From my perspective, and just sort of blue sky, obviously you need to bolster the resources of the Privacy Commissioner to deal effectively with these issues, just as when Canada's anti-spam legislation was passed and in Canada you needed to bolster the ability of that department within the CRTC to control that.
I don't know if it's been done sufficiently or not, but to me, in legislation, you set the mechanism of what you want the organization to do, and then the resources just naturally follow from that. Why give somebody the powers and then not give them resources to do their job? To me that doesn't make any sense.