infrastructure.

I would also take issue, perhaps, with the word “scheme”. What is presented here in the bill before the House is a very serious framework for the protection of personal information and data on behalf of all Canadians. It is certainly something that I am looking forward to debating more fully today and in the future. If there are specific amendments, as I said, I think we are open to them, but at its core, we have a very sound structure that we presenting in Bill C-11.

Madam Speaker, when Canadians' privacy rights are violated, they should be compensated. We have already heard stories about consumers in the U.S. receiving compensation, when Canadians in the same circumstances received no compensation. I think that is a gap in this bill.

I am curious about going a step farther. I am wondering if the member could comment on the idea of consumers being compensated for the data that they are giving, and having more choice around which data and which personal information is going to these big web tech giants.

Madam Speaker, I detailed, in my speech earlier, the very significant fines that companies would suffer for any contravention to this law.

I understand that what my colleague is asking for is compensation directly to consumers. As a former commercial litigator, I think there are serious issues with identifying what appropriate damages would ensue from what kinds of data breaches.

What I find so interesting about many of the provisions in this legislation is that it provides deterrence for companies not to engage in this behaviour. It would actually eliminate the behaviour that we want to discourage rather than compensating consumers after the fact.

Madam Speaker, I am rising to respond to a question of privilege raised by the member for Peace River—Westlock concerning the government's response to Order Paper Q-97.

Members well know that there are many precedents that support the notion that the Speaker is limited in his or her ability to judge the quality of the response to an oral question or a written question.

I can say with absolute certainty that the Standing Orders have been respected in the case before the House. The government tabled an answer to Order Paper Q-97 within the time provided under our rules.

On November 27, 2018, the Speaker ruled on a similar situation:

Any dispute regarding the accuracy or appropriateness of this response is a matter of debate. It is not something upon which the Speaker is permitted to pass judgment.

This is precisely the situation with this matter. While I maintain that this does not constitute a prima facie question of privilege, the government is of the view that accurate information is to be provided to members who make such requests.

I would note that in the future when a member feels that information provided through other means does not completely align with the information provided through an Order Paper question, that the appropriate course of action might be to raise this issue with the parliamentary secretary or minister who provided the response.

The Conservatives are right to talk about the sanctity of this House and the great responsibility placed on members to respect the traditions and practices of this august Chamber. Surely no member would want to diminish the respect for this House by deliberately weaponizing questions of privilege and points of order to score political points.

If the member opposite really believes that his privilege has been abused, he could have simply raised this matter with the minister who provided the response. That did not happen. It rarely does happen, and that is unfortunate.

That said, I do believe that all members ought to have easy access to precise, relevant and complete information. As a result, I have asked the parliamentary secretary who provided the response to ensure that the member for Peace River—Westlock has the information he requested. His privileges rest on his ability to receive the information he has requested, not his ability to bring into question the government's motives.

I thank the members of the House for their indulgence in allowing the government to respond to this matter.

I do appreciate the additional information that the parliamentary secretary has provided to the question of privilege. I am sure that the member for Peace River—Westlock will appreciate the information from the parliamentary secretary. I will take all of the information under advisement, and will come back to the House should I need to respond.

It is my duty pursuant to Standing Order 38 to inform the House that the questions to be raised tonight at the time of adjournment are as follows: the hon. member for Mégantic—L'Érable, Official Languages; the hon. member for Saskatoon West; The Environment; the hon. member for Courtenay—Alberni; COVID-19 Emergency Response.

Madam Speaker, it is a pleasure for me to stand and resume debate on Bill C-11, now at second reading, on the consumer privacy protection act.

This act, which replaces private sector privacy protections under the Personal Information Protection and Electronic Documents Act, PIPEDA, places consumer protection at the forefront in order to ensure Canadians have confidence in the digital marketplace and can trust that businesses are handling their personal data responsibly.

It is important in an era of global online commerce for Canada to put in place a privacy standard that offers consumers increased control over their personal information as they participate in a modern digital marketplace. The act also includes important changes to enable and support innovation in an increasingly digital marketplace.

Today I will be speaking about how our government is supporting business and protecting Canadians' privacy as they actively participate in the digital economy. Our government is working to establish an enhanced privacy framework where consumer protection is strong and where businesses are supported in their efforts to innovate in a rapidly changing digital landscape.

Bill C-11 makes important changes to the privacy framework for Canadians. It sets out enhanced measures for Canadians to ensure their personal information is protected and it enables new rules and mechanisms for industry in a way that promotes innovation in a digital world.

We understand the need to ensure the privacy of Canadians is protected. There is also a need to ensure that Canadian businesses have the supports they need to grow and prosper in a global marketplace that runs on digital technologies and data. These changes come at a time of great change, not only in terms of rapid advances in digital technologies, but also at a time that is critical for business to adopt and innovate in a digital world.

The need for digital solutions in our daily lives has become essential in the current pandemic environment. In a time when physical distancing has been so important, consumers want solutions that give them access to the products and services they need and firms need to keep doing business and set themselves up to grow.

For many, digital solutions have been the answer. However, we all recognize that new technologies are providing companies with vast amounts of personal information, data that is essential to making business decisions and offering new services to customers.

Innovation and growth are critical, but we must stand up for Canadians and ensure that this innovation happens in a responsible way. Today, I will be outlining the key elements of Bill C-11 that enable responsible innovation done right in the Canadian way.

One of the goals of PIPEDA, our current law, has been to ensure companies are able to handle personal information to meet their legitimate business needs and do this in a privacy-protected way. To achieve this dual objective, PIPEDA's framework is principles-based and technology neutral. This framework ensures that the law continues to apply even as technology has undergone rapid change. The CPPA retains this approach, continuing the success of a flexible and adaptable privacy law in the Canadian private sector context. We all recognize that times are changing rapidly.

To better reflect the realities of the digital economy and to continue the emergence of the new big data technologies and artificial intelligence, the CPPA has a number of provisions that support industry moving forward. The bill would create a level playing field for companies of all sizes. It does this by reducing administrative burdens, critical for the vast number of small and medium-sized enterprises in Canada so essential to our economy.

It introduces a new framework for personal information that is de-identified. It establishes new mechanisms likes codes of practice and certification with independent oversight by the Office of the Privacy Commissioner. It addresses data for research purposes or purposes deemed to be socially beneficial.

I will outline how the bill would do it all. The bill before us today includes a new exception which is consent to cover specified business activities. The goal here is to allow Canadians to provide meaningful consent by focusing on specific activities that involve real choice. This is critical to avoid blanket consent agreements or the long, multi-page contracts that no one reads.

It would also reduce the administrative burden on the business in situations where an individual's consent may be less relevant, such as a company's choice of a third party service provider for shipping goods. The customer wants goods shipped and the company should have the ability to make this happen. The law should not add extra burden to fulfilling the service.

Therefore, the bill provides for new regulations to be developed for prescribed business activities, and that introduces the concept of legitimate interest in Canada's privacy framework. This is something that industry has asked for and the government has answered in Bill C-11.

Second, we are better defining and clarifying how companies are to handle de-identified personal information, that is, personal information that has been processed and altered to prevent any identification of a particular individual. The bill would allow organizations to de-identify personal information and use it for new research and development purposes. Businesses must undertake R and D to improve their products and to offer customers the new and leading-edge services that they are looking for. This provision would give businesses the flexibility to use de-identified data for those purposes, adding value for customers and firms alike.

The law would also allow organizations to use data for purposes of the public good, specifically by allowing companies to disclose de-identified data to public entities. Such disclosures are only allowed where the personal information cannot be traced back to a particular individual and there is a socially beneficial purpose, that is, a purpose related to health, public infrastructure or even environmental protections. This kind of provision would protect individuals while ensuring that we use all the tools at our disposal to address the biggest challenges of our time.

Included in the bill is a clear set of parameters for institutions, such as hospitals, universities and even libraries, that would seek to receive personal information for a socially beneficial purpose. These parameters would help to clarify the rules of the road in a new and important field.

These new provisions would also permit organizations to share more data in a trustworthy manner. This would allow the private sector to work with different levels of government and public institutions to carry out data-based initiatives in a privacy-protecting manner. By taking this approach, the bill accommodates emerging situations where collaboration between public and private sectors can provide broad public benefits, while at the same time retaining the trust and accountability we demand and deserve.

Third, the bill would provide a framework for codes of practice so that businesses, especially those in specific industries or sectors of the economy, can proactively demonstrate their compliance with the law. The bill would do this by introducing coregulatory mechanisms into Canada's privacy landscape that would have businesses and the Privacy Commissioner working together. For example, companies operating a specific type of business could develop a code of practice that demonstrates compliance with a specific part of the law, and the Privacy Commissioner could formally recognize the code. For instance, there could be a code for de-identification.

Lastly, the bill provides for certification and certification bodies. Such bodies could use codes of practice to certify businesses compliance with some or all of the law. This is a useful tool for companies, especially small and medium-sized identities, and would be backed up by oversight by the Privacy Commissioner. This means that the Privacy Commissioner would have the option to decline to investigate a privacy complaint when a company has obtained a certification related to the complaint. This is not only efficient, but also provides an additional layer of certainty for business and consumers alike.

Recognized practices, codes and certifications would make it easier for business to comply with the law and for individuals to understand how they are protected. Bill C-11 would not only help keep the personal information of Canadians safe, but enable tomorrow's innovators by supporting Canadian businesses in every corner of the digital economy.

With the bill, the government has made innovation and economic growth a top priority. It is a major step forward.

Madam Speaker, I want to thank my colleague for all his clarifications on Bill C-11.

However, I would like to take him in another direction. Quebec is also currently studying proposed legislation, Bill 64, which would provide increased protection for personal information and is heavily based on European law.

I am wondering if the government considered how these two laws will work together, to avoid the confusion that any overlap would cause for the consumer.

Madam Speaker, crafting legislation is obviously complex, and governments reach out to various jurisdictions in analyzing similar legislation to adapt best practices that occur elsewhere. Certainly, as the bill moves through the parliamentary process and gets analysis and debate at various stages including committee, I am sure all those best practices will be brought forward and included in any amendments that may make the bill stronger, better and less confusing for consumers, as the hon. member pointed out.

Madam Speaker, the complexity of the question lies in the definition or interpretation of consent by the individual who is giving it. That is why legislation in most cases is broad and can be broadly applied, as my hon. colleague pointed out. She used a specific reference, but in this case it is about incorporating an individual's or a business's idea of consent into legislation so that it respects the many definitions of consent across the country.

Madam Speaker, could my hon. colleague provide his thoughts as to why it is so important that we bring forward legislation of this nature? I have not had this factually substantiated, but one thing I was told is that the amount of information that has been put on the Internet in the last two years is greater than the amount of information that has been put on the Internet for decades. One can only imagine what it is going to be like two years from now.

Could my colleague provide his thoughts on why it is important that we bring forth this legislation?

Madam Speaker, as my colleague is a long-time parliamentarian, he would understand that in the last five to 10 years, the world economy has expanded and changed so rapidly, especially on the data side and in the technology base, that we are really running to catch up. If we look at businesses in the past, we see change occurred slowly and businesses, especially small businesses, could adapt to it in a meaningful way.

At the heart of this legislation is the idea of providing certainty in an uncertain world to small and medium-sized businesses, which really are the foundation of Canada's economy. The government should be able to provide certainty to small and medium-sized businesses, as it is a key economic driver in the country.

I am excited about this legislation, as it provides for a certain world in a very dramatically changing data period. That is why the bill is important. It will require amendments, though, as it goes down the road, because we will be playing catch-up for some time.

Madam Speaker, I am honoured to be sharing my time with the member for Terrebonne.

I am pleased to rise to speak to the fundamental issue of the protection of privacy.

Since March 2020, Quebec business owners have been hard hit by the negative economic impacts of the COVID-19 crisis, namely the lockdown, the closures, the health measures, the labour shortage and the drop in consumption.

SMEs in Quebec have received assistance in the form of tax credits from the Government of Quebec and the Government of Canada to help mitigate these negative economic impacts. Now more than ever, SMEs are struggling under a burden of debt and many of them may never recover. At this difficult time for Quebec's social and economic life, I am worried about Quebec's SMEs, and particularly the small business owners who do not have the time or money to get bogged down in a data protection program that, in some cases, will have to take into account a number of Quebec and Canada laws.

By amending the Privacy Act, the Government of Canada is creating a number of problems for Quebec's SMEs because of legislation adopted by two governments, the Government of Quebec and the Government of Canada. Depending on whether their economic activities extend beyond Quebec's borders, it is very likely that Quebec's SMEs will not know which law governs their data protection plan.

The new federal law proposed in Bill C-11 will have real teeth, which means that Quebec's SMEs are likely to suffer, unfortunately. I am scared to think how this bill will affect Quebec's SMEs.

The pandemic is forcing many retailers to shift to online sales, the kind of electronic commerce referred to in the bill. In his speech to the House this morning, the Minister of Industry acknowledged that the protection of personal information is essentially a provincial responsibility and a matter of civil law. He said his bill respects provincial jurisdiction, but a closer look at the text reveals that to be not quite the case.

It is true that Bill C-11 applies to all federally regulated businesses. However, businesses that are not federally regulated, which describes the vast majority of companies and virtually all SMEs, are not really excluded from the scope of the bill.

The minister can exclude them if the province has substantially similar legislation, as is the case in Quebec, but he cannot exclude them entirely. In fact, he can exclude them only “in respect of the collection, use or disclosure of personal information that occurs within that province”.

Imagine the mess: a Quebec SME will have to comply with the Quebec law if the information does not leave Quebec, but it will have to comply with the federal law if the information does leave Quebec. Information collected from one customer will be subject to two different laws.

Which law do Visa card payments fall under? Does it depends on which territory the Visa server is located in? This seems unenforceable to me. If a business is covered by the Quebec legislation on data protection, that should apply to all its activities, not just half of them, as it would under the bill as currently worded.

Furthermore, Quebec laws are also adapting to the reality. We must recognize that the federal government's bill represents a step forward, because the current legislation has no teeth. Under Bill C-11, a privacy commissioner could establish the specific practices to be adopted in accordance with the principles set out in the legislation. A privacy commissioner would have order-making powers to force organizations to comply with those principles.

Under Bill C-11, a citizen could file a complaint with a tribunal. The privacy tribunal will also be able to impose significant penalties of up to 3% of a multinational's global revenue for non-compliance. In short, the major difference between the law and the bill we are debating, is that the bill's mechanisms are more favourable to citizens when faced with an organization that misuses digital data.

This bill fails to address the important issue of online identity protection to prevent fraud through identity theft, especially when Canadians engage in financial transactions. Bill C-11 does nothing to ensure that financial institutions in Canada verify someone's identity before authorizing a transaction, which exposes Canadians to fraud. Even the federal government has failed to properly verify a person's identity before authorizing an electronic transaction.

I would like to share an unfortunate incident that happened to one of my constituents. This summer, a young man was a victim of identity theft and wound up having to defend his reputation to the Canada Revenue Agency and another financial institution. It was my own office manager who, while talking to a federal official on the phone, realized that fraud had taken place. My office manager took charge of the case and helped my young constituent navigate the unpleasant process that lasted weeks. There was a police investigation and all kinds of documentation. There were numerous discussions with a financial institution and government officials. He had to go to great lengths just to prove that a fraudster had stolen his identity and to defend his reputation to a financial institution and the Canada Revenue Agency.

It was weeks before this young man was able to access the Canada emergency student benefit he very much needed. That is not exactly the kind of introduction a young adult should have to dealing with banks and governments. This whole situation happened because the government did not take the time to verify the identity of the CERB applicant.

The government needs to set an example and take immediate action to combat identity theft. This is a serious problem. Bill C-11 contains some privacy mechanisms, but there is no mechanism to verify the identity of users or consumers to protect their personal information.

I remind members that private information falls under the umbrella of property and civil rights, which is a provincial jurisdiction, as set out in the Constitution. Quebec is in the process of modernizing its act. Unfortunately, it is difficult to assess right now how the federal act and the Quebec act will interface.

However, the Bloc Québécois foresees some problems, and we do not want these problems to affect small businesses in Quebec, which, I remind members, are struggling as a result of the economic issues associated with the COVID-19 crisis.

SMEs carry a heavy debt load at times. Any additional weight on the shoulders of Quebec entrepreneurs is becoming harder and harder to bear. Considering the potential administrative nightmare that could result from how the federal legislation intersects with the Quebec legislation, I would ask that Quebec SMEs be exempt from Bill C-11.

Simon Marchand, chief fraud prevention officer at Nuance Communications, is a certified fraud examiner, a certified administrator and an expert in biometrics and security. He appeared before the Standing Committee on Industry, Science and Technology on May 20. We were discussing fraud-related topics. He mentioned that in the context of COVID-19, telework was a risk factor. This is especially true when it comes to customer service.

All customer service agents who normally work in call centres now work from home, in an unsupervised environment. These agents have limited resources, but now have the opportunity to access sensitive consumer information, whether it is data on their assets or information that could be used by anyone to impersonate someone else.

A second factor is the socio-economic reality, which will no doubt put pressure on many households. When it comes to internal fraud, we know that pressure and opportunity are the two basic factors that drive an employee to go against their employer’s interests and commit fraud.

Some areas have seen a 600% increase in the number of phishing scams involving COVID-19; attachments, links to websites and other methods are being used to lure victims. Fraudsters will be able to get their hands on vast amounts of consumer information, which they will not use in the next few weeks. Rather, they will wait six to 18 months before opening up accounts, taking out financial products and acquiring products from telecommunications carriers. That is what this bill is all about. It provides a modicum of protection, which is a good thing.

In terms of accountability, Simon Marchand said:

I think, though, the focus should be on accountability and the responsibility companies have in relation to the information they use to deliver services.... it calls into question the bank’s responsibility, which is protecting that information.

The first benefit of accountability will be to give the government a clear picture of the situation. It will know exactly how many victims there are, and it will be able to direct measures accordingly to strengthen security, particularly in banks and telecommunications companies.

This will put a burden on businesses, which will have to file reports, but this burden is not unreasonable, since the data they have is already known. All they will have to do is provide them to lawmakers or to a government-supervised body that can present these data more broadly and anonymously so that members of Parliament can access that information and know exactly what is going on in Canada.

This is an important step, because if there is a leak, companies must tell individuals what information was exposed and the risk of harm from the leak. That is what the bill does, and it is absolutely fundamental, because that is a risk that we run.

In conclusion, the lack of accountability for federally regulated businesses is a problem with the current legislation. There is currently no overall picture of how many people are actually victimized by having their identity used once it has been stolen. I am therefore pleased that the federal government is taking greater responsibility and beginning to act by introducing this legislation.

Madam Speaker, when we talk about the legislation, even some of its limitations, and how it could be complemented by working with other jurisdictions, it is important that we recognize the role provinces can play through provincial legislation, which could complement it or even be a leading force. We previously have seen this with other administrations.

For me, the overriding concern has to be the privacy and protection of Canadians and consumers. That is the most important aspect going forward when we deal with legislation of this nature. Could the member provide his thoughts on how important it is to protect the information of individuals that gets onto the Internet via one way or another?

Madam Speaker, I thank my colleague from Winnipeg North for his excellent question.

I agree with him. The best way to thwart identity theft is to ensure that the person who wants to conduct a transaction is who they say they are. People can be identified based on what they know, what they have and who they are, through personal information. A person's name and address are part of what they know. The IP address of their computer or a cellphone number where an institution can send a text message are part of what they have, and finally, facial recognition, their handwriting or their digital fingerprints are part of who they are. These are ways to fight fraud.

In the European Union, two of these three ways must be used to identify a person. Why does Canada not do the same? These control mechanisms will not cost more than fraud will if nothing is done.