Murray Rankin

Mr. Speaker, I have one question on the substance of Bill S-12, which is a bill to amend the Statutory Instruments Act to deal with ambulatory references and the like.

One of the things that has caused me concern, and I would like his comment on, is whether the term “accessible” should be defined.

The bill imposes an obligation, as the member knows, on regulation-making authorities to ensure that certain documents that are incorporated by reference are accessible. However, the bill does not have a definition of “accessible”. Does my colleague think it needs to be defined so we could know what it means?

Mr. Speaker, in reference to my colleague and his opposition, apparently, to this bill, I would like to ask the following question.

The member for Okanagan—Coquihalla and the House leader for the New Democratic Party both talked about business certainty and the importance in our trading nation to have rules that we can adopt from other jurisdictions because it is more efficient, businesses advise, to go to Europe, the United States or other parts of the world—shipping was used as an example—to incorporate their rules rather than having to reinvent the wheel every time in Canada. Does that argument about business efficiency not attract support from the member as a consequence?

Mr. Speaker, I would like to thank the member for Chilliwack—Fraser Canyon and likewise his colleague from Okanagan—Coquihalla for their leadership on this. I appreciate very much the presentation they have just made.

In terms of business certainty, the official opposition House leader talked earlier about certainty as an important value in this legislation. For Canadians who might be listening in—there must be a couple—if we incorporate by reference and it is a standard that would be amended from time to time, how are we going to know at this time whether that law is in force? In other words, if it is an ambulatory reference to a law that may be changing, that we are going to incorporate by reference into this law, it may have changed a couple of times since our law was drafted—because that is what an ambulatory reference is, dynamic, and ignorance of the law is no excuse in our system—I have to know what law I am complying with. How do I know?

Mr. Speaker, I am very pleased to rise today in support of Bill C-475, put forward by my colleague from Terrebonne—Blainville. This is an extremely important initiative for all Canadians.

Frankly, the question that arises is: Whatever happened to Bill C-12? This was to be the government's showpiece legislation to reform private sector privacy in Canada. That was back on September 29, 2011, and it is missing in action. As my colleagues have said repeatedly, privacy is the victim. Canadians are expecting, in this 21st century world in which we live, this digital economy, that their privacy will be protected.

I want to say in my remarks that this is good for business. This is actually essential for business. We can talk about privacy protection in the private sector as a human right, but we can also talk about it as being good for business, and I want to give a couple of examples where, in fact, we have kind of missed the boat on that.

The government had the opportunity. There was a requirement for it to bring in Bill C-12. It did not do this because of privacy protection concerns or even for good business reasons; it had to do it because the Personal Information Protection and Electronic Documents Act required that there be a statutory review. It has taken a long time, and I guess we will have another statutory review before it ever deals with Bill C-12. The point is that it is not just bad for privacy for all the reasons I have said, including the digital economy changing so utterly since 2001, but it is bad for business. That is a language the government, presumably, will understand, so let me talk about business.

We live in a world of big data. The current Foreign Affairs magazine talks about the rise of big data. Canadian Business magazine talks about a couple of examples where Canada, sadly, dropped the ball. Let me explain.

A few years ago Google made overtures in Quebec, but the provincial government and Hydro-Québec were unwilling to provide the kind of electricity required so a large data centre could be situated in that jurisdiction. What happened? Google went to Finland and, as a result, the company built a 350-million-euro data centre. Facebook is currently building a 900,000-square-foot facility 100 kilometres south of the Arctic Circle in Sweden. There is a gigantic industry available for gigantic data, and Canada is missing the train. Why is that?

We have cheap electricity by world standards. That should be easy. We have a very secure Canadian Shield in which we could situate these large data centres. Places like Kamloops in British Columbia have been considered. Here is what else we have. We have laws in the private sector that are substantially similar to those of the European Union. It has a very strong data protection law there. It cares deeply about privacy in that jurisdiction. Companies like Facebook have come to Canada and, essentially, test driven their new privacy regimes to see if they pass muster under the Canadian privacy laws, because if they do, they probably will pass muster in the European Union, the U.K. and places of that sort, since our laws are substantially similar.

Canada is perfectly situated between the United States and Europe with a relatively robust privacy protection regime to attract lots of business, but we dropped the ball. The government has utterly dropped the ball with Bill C-12. Who knows if it will ever see the light of day? I say that is tragic for business.

My colleague from Terrebonne—Blainville has spoken strongly in favour of privacy as a constitutional right, and that is true, of course, but the business side of this is good as well. What does her bill do? It does two fundamental things. It deals with breach notification, which according to the Privacy Commissioner of Canada today, 97% of Canadians think is a good idea, according to a poll. Talk about a no-brainer. Second, it talks about better enforcement provisions and order-making powers. Let me speak about each of those things that her bill would do.

First, in Bill C-475 there is a requirement to notify the commissioner of a breach if there is a possible risk of harm. We have seen lots of breaches where credit card information has found its way to various places it ought not to be, and the like, medical information, information that Canadians hold dear. If there is a risk of harm, the notification must be made in a form prescribed in regulations or otherwise specified by the commissioner.

We do not put everything in statutes; we wait for regulations to put flesh on the bones. That is how we do business. It is not surprising that is the way this has been proposed in Bill C-475 as well.

Then there was some concern because the bill talks about the commissioner requiring the organization to notify affected individuals to whom there is an “appreciable risk of harm” as a result of the data breach. Somehow I gather we should be criticized for the appreciable risk not being spelled out. Well, do we have “reasonable person” standards spelled out in our laws? Do we have every situation in the Criminal Code spelled out? Of course not. We use general words. We allow courts and commissioners and regulatory bodies to figure out what those mean. That is the way we do business. It is not surprising that has not been spelled out in detail here either. That is entirely consistent with normal Canadian drafting processes.

The commissioner would have the ability to order the private sector organization to notify individuals and the bill provides a certain number of criteria that should be considered in doing so. Then there is the possibility of an administrative monetary penalty, depending on certain factors that are listed, of up to $500,000. There is, of course, the issue of the right of action that the commissioner might have against an organization that has not complied with orders.

To me, these are entirely common sense, entirely 21st century provisions. I am so pleased that Canada's highly respected privacy commissioner, Jennifer Stoddart, has agreed entirely with these initiatives at a press conference in Toronto today. I thought this quote was perfectly in line with my colleague's bill. She said:

Personal information has been called the oil of the digital economy. As organizations find new ways to profit from personal information, the risks to privacy are growing exponentially.

That goes to the point that the law we have in Canada, although good at the time in 2001, is entirely out of date and everyone knows it has to be improved. The Conservatives seem to not want to do that. Therefore, this bill would at least get us half the way there with two key things.

Finally, we would have order making power for the commissioner. I live in British Columbia. In my province and in the provinces of Quebec, Alberta and Newfoundland and Labrador, people have had the ability for this umpire in the game, this ombudsperson, to make orders where appropriate, and the sky has not fallen. It seems to me it has worked extremely well.

Why is it that we have taken so long to come up with what has been proven to be a huge success story at the provincial level? Imagine that: an administrative body making an order. How many thousands of examples can we find in Canadian legislation of just that kind of power? This is hardly surprising or radical. It is consistent with administrative justice regimes we find at the federal and provincial levels across the country.

The other thing Canadians want is breach notification. That is the other key element in this initiative. Why? It is because it is the most visceral example of privacy violation. When thousands of records frequently find themselves in the hands of others, not only is there a risk of identity theft and enormous personal loss, not only is it a drain on our economy if that occurs, but there is also a sense of enormous personal violation when individuals' privacy is put at risk.

There is an example in the United Kingdom, where someone left a data stick in the back of one of those black London taxis. It contained the records of several million British taxpayers. Just think what one could do with that information, not just economically. Think of the kind of very sensitive information that would entail. One could find out who was paying money to people, for example, who might have children of whom their current partner was unaware. That would be shown by way of alimony payments and maintenance payments that could be deducted from income tax.

There are a zillion examples of those kinds of breaches. Canadians are worried about that. According to our privacy commissioner, 97% in a survey expressed that concern.

I want to congratulate my colleague for her excellent work in bringing forward Bill C-475. I am shocked that our Government of Canada has not seen fit to move forward with Bill C-12. We get more platitudes about it but no action. I am thankful for the action this legislation entails.

Mr. Speaker, a party that ran on accountability cannot account for $3.1 billion. Wow.

As well, a party that denounced an iPod tax has now introduced its own through the back door. In a bizarre twist, we learned just today that the Conservatives have long planned on making this tax retroactive, demanding that retailers pay back-taxes on all the iPods they have sold in the past, and even on some TVs. Obviously, retailers are simply stunned.

Why did the Conservatives not even give industry a warning that these changes were coming?

Mr. Speaker, today's last minute announcement does not change the fact that they cut $250 million from the CRA's budget and are getting rid of over 2,500 talented tax professionals.

The government wrote off $2.8 billion in tax debt last year alone. That is over $13 billion that they have written off since they took power. Meanwhile, they are cutting $68 million from the CRA's accounts receivable and returns compliance department.

When are they going to reverse those cuts? When are they going to show real action on tax cheats?

Mr. Speaker, I want to start by saying that I agree with a central point that my hon. friend made, which is that Canadians believe the economy and economic growth is the number one priority. However, where I disagree with her is that somehow the government is a “wise steward of taxpayers' dollars”.

I would particularly ask the member whether or not this budget, with its hundreds of tax hikes, from hospital parking and credit union safety deposit boxes to bicycles and baby strollers, which are costing Canadians perhaps $8 billion over the next five years, demonstrates a good economic decision at this point in our country's history. Is this the right time for those changes?

Mr. Speaker, that was a very selective quote indeed. What the Auditor General actually said was:

It's important...for people to understand how this money was spent and that summary reporting was not done.

The Auditor General looked thoroughly for the money. He said that full reporting on this spending was not even given to cabinet. It was not given to the Treasury Board, and it was not found in the public accounts. Does the government really want Canadians to believe that the Auditor General somehow missed something, like $3 billion? Where did the money go?

Mr. Speaker, I am pleased to present a petition containing over 100 names of residents of Victoria.

The petitioners call for changes to Health Canada's medical marijuana laws; specifically, calling upon the health minister to include individual licences to grow cannabis for person medical use, with an improved inspection system.