I believe we need to use all of the tools at our disposal. The financial penalties, the orders and the enforcement should always be a last resort. We should always try to prevent, resolve, educate and work together, so that's what we're doing at my office. I'm trying to resolve things quickly and informally, with letters of engagements, commitments and compliance agreements.
However, in situations where there is a disagreement or a major violation, you need the capability to enforce and also, I would argue, the possibility of fines to help decision-makers, CEOs, boards and investors invest the necessary sums to protect privacy. If there's the risk of financial consequences, it gives argument to the privacy champions in those organizations to build protections for Canadians, so it serves everyone in the end.
I want the ability to issue fines. I hope to rarely, if ever, have to issue them, but the existence of that possibility will make it easier for my office to convince organizations to prevent issues and take the necessary steps.