You raise some very good points. The current Privacy Act has been in force since 1983, well before the Internet era. The discussion we're having today attests to the big changes on the way that will affect society. The act applies to 265 institutions. I mention that not to make excuses, but simply to highlight how colossal the undertaking is.
When we encounter an issue, we work closely with the Department of Justice. TBS is responsible for building an inventory of situations that arise, and our discussions with the Department of Justice and other stakeholders are ongoing. The enterprise architecture review board began cataloguing issues and key points that have come to our attention.
Naturally, it takes time. Take, for example, Europe. The EU General Data Protection Regulation, or GDPR, wasn't developed in a few years. It takes time to come up with those kinds of rules, which will likely require regular review, as Mr. Snow pointed out. Many of our private sector partners are currently putting new services in place. Obviously, it's an ever-evolving challenge. We also have to work closely with our partners at Innovation, Science and Economic Development Canada, since they are the ones in charge of enforcing the Personal Information Protection and Electronic Documents Act, or PIPEDA, in the private sector.
There is no doubt that the digital ecosystem is quite complex, so we want to be sure we take the time we need to analyze all of the issues reported to us. The next step will be to engage with Canadians about their private data.