Conservative party Leader Andrew Scheer is trying to reassure Canadians that if elected, his government would better protect their personal information following recent high-profile security breaches at major corporations that compromised the data of millions of Canadians.
A Conservative government would also create a certification system to let consumers know whether certain digital products meet federal security standards, he announced Friday.
Scheer said the “Canada Cyber Safe” certification would ensure products that incorporate artificial intelligence or that can access the internet meet ethical and safety standards.
“We will apply regulatory standards for the ethical and secure use of artificial intelligence and the internet of things, which protect the privacy of consumers and their data,” the Tory leader said during a speech to a business luncheon hosted by the Chamber of Commerce of Metropolitan Montreal.
His government would also force companies that want to collect electronic data to use clear language in user agreements and to obtain prior informed consent from Canadians.
In late July, a massive data hack was discovered at credit card giant Capital One Financial, which compromised the personal data of roughly six million Canadians and exposed one million social insurance numbers.
In June, Desjardins Group said a former employee had shared the personal information of more than 2.9 million of its members with individuals outside of the organization in a “malevolent” act. The Quebec-based financial institution said the breach, first detected in December, affected 2.7 million individual members and 173,000 business members.
Scheer said an “expert committee” to include private-sector representatives would define “binding cybersecurity standards for critical infrastructure sectors and penalties for non-compliance.”
Finally, the Tory leader said he would create a cabinet committee on cybersecurity that would conduct periodic testing of government departments’ digital infrastructure defences against cyberattacks.
Attempts by hackers to breach corporate and government servers happen regularly, according to cybersecurity experts, and when they succeed they put public money at risk.
In September 2018, for example, hackers locked employees of the regional municipality of Mekinac, Que., out of their computers and demanded roughly $65,000 in exchange for the computer data.
Mekinac’s IT department eventually negotiated the cyber extortionists down and paid $30,000 in Bitcoin, but not before the region’s servers were disabled for about two weeks.
Scheer said the current Liberal government “has been particularly negligent” on the cybersecurity file.
In June 2018, the Liberals announced a $500-million investment over five years to bolster the country’s defences against online attacks. The Liberal plan created the Canadian Centre for Cyber Security, housed at the Communications Security Establishment.
But the Liberals also acknowledged at the time the country faced a shortage of cybersecurity talent and it needed more people trained to know how to improve defences and disrupt cyber threats.