I think it depends on the perspective you're coming from.
With respect to transborder data flow, ITAC members don't believe that amendments are necessary under PIPEDA. The Privacy Commissioner, in two recent decisions--and you're probably familiar with them already--has carefully articulated guidelines with respect to what you need to do in the case of a transborder data flow. All companies now routinely use non-disclosure agreements and contracts.
If you look back in history at why organizations use contracts when they enter into any outsourcing arrangement, whether it's local or transborder, it's because the common law of agency and principle requires you to do that. You don't really need legislation to put that into practice; the law has already done that for you.