FIPA has joined with CIPPIC and other Canadian rights groups to send an open letter to the House of Commons ETHI Committee calling for thorough review of Bill C-29, cynically titled the ‘Safeguarding Canadian’s Personal Information Act’.
Bill C-29 proposes a number of amendments to Canada’s federal privacy protection statute, the Personal Information Protection and Electronic Documents Act (PIPEDA). The bill actually does little to protect privacy while introducing new threats to privacy, online anonymity, and civil liberties in general.
Bill C-29 introduces long overdue privacy protections such as data breach notification requirements into PIPEDA, but the protections it introduces are flawed and, worse, are supplemented with provisions that threaten to greatly expand the ways in which private organizations can be used in investigations against their customers.
The bill bypasses current safeguards by adding exceptions and expanding others that permit organizations to simply give away their customer’s information. It includes elements similar to those the US PATRIOT Act and all the civil liberties violations that followed it.
The most serious flaws in the bill include:
- The organization with the privacy breach determines whether or not to report it.
- Complete lack of penalties for failing to report or for allowing breaches to occur
- Expanded exceptions will permit private organizations to assist investigations conducted against their own customers
- New provisions will immunize organizations from any responsibility for disclosing personal information to the state and prevent those organizations from telling anyone about the disclosure without permission from the government (like the US Patriot Act).