I think there are two main amendments that are very necessary and that will be helpful for us to implement and apply.
I refer to the obligation imposed on organizations to notify the OPC and the concerned individuals in the case of data breaches. We know from media reports and other information that data breaches are an important and growing phenomenon both for public and private institutions, and we think it will be an important progress in PIPEDA to have this regime of mandatory breach notification.
We think, obviously, that there will be repercussions on resources. We currently have a voluntary notification process applicable to private organizations in the case of breaches. From year to year we see there are fluctuating numbers, but there are approximately 60 notifications under that regime. We expect that the number will increase significantly with mandatory breach notification. That was the experience in Alberta when the voluntary scheme became mandatory. There will be an impact for sure. Overall, we think that this is a very positive development.
In addition to that, a second major amendment that I would mention has to do with compliance agreements. We seek to work with organizations to promote compliance with PIPEDA. This means in some circumstances that following complaints, we engage in discussions with organizations on resolving complaints conditionally, meaning that organizations change their practices in order to be more compliant with PIPEDA. The mechanism of compliance agreements would further enhance that capacity.