Letter to the Standing Committee on Public Accounts on Bill C-230

March 19, 2026

BY EMAIL

John Williamson, M.P.
Chair
Standing Committee on Public Accounts
Sixth Floor, 131 Queen Street
House of Commons
Ottawa, ON  K1A 0A6

---

Dear Chair:

Thank you for inviting me to make written submissions on the privacy implications of Bill C-230, An Act to amend the Financial Administration Act and to make consequential amendments to other Acts (debt forgiveness registry).

As Privacy Commissioner of Canada, my mission is to protect and promote individuals’ fundamental right to privacy. I am responsible for overseeing compliance with federal privacy laws. The Privacy Act governs how the federal government handles personal information, and the Personal Information Protection and Electronic Documents Act, or PIPEDA, applies to the private sector.

Bill C-230 proposes to amend the Financial Administration Act (FAA) by adding section 25.1, which would create a public registry in the form of an online, searchable database containing information on debts or other obligations owed by a corporation, trust company, or partnership to His Majesty and on any claim by His Majesty against those types of entities. Debts, obligations and claims to be included in the registry would be those of a value of $1,000,000 or more that are owed or arose under a federal statute, and that were, in whole or in part, waived, written off or forgiven.

Notably, these proposed amendments make no reference to elements that would constitute “personal information” (i.e., information about an identifiable individual). The information collected and disclosed would be primarily related to the financial circumstances of corporations, trust companies, or partnerships in a commercial or regulatory context. Therefore, it would appear that neither of the federal statutes regulating privacy would be directly impacted.

After having reviewed the proposed amendments, my Office is therefore of the view that any potential impacts to privacy, if any at all, would be minor. The information at stake appears to be that of corporations, trust companies, and partnerships rather than the personal information of individuals.

However, one point of uncertainty lies with s.25.1(2)(e), which states:

“The registry must include the following information in relation to each debt, obligation or claim: […] (e) any other information that the President of the Treasury Board may require”.

Without more information or context about what information could be requested pursuant to subparagraph 25.1(2)(e), it is unclear whether any personal information could ultimately be required under this provision. Of note, paragraph 151(2)(f) of the FAA already serves as an example where the wording “any other information that the President of the Treasury Board may require” is used, with respect to quarterly reports on the activities of Crown corporations. My Office is not aware of any privacy concerns having arisen in relation to this existing provision.

Thank you again for the opportunity to provide my Office’s input on Bill C-230.

Sincerely,

c.c.: Natalie Jeanneault, Clerk of the Committee