Category Archives: Bills

Canada Considering Creating a Database of Beneficial Owners of its Corporations

Posted on by

CBC is reporting that the Canadian government is mulling over the possibility of emulating jurisdictions trying to curb the problems of the individuals who can (still a little too easily) hide behind corporations, by creating a public register of  beneficial owners. The Federal government may thus amend the statute that governs corporations created under the federal regime (as opposed to this incorporated under provincial statutes), so as to force them to disclose who the real owners are.

To be clear, yes the federal statute at issue already says corporations created under the CBCA must create and maintain a register stating who the real owners are, and logging a modicum of info as to each, including date of birth, etc. However, until now, this info can remain secret (even IF the register is actually created and maintained), locked in a minute-book that no one ever sees, so to speak. The change that the government is now contemplating would make such information part of a PUBLIC register, thereby taking this info from entirely private to public -of course subject to hiding really private info.

As to this, I’d say that with everything I have seen over the years, with individuals declaring false names and addresses (e.g., PO boxes, etc.), holding shares for somebody else (under scrutiny or investigation), declaring an other lawyer’s office at the domicile of a shareholder, etc., it’s not a moment too soon! I think we could definitely do with a little more transparency as to Canadian corporations. The current regime is simply too naïve to lead to a system that one can rely on to know who’d really behind any private corporation. Want an example? Check out this story in this morning’s paper (in French), about a security company that the Federal government apparently regularly hires. Blink, blink… yes, I know.

Mind you, rules are fine, but having rules that are serious enough (with strong enforcement behind them) is something else. Not sure the current set of rules is quite adequate to convince overly creative (read scumbag) businessmen, fraudsters and mafiosi to play by them whenever they use corporate vehicles to do their dirty work.

Meanwhile, Québec is doubling down on its own efforts to curb this kind of problem. Starting next month, corporations registered in the province will have to provide more info on their owners, provide IDs of directors, etc. Québec is also starting to require corporations to determine who the real owners are, and to collate that info, internally at least. Apparently, starting next year, the REQ register will also include info on beneficial owners behind the ones listed as shareholders, and even start allowing searches of the REQ database to identify what entities any given individual is involved in. Not a moment too soon!

Canada One Step Closer to Adopting C-27 and IA-specific Legislation

Posted on by

The Canadian government reiterated last week that we’re collectively moving forward with the revamp of the country’s federal privacy legislation, including an offshoot meant to curb (better control, some would say) rampant and unrestricted adoption of artificial intelligence (“AI”) throughout. At the same time, the bill at issue (named C-27) moved to the second reading stage, bringing us one step closer to a formal adoption of this piece of legislation.

Bill C-27 will reinforce personal information protection throughout Canada but updating a law that is now more than 20 years old and, many would say, quite outdated. The new version of the personal information protection statute at issue will include provisions meant to generally empower individuals in a way that allows them to exercise control over their data, something the current version of the legislation has largely failed to do. Though it’s not quite GDPR, many see this new version of the Canadian privacy legislation as a much needed shot in the arm for our federal privacy regime.

At the same time, this project will likely also include Canada adopting a whole new statute meant to better control the use of AI (e.,g. by businesses), including new rules to try and minimize scenarios where AI is implemented in a way that is incompatible with personal rights and freedoms as well as Canadian values.

The Canadian government clearly says it intends to move forward with all of these. Now, it’s mostly a question of going through the rest of the legislative process, but there’s little doubt that this thing will become law before long. Stay tuned.

Canada Aiming at Improving Cybersecurity of Federally Regulated Industries Through Bill C-26

Posted on by

Canada recently started looking at a new piece of legislation that seeks to strengthen cybersecurity of businesses and organizations the activities of which fall within ambit of activities that the Federal government can directly regulate.

Interestingly, contrary to most Canadian legislation so far and that touch upon cybersecurity, the focus this time is not on whether an organization collects, uses or discloses personal information. Rather, the bill at issue would seek to cover whole swats of certain industries, whether the organizations operating therein do or do not deal with personal information. This is a new approach in Canada which may signify that the government is finally realizing we collectively need to take cybersecurity more seriously, and that it is more than an issue of personal information.

Bill C-26 proposes to impose on telecommunication providers a new regime that would force them to adopt better cybersecurity practices, with a view to better protecting Canadians who rely on their services for things like cell phone and Internet services.

More generally, the bill would also empower the Canadian government to force federally regulated businesses to clean-up their act (so to speak), cybersecurity-wise, especially when it may jeopardize national security or public safety. As you may know, in Canada, federally regulated businesses include, for example, those who deal with:

  • radio, television and telecommunications, such as Internet providers;
  • air transportation, including airlines, airports, ports, shipping, boats, as well as railways and road transportation services that cross borders;
  • banks;
  • certain energies and their transport, like pipelines, etc.

Bill C-26 would allow the Federal government to require organizations operating in those areas to take cybersecurity more seriously, in particular when public safety may be involved. For example, this may allow the government to dictate that operators of pipelines better protect and monitor their computer systems, with a view to avoiding major catastrophes that may eventually result from cyber-attacks.

In addition to eventually requiring organizations in those industries to adopt and apply cybersecurity programs and to better protect their systems, C-26 would also require the organizations at issue to report eventual cybersecurity breaches, something they currently are not generally required to do.

Bill C-26 is currently at the First Reading stage.