I totally support Commissioner Daniel Therrien's call to the federal government to upgrade the PIPEDA, for example, which dates from the early 2000s. He also said we need to add privacy by design to the new law because, after all, they have embedded it in the GDPR. We need new tools. We need to be proactive. We need to identify the risks and address them up front. We can do this.
Upgrading the laws is absolutely essential. Giving the commissioner the much-needed authority that he needs but now lacks is essential. I can say, having been a privacy commissioner for three terms, that I had order-making power. I rarely used it, but that was the stick that enabled me to engage in informal resolution with organizations, government departments that were in breach of the privacy law. It was a much better way to work.
I had the stick. If I had to issue an order, I could do that. That's what Commissioner Therrien lacks. We have to give him that additional authority and embed privacy by design into the new law so we can have additional measures available to the government to proactively address a prevention model, much like a medical model of prevention. It would be much easier if we had that. Then far less would go to the already extended Privacy Commissioner to be addressed.
Thank you.