As reports of yet another government security breach emerge, NDP MP Charmaine Borg has at least tried to kickstart the government’s dormant private sector privacy reform efforts with a private member’s bill that would add mandatory security breach disclosure requirements to the law along with new order making power. The government’s own privacy reform bill – Bill C-12 – has languished for years with no real effort by Industry Minister Christian Paradis to move it forward. Moreover, the bill has some serious faults, with no penalties for security breach, no update to the Privacy Commissioner’s powers, and provisions that make organizations more likely to disclose personal information without warrant during an investigation.
Bill C-475 is a far better proposal with amendments to PIPEDA with more clear cut security breach disclosure requirements along with order making power that is backed by significant penalties for compliance failures. Those provisions would do far to ensure greater respect for Canadian privacy law and give Canadians the assurance of notifications in the event of security breaches. What the bill does not do, however, is address the other side of the privacy coin, namely the failure of government to hold itself accountable for the personal information it collects and now regularly seems to fail to safeguard.