Well, in some ways that's the very question I was asked right off the bat. Do we have no privacy, and get over it, or are there solutions?
Unlike the environment we lived in when the Privacy Act was first introduced, where much of the privacy may well have been protected, because it was obscured or largely inaccessible, since it was, by and large, in paper form, the environment today is such—as Friedman talks about in his book and as I think is readily apparent to everyone around the table—that data really do traverse instantly around the world.
There's the story of the person with the credit card in India. I was at a hotel recently in Montreal where I couldn't get onto the Internet, and I called down to the hotel desk and they tried to help me and it didn't work. So they said, let us put you through to tech support. I spent five minutes with this person, who was literally looking at my computer, the IP address and the like; and then at the end, I asked, do you mind if I ask where you are? She was in Warsaw, literally able to look at my PC in real time in another part of the world. So that's an environment that I think in many ways is very scary, but at the same time, it obviously provides a great deal of opportunity.
Now, what the commissioner is recommending and what I think many people are saying is that we aren't going to take an approach where we're simply going to shut down and not take advantage of these technologies and move data across borders. It doesn't work in the private sector, and it doesn't work in the public sector; it doesn't even work from a government-to-government perspective. And if these are being labelled as quick fixes, there is no quick fix, as it were, to this issue. But what there is, I think, is a starting point to move us toward an environment where we have a greater level of accountability and a greater level of transparency about what some of these rules are, so that when we go in and begin to pass along that information in some instances, or recognize that the information may be put at risk in certain circumstances, we will do so with some sort of framework around that, taking whatever precautions are possible—albeit there is nothing that can provide people with an absolute assurance.
When you say this sort of stuff is scary, it speaks exactly to the question Mr. Pearson raised in British Columbia. The effect of knowing that people's health information was suddenly going to be elsewhere and subject to the U.S.A. Patriot Act, in an extreme circumstance, is what crystallized in the minds of many that, well, let's hold on a second and back up to see if we've taken all the precautions we need to. The answer in B.C. was no, we haven't; let's do something about it. If people were to ask those same questions in a federal context, I think the answer would again be no, and it's time to do something about it.