Mr. Speaker, the commissioner made this same point when he appeared before the Standing Committee on Industry, Science and Technology during its study of the bill. He said:
Requiring organizations to keep a record of breaches and provide a copy to my office upon request will give my office an important oversight function with respect to how organizations are complying with the requirement to notify.
It is up to all organizations to protect the personal data they have collected from their clients and customers. This is a responsibility that most take seriously. They understand that in the wrong hands this information could be used for nefarious purposes.
Most organizations in Canada are good corporate citizens. When the commissioner identifies that they are in violation of PIPEDA, they move quickly to correct their practices. Unfortunately—