If my successor, David Loukidelis, who appeared before you on PIPEDA last year, were here—and of course he told me what to say when I was here, so I have to remember all the things he told me to say, not particularly on this question—he would be talking about the need for the British Columbia government to appoint a chief privacy officer. I recently advised a major university in British Columbia to appoint a chief privacy officer. I'm working for two crown corporations there at the moment, and they need a chief privacy officer.
The B.C. law is from 1993. It's not too antiquated. It's not adequate for an electronic health record environment, and we still need more resourcing of privacy management by the B.C. government.
They have chief information officers. They should have chief privacy officers to go along with them, and then the two of them would work together, because you have to marry privacy and security. There are all kinds of resources in security, and too often there are not enough on the privacy side.
I wouldn't run around claiming that the B.C. government is doing A+ work on the privacy field. When these new laws are brought in, there's a honeymoon phase, like any other honeymoon, and then resourcing goes down; interest goes down; privacy training goes down; and people like new commissioners have to come in and give the whole system a kick-start, which is more or less, after a lengthy hiatus of 25 years, where you are with this crummy privacy act.