Yes. There is a good deal of analysis about the extent to which PIPEDA is costly in monetary and resource terms, etc.
My own view is that the costs of being privacy unfriendly far outweigh those. The costs of having a bad reputation in the marketplace, of being seen as unfriendly to privacy, far outweigh whatever compliance costs there would be in implementing proper security measures, or putting an opt-out box on a marketing form, or so on.
There are exceptions. There have been some companies that have had to invest a great deal into this. But by and large, most companies recognize the value of privacy.