That is a very big question, and it raises a number of different aspects that I think are relevant for this study. One thing that I think is very important is the ability of a member of Parliament to help an individual constituent. That's already in the Privacy Act. Maybe it's worth making that a little bit more robust. The next step is to make sure that it is as easy as possible for an individual to get meaningful redress from the office of the Privacy Commissioner of Canada, making sure that the commissioner has the ability to get all the relevant information to find out what went on.
I mentioned earlier the possible offences related to somebody intentionally flouting their legal obligations under the statute in order to hold people accountable for actual mischief, not just administrative mistakes, which can happen in a large organization. One example that you have given provides a number of opportunities to think about the different layers and different points in time of what a good system will look like. Ultimately, if that person is actually harmed, is there a mechanism by which they can get effective redress? Somebody can be kicked off a benefits program for a year, and that can have a significant impact on their income, things like that. They need a way to make things right, because now, way more than in 1983, we recognize that harms to privacy are real harms.