My colleagues might wish to jump in, but I would say two things in response.
Your introductory comments are absolutely right. It is in our self-interest to do the best job we can. Without the trust that we're keeping personal information as secure as possible, banking just doesn't work. The flip side of this involves reputational issues. It is in our interest to do everything we can to work with the commissioner, because nobody wants reputation problems. In a functioning marketplace, there are lots of people playing and reputation is important. We want to keep that working for our self-interest. That's the first point.
I would still say that PIPEDA is working pretty well, with one exception that I would flag. I think my colleague and our colleagues at the Credit Union Central would agree that where it isn't working as well as it could, where it's interfering with ultimately effective consumer protection, is on the investigation side.
You do the investigations to stop the bad guys, so that the consumers don't suffer. It works fine, but it could work better in terms of fixing up those investigations...the use disclosure issues. We suggested the B.C. model as a way to do it. That would be the one area I would focus on, sir.