Somehow it makes it easier for a commissioner if the departments actually have a culture of divulging when there's been a mistake. We've learned from the airline industry that you don't lose your licence for making a mistake; you lose your licence for failing to report a mistake.
I think in the ongoing interest of the privacy of Canadians, departments need to feel comfortable reporting a possible or real breach in the data, such that it turns into a learning culture, where you could tighten this up because the department says, whoops, this happened.
Yet we all know that within departments there's a sort of risk-averse culture. If you've made a mistake or almost made a mistake, there's a sort of gotcha feeling or a reluctance to admit that there was a mistake.
Do you think we're getting there, that departments are feeling more comfortable reporting a possible breach or a real breach rather than waiting until it is caught or comes from a complaint-based system?