It would depend. Certainly a code of practice could be beneficial if there were a certain area where there was a potential for differing interpretations of what is required. It could set out rules that organizations would follow.
Basically, there would be additional trust provided by the Privacy Commissioner, to say this is the type of approach that would be supported under the CPPA. It could provide trust to consumers that it has been reviewed, and also trust and certainty to organizations. Whether or not the Canadian Bankers Association would choose a specific code of practice, we haven't gone down that far just yet.