I think one of the important issues around how we store and protect information is that it also has charter dimensions to it.
The recent jurisprudence in the Supreme Court of Canada has been very strong on the idea that you need safeguards around information. For example, when there's an analysis of the reasonableness of a law in the context of a charter privacy issue, there's an increasing discussion on the question of safeguards, in that if you don't safeguard the information properly, that can be the charter breach.
The gravity of that issue is that it's not some sort of technical, administrative element to the Privacy Act. There are serious charter issues in not safeguarding that information properly that the courts are starting to really pay attention to.
My own view is that we haven't built in enough on the technical side of the review process. We still seem to be thinking about it much along the lines of what David Lyon has been talking about, seeing personal information as if it's discrete information collected in a kind of paper environment that's shared in filing cabinets, but these are information systems. They're technical systems. It's software. It's algorithms. The whole issue of safeguarding has an incredible technical side to it as well. Getting the legal standards right, whether it's in the legislation or in regulations, is important, and getting the oversight right is important, but there's a whole technical side to that too. I think we're not building enough technical expertise into the review process.
As to what that looks like particularly, I don't have an answer for you, but I think we need to really understand the fluidity that David Lyon is talking about. The practical expression is that these are software systems. These are algorithms that we're talking about. These aren't social security numbers in a paper file in a filing cabinet. It's a highly technical environment.