Thank you very much for the question.
I think this is an area that we should probably just leave to the courts, and I would favour simply deleting section 9 of SCISA. The Supreme Court is now developing jurisprudence with respect to charter damages, which would include damages for violation of rights of privacy. The court has done so in a way that recognizes a broad range of reasons for awarding damages, compensation for pecuniary and non-pecuniary losses, vindication, and deterrence, but is also respectful of governmental justifications. What the court says is that once you have established an entitlement to damages, it is up to the government to justify why damages would be inappropriate or why some alternative remedy would be better. In my view, subsection 24(1) of the charter provides a more flexible mechanism for responding to damages.
Having said that, I would also add that damages cannot be a substitute for effective review, because as Justice O'Connor stressed, most people do not know if information is being shared about them. Mr. Arar and other Canadians who were tortured in Syria, in part because of Canadian information sharing, knew because of the devastating consequences that they experienced, but you or I would not know right now if information about us is being shared, so although damages should be available, we should not rely upon damages, and we need a better review structure to do independent audits of information sharing practices.