That's a complex challenge. Right now there are class action lawsuits already under way against the federal government for negligent handling of personal information, for data breaches. Civil recourse and class action lawsuits are going to become more common, so that is one way in which people can have their day in court.
Professor Austin has talked about charter recourse, and there is charter recourse that's available. In some cases it can be brought by the affected individuals. We were just speaking about a case in which it was brought by telecommunications companies that felt that too much data was being sought from them, and that is not the only case in which companies have pushed back. There are these other recourses that are outside the Privacy Act.
In terms of the Privacy Act itself, one concern is exposing the government to liability. If you create obligations or standards that are set in very strong terms in the legislation, that may increase the risk of liability for the government.
In part, the model has also been one of attempting to improve compliance and improve practices within government around personal information. On one level, that's been the ombudsman model. Now the commissioner is seeking additional recourse, an additional means for citizens to insist on compliance with their rights.
Whether that involves just getting a court order for recommendations to be enforced and practices to be changed or whether that also includes a right in damages is not entirely clear, because you can have a recourse to have a court order, a change in practice, without having recourse to get damages. Whether it's required is something to consider.