Last week, the Privacy Commissioner of Canada released her vision of privacy reform, including the need for security breach disclosure legislation, order-making power, and greater transparency of warrantless disclosure. On the same day as Commissioner Stoddart released her position paper, the government was embarrassing itself in the House of Commons by formally opposing security breach disclosure legislation on the weakest of grounds. The opposition to meaningful privacy reform is particularly discouraging given the thousands of breaches that have occurred in recent years from within the government itself and its claims to be concerned with the privacy of Canadians.
The government introduced legislation featuring security breach disclosure requirements in Bill C-12 in September 2011 (itself a reintroduction of the former C-29 that was first introduced in 2010). Since first reading, the bill has not moved. It would take very little for the government to complete second reading and send the bill for study to committee, yet more than a year and a half later, the bill languishes, certain to die this summer when the government hits the parliamentary reset button. Frustrated by the inexplicable delays, NDP MP Charmaine Borg introduced a private member’s bill in February (C-475) that includes a mandatory security breach requirement roughly similar to the government’s own bill.