Let's take the example of data breaches. Now there's something that has shown that, although we have a good act, something can come along such as hacking or data-handling practices that can become a chronic problem. It's worth tuning up the act for that. Otherwise, the act itself, PIPEDA, is very technology neutral and written in an all-encompassing way. It really just needs tweaks. It's not something that needs to be changed much. It's a good framework. What's missing on top, from our point of view, is teeth in the enforcement.
On October 18th, 2012. See this statement in context.