Politics

Commons committee chair questions Canada's ability to deal with incidents like Desjardins data breach

The chair of the House of Commons public safety and national security committee says he's not sure Canada's laws will ever be able to prevent data breaches like last month's massive leak at the Desjardins Group. Today, MPs on the House of Commons public safety and national security committee are holding a meeting to discuss the incident.

The public safety and national security committee met in Ottawa to discuss the breach

Liberal MP John McKay, chair of the Standing Committee on Public Safety and National Security, waits for the start of the meeting requested by four members for a study of the Desjardins Group Data Breach, in Ottawa on Monday, July 15, 2019. (Justin Tang/The Canadian Press)

The chair of the House of Commons public safety and national security committee says he's not sure Canada's laws will ever be able to prevent data breaches like last month's massive leak at the Desjardins Group.

"After Bill-59 [the Liberals' national security bill], I have a lot more confidence that the security architecture has improved. Is it there? I don't think this will ever be there," Liberal MP John McKay told reporters before heading into a rare summer committee meeting to discuss last month's breach.

"It's just simply the nature of the beast that this is a very fast-moving file and regulators are necessarily coming late to the game."

Last month, the Quebec-based institution revealed that an employee with "ill intention" collected information about almost three million people and businesses and shared it with others. They've since been fired.

The leaked information includes names, addresses, birth dates, social insurance numbers, email addresses and information about transaction habits. A police investigation is active.

The House of Commons public safety and national security committee met today at the request of the Conservatives to discuss how to prevent future breaches and look into whether issuing new SINs would be feasible. Tens of thousands have signed a petition demanding new numbers.

Federal officials told the committee replacing SINs would offer less protection than the free credit check service Desjardins is offering victims of the data breach.

Conservative MPs Pierre Paul-Hus, left, Glen Motz and Alupa Clarke arrive for a meeting of the Standing Committee on Public Safety and National Security to discuss their request for a study of the Desjardins Group Data Breach, in Ottawa on Monday, July 15, 2019. (Justin Tang/Canadian Press)

MPs victims of breach too

For some committee members, the Desjardins breach is quite personal.

Liberal MP Francis Drouin and Conservative MP Pierre Paul-Hus are two of the nearly 2.7 million individual members and 173,000 business members swept up in the breach, thought to be one of the largest ever to hit a Canadian financial institution.

Desjardins Group President Guy Cormier fielded questions from the committee but told MPs his appearance was premature, given the ongoing police investigation.

But he did acknowledge future governments will have to grapple with data breaches, adding that "the status quo is not an option" when it comes to preventing identity theft and protecting private data.

"Data are raw materials, are as important as water, as wood. It's so integrated in our economy right now that we have to be really, really careful," Cormier said.

The Desjardins head recommended the government convene a special working group to help set up a new framework for data and privacy in Canada.

Even before the meeting started, McKay was trying to downplay expectations about what the committee could actually accomplish. As a credit union, Desjardins is largely regulated at the provincial level.

The committee also called the RCMP to testify, even though it's not the police force handling the investigation.

"I would tamp down those expectations ... This is, if you will, a 35,000 foot look at what is actually going on here and where there may be some gaps," said McKay.

"You can't deny that Parliament is not sitting, can't deny that this isn't in the middle of an election cycle."

The committee's Desjardins study dovetails with a report they've already published on cybersecurity and Canada's financial sector. It found that Canada's small- and medium-sized financial firms could be vulnerable to the constant barrage of cyberattacks.

"From a security standpoint, this is the new terrorism," said McKay

The Office of the Privacy Commissioner of Canada and its Quebec equivalent also have launched investigations looking at whether Desjardins was in compliance with federal and provincial laws on personal information protection.

With files from the Canadian Press

Add some “good” to your morning and evening.

A variety of newsletters you'll love, delivered straight to you.

...

Thank you for subscribing to CBC Newsletters. Discover more CBC Newsletters.

Happy reading!

Comments

To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.