I've actually started a number of activities during my term for the OPC to not only investigate violations after the fact but also to give advice to companies and departments as they design programs to ensure that those programs comply with the law.
We've already started quite a few engagement activities with government departments, and they are more and more popular among government departments. I would encourage the new commissioner to continue on that path. It is unquestionably much better to think about privacy protection—it's the privacy by design concept—early in the development of a program or initiative than at the end, obviously. We have started discussions, and we would encourage further discussions.
By the way, these discussions will hopefully provide better knowledge of privacy principles on the government side. On our side, it provides a better grounding of operational realities within which our privacy principles are to be implemented. It's a good and useful two-way conversation to have. I'm not saying it's always that meaningful and useful, but that could be one improvement to be made. We should continue these engagements to ensure that there's a true dialogue between the regulated entities that engage with us, and to be really conscious and aware of the context within which departments operate.
For Canadians, “Stay alert.” My overall thought is that given the complexity of new technologies and business models, I'm not expecting people to read 50-page privacy polices to protect their privacy. That's why a regulator is not a panacea, but it is really fundamental and essential. It will not solve the problem by itself, but it is really important that citizens have an expert body like the OPC to look after them, have their backs, and protect them.
Yes, there are certain measures that can be taken, but there is a very important limit nowadays to how people can actually protect their privacy.