We didn't get far in our testimony regarding what harm may have been done as a result of non-compliance. One thing they may have found going into a small business is that the proprietor is not aware of the obligations and hasn't undertaken certain obligations such as appointing a privacy officer, and these kinds of things. But where have we found harm? Which types of businesses are harming the public through their non-compliance with PIPEDA?
