The costs associated with privacy protection have long been a source of considerable debate. Ann Cavoukian, Ontario’s Privacy Commissioner, who together with the Toronto Star’s Tyler Hamilton wrote The Privacy Payoff, maintains that good privacy practices are actually good for business.

In my column of January 19, I argued maintaining a federal privacy law was essential since the provincial mish-mash of laws that would fill the void would create uncertainty and costs for the business and privacy communities.

Some remain unconvinced, however, as Professor Richard Owens illustrates in his response that accompanies this article. Far from a business opportunity, Owens writes that the federal government’s Personal Information Protection and Electronic Documents Act (PIPEDA) is a costly endeavour that “rob[s] businesses and shareholders of value for no good reason, but for the legislators’ inattentiveness.”

While perhaps Owens and I can agree to disagree on PIPEDA’s cost implications, his response to my column makes historical claims that demand further discussion.

First, Owens argues that PIPEDA was passed before it was ready — without sufficient public debate and committee work. In fact, PIPEDA took a frustratingly long time to become law precisely because of the extensive debate and committee work. During the winter of 2000, a House of Commons committee heard from dozens of witnesses, representing every possible perspective on the privacy issue.

I was invited to present alongside industry associations, privacy commissioners, government leaders, constitutional experts, and privacy advocates. A Senate committee also conducted hearings into PIPEDA, resulting in further stakeholder consultations.

The stakeholders’ comments clearly had an impact on the final form of the statute. A careful comparison of initial Bill C-54 with the final version of PIPEDA, which took full effect just last month, reveals important changes to accommodate law enforcement and public interest concerns, all of which arose out of the hearing process.

Second, Professor Owens’ article leaves the distinct impression that business would welcome the clarity of provincial privacy alternatives to the fuzziness and flexibility of the federal model. While the clarity of legislation such as the defunct 132- page draft Ontario privacy bill is certainly open to debate, there is no question that the business community has long been a vocal proponent of a national privacy standard.

For example, the Canadian Chamber of Commerce cautioned the Commons committee that “from the business community’s point of view, it’s essential that we have a co-ordinated framework across the country. Canada has long been plagued by difficulties on the internal trade front and we hope there’s not going to be a repeat of this history.”

`There is no question that the business community has long been a vocal proponent of a national privacy standard’ Lawyer Michael Geist

Similarly, the Information Technology Association of Canada lauded the government for showing “initiative in attempting through this bill to create uniform law applying to all companies, wherever they are located across the country.”

At the same hearing, the Canadian Association of Internet Providers emphasized “the importance of having uniform legislation, if not between Canada and the rest of the world, certainly within Canada. We need to have some kind of harmonized regulatory system . . . . Allowing each jurisdiction to tailor additional laws could create a patchwork of legislation that effectively would prevent electronic commerce from crossing provincial borders.”

Far from opposing PIPEDA, the business community recognized the magnified costs and uncertainty that would be created by potentially conflicting provincial alternatives and urged Ottawa to establish a single baseline standard.

In fact, even the Canadian Direct Marketers Association, the group some might peg as most likely to oppose the law, not only supported a federal standard but welcomed the legislative approach of legalizing a standards code. In its presentation to the Committee, the CDMA noted that it began calling on the federal government to impose national privacy legislation on the private sector in 1995 — three years before PIPEDA was introduced — and characterized the standard-setting process as “a delicate compromise between competing interests.”

While acknowledging that the placement of the standard in a schedule was unusual, it concluded that “it is a fundamentally new approach to a new situation of information technologies, rapidly changing technologies and rapidly changing application of those technologies. There is a huge advantage of doing something a bit unusual here, in implementing a law that, although clear in its framework, adopts the Canadian Standards Association principles as a schedule.”

Third, suggesting, as Owens does, that obtaining European Union approval was merely a happy historical accident does not accord with the facts. Former deputy prime minister John Manley used his appearance before the Committee to warn of the potential for data blockages between Canada and the European Union, arguing that PIPEDA would enable the government “to protect the interests of its citizens and businesses in a global context at a time when the privacy laws of European countries could directly affect whether we can do business with them.”

Add to the voices of these organizations the chorus of support from privacy commissioners from across the country and the message was clear. Canada needed then, as it needs now, a national privacy standard that provides businesses with greater certainty and individuals with guaranteed minimum protections.