In our case, the legal means are the Personal Information Protection and Electronic Documents Act. In fact, I do not believe that the Canadian legislation is a disincentive within the private sector, and it might perhaps be appropriate to consider the issue in coming years, if not immediately. As soon as we see that companies are breaking Canadian legislation, we ask them to change their practices. In some cases, they do so, but there are no fines as is the case, for example, in America, England, France and Spain.
At the most, we could say that there are not many incentives for these companies to incorporate privacy protection within their projects from the start. They know that if they are caught breaking the law, that same law allows them the possibility of remedying that before I can take them before the Federal Court of Canada, and then I have to start all over again.
I think that this issue will be raised a lot over the coming year, during the PIPEDA review.