I draw your attention to two other things. One is the standard for collection test. The Privacy Commissioner has recommended a necessity for collection related to a government program. I strongly support that. I think that's also relevant in the context of the debates about the revisions of Bill C-51.
The other is that with the basic privacy principles, there's a lot of convergence between the two statutes. There is a big gap in the Privacy Act having to do with security safeguards. The language you find in section 4.7 of schedule I in PIPEDA does not have equivalence in the Privacy Act, and that's a huge gap.
Beyond those, I think all of the other issues have to do with the powers of the commissioner and the tools and the instruments that the commissioner has at his disposal, and that includes mandatory data breaches and PIAs.