Back in the day, the major threat was presumed to be coming from government. It was Big Brother. The history of the Privacy Act was that it followed on from the Access to Information Act and the need to make sure the personal information exemptions in the two statutes were internally consistent.
At that time, it was thought that the private sector could be governed through voluntary self-regulation. For the period of the late 1980s and 1990s, that's what happened. There was a process through the Canadian Standards Association, which I was involved with, that got the major private sector associations to agree to the CSA standard, which then became the basis for PIPEDA.
There are different issues having to do with government agencies and the private sector. With respect to corporations, the role of consent is stronger than it tends to be in government agencies, where the stipulation is that it has to be a statutory requirement, a legislative requirement. Most countries today are starting with a blank slate and think they just have to have one comprehensive statute. Why? It's because it's so difficult to know where the private sector ends and where government begins. That's what technology has produced. The personal information flows backward and forward across those lines in ways that are difficult to regulate.
Having said that, we have to live with those legacies. I don't think there would be any appetite for scrapping PIPEDA, or scrapping the Privacy Act and building a completely new privacy regime.
We live with those legacies. I do think that as far as possible—and this goes to what my colleagues have said—the powers that are included in the Privacy Act for the Privacy Commissioner should be consistent with those under PIPEDA.