Jay Aspin

Mr. Speaker, I am pleased to rise today.

As many of my colleagues in the House are aware, Canada is celebrating 400 years of francophone presence in the province of Ontario. In fact, the famous explorer, Samuel de Champlain, travelled the Mattawa River, which runs through my beautiful riding of Nipissing—Timiskaming, as he crossed Ontario.

The community of Astorville in my riding has been working hard in preparation for the celebrations. This September, Astorville en Fête will celebrate 400 years of francophone culture as well as its 130th anniversary. There will be a fair, a grand concert, a French Canadian gourmet dinner, a parade, dances and much more.

I congratulate the hard-working organizers of the event and invite Canadians across this land to come à une célébration francophone extraordinaire.

Mr. Speaker, as I indicated, I believe that this bill strikes the right balance. I believe the time to act is now.

We certainly have ample support from across Canada: the Canadian Chamber of Commerce, the Canadian Bankers Association, Credit Union Central of Canada, the Insurance Bureau of Canada, the Retail Council of Canada, the Canadian Marketing Association, the Canadian Pharmacists Association, and the Canadian Life and Health Insurance Association. All of these groups show a good, broad, strong base of support for this legislation, and I submit that the time to act is now.

Mr. Speaker, clearly, the time to act is now.

These ideas have been around for a long time. We have debated them for quite a period of time. What Canadians are looking for is action. This is not a perfect bill by any means, but we do not let the perfect be the enemy of the good.

Chantal Bernier, former interim privacy commissioner, says, “I welcome proposals” in this bill. The bill contains “very positive developments for the privacy rights of Canadians...”. “I am pleased that the government has” addressed such issues as breach notifications.

The current Privacy Commissioner, Daniel Therrien says:

...I am greatly encouraged by the government's show of commitment to update...[PIPEDA], and I...welcome the amendments proposed in this bill.

I submit that it is time to act, and that is precisely what our government is prepared to do.

Mr. Speaker, I am pleased to rise to speak to Bill S-4, the digital privacy act, which has been referred back to the House by the Standing Committee on Industry, Science and Technology.

Last year, our government launched digital Canada 150, an ambitious plan for Canadians to take full advantage of the opportunities of the digital age. It is a broad-based, ambitious plan to take full advantage of the digital economy as we celebrate our 150th anniversary in 2017. It is the next step to build our nation and connect Canadians to each other.

As the digital economy grows, individual Canadians must have confidence that their personal information is being protected. That is why, under digital Canada 150, one of the five pillars is known as “protecting Canadians”. The digital privacy act would provide important and long-awaited updates to our private sector privacy law, the Personal Information Protection and Electronic Documents Act, commonly known as PIPEDA.

PIPEDA provides a legal framework for how personal information must be handled in the context of commercial activities, while also setting guidelines for the collection, use, and disclosure of personal information. These rules are based on a set of principles developed jointly by government, industry groups, and consumer representatives.

The digital privacy act would strengthen marketplace rules set out by PIPEDA in important ways. In addition to protecting and empowering consumers, amendments would clarify rules for businesses and reduce red tape. These guidelines would also ensure that vital information is available to Canadian businesses, so they have the necessary tools to thrive in the global digital economy.

Balancing the individual expectations for privacy and the needs of businesses to access and use personal information in their day-to-day operations is important, and Bill S-4 gets it right. It would ensure individuals that, no matter the transaction, their personal information would continue to be protected under Canadian law.

The need to update rules for online privacy continues to grow. Breaches of personal information held by retail giants like Target and Home Depot, where the credit card information of millions of Canadians was stolen, underscore the need to strengthen PIPEDA with mandatory breach requirements.

The bill before us would do exactly this by establishing new requirements for organizations to inform Canadians when their personal information has been lost or stolen and there is a risk of harm. The privacy commissioner must also be notified. An organization that deliberately covers up a data breach, or intentionally fails to notify individuals and report to the commissioner, could face significant fines as a result.

Let me now take a minute and point out some of the ways in which the bill before us would create an effective and streamlined regime for reporting data breaches. The digital privacy act would establish a clear and straightforward test that businesses must apply to determine whether or not they are required to report a breach. If a business determines that a data breach creates a significant risk of harm to a customer or client, then it must report this information both to the individual affected and to the privacy commissioner. If the organization determines that a data breach does not pose a risk of significant harm—that is, their data security safeguards were compromised but they avoided a situation where their customers are exposed to threats like identity theft, fraud, or humiliation—then that organization must keep a record of the breach.

The requirement to maintain these records, even if the breach is determined not to be serious at the time, would serve two purposes. First and most important, it would require companies to keep track of when their data security safeguards fail, so that they can determine whether or not they have a systemic problem that needs to be corrected. An initial breach may not be serious because the information lost is not particularly sensitive. The next time, however, the company and the individuals affected may not be so lucky. Keeping track of all breaches would help companies identify potential problems before individual privacy is seriously harmed.

Second, these records provide a mechanism for the privacy commissioner to hold organizations accountable for their obligations to report serious data breaches.

At any time, the privacy commissioner might request companies to provide these records, which would allow him to make sure organizations are following the rules. If companies chose to deliberately ignore these rules, the consequences, as set out under the digital privacy act, would be serious.

Bill S-4 would make it an offence to deliberately cover up data breaches or intentionally fail to notify individuals and report to the commissioner. In these cases, organizations could face fines of up to $100,000 for every individual whom they fail to notify. These penalties represent just one way in which the digital privacy act would safeguard the personal information of Canadians.

The Privacy Commissioner of Canada strongly supports the proposed data breach rules in Bill S-4. He told the standing committee that:

...I am greatly encouraged by the government's show of commitment to update the Personal Information Protection and Electronic Documents Act, and I generally welcome the amendments proposed in this bill.

Proposals such as breach notification, voluntary compliance agreements and enhanced consent would go a long way to strengthening the framework that protects the privacy of Canadians....

Similarly, the Canadian Bankers Association voiced its support for these amendments, telling the committee:

The banking industry supports the requirements in the digital privacy act for organizations to notify individuals about a breach of their personal information where there is a risk of significant harm.... We also support the commissioner's new oversight powers to ensure that organizations comply with these new provisions.

I think it is clear that Bill S-4 would deliver a balanced approach to protecting the personal information of Canadians, while still allowing for information to be available in a growing, innovative digital economy.

Mr. Karl Littler, vice-president, public affairs, Retail Council of Canada, summed it up best, when he told the standing committee:

Generally speaking, Bill S-4 strikes the right balance between action to protect digital privacy on digital fraud and financial abuse, while recognizing the strengths of PIPEDA and its forward-thinking technologically neutral approach.

I think we have it right with the digital privacy act. Both business and consumers have been empowered in the digital age, but if Canada is to remain a leading digital nation, Canadians need to have confidence that their online transactions are safe and their privacy is secure.

Bill S-4, the digital privacy act, would strengthen the rules protecting the personal information that is essential to the conduct of business in virtually all sectors of the economy. The digital privacy act would go a long way to improving the protection of privacy for Canadians.

I urge hon. colleagues to join me in supporting this bill.

Mr. Speaker, Canada under our Conservative government remains strong, proud and free.

Can the Minister of Industry update this House on how our government is ensuring that Canada remains a global leader in international space exploration?

Mr. Speaker, our government's universal child care benefits and family tax cut benefits 100% of Canadian families with children.

Can the Minister of Employment and Social Development please inform the House on how much money families are saving?

Mr. Speaker, that is one of the essential parts of the bill, that the PAL and POL would be merged. I think it is one of the hallmarks of the bill. Certainly, when I listen to gun owners, long gun owners, in my riding, that is one of the bugbears of existing legislation. We helped to improve that with this legislation by merging the POL and the PAL.

Mr. Speaker, the bill has a number of parts. The bill, in my view, is a good start to reducing red tape. We are going with all the parts. We are not reducing one part or another part. We are going with all the parts because we believe that this is a comprehensive good start to reducing red bureaucratic tape. We are going to continue with this start and we will continue in this direction over the coming years to further reduce red tape against law-abiding hunters, farmers and sportsmen.

Mr. Speaker, this bill is not perfect, by any stretch of the imagination. I was proud to have the intent of this bill introduced in my riding of Nipissing—Timiskaming last summer. The minister indicated that is the direction we are working on, reducing red tape and reducing all the idiotic, archaic rules. That is what we intend to do.

This will probably be the first of a number of bills, but this is a good start and a good direction. We are moving to reduce red tape and the stigma of treating law-abiding hunters, sport shooters and farmers like common criminals.