Well, certainly giving the Privacy Commissioner the power to make and enforce compliance agreements is a step forward. It's not nearly as great a step as should be in here, but it's something. Certainly having the security breach notification regime, some kind of regime in place, for reporting to the commissioner and to individuals is better than nothing, in my view. However, this is not nearly as good as it could be. We've been calling for this for 10 years, looking at it and studying it. At this point in time, there's so much experience in other jurisdictions, we should be getting it right. There's no excuse for not doing a better job.
On March 10th, 2015. See this statement in context.