The Privacy Commissioner of Canada appeared before the committee on Monday in what is likely to be the first of two appearances (she indicated she would return at the end of the hearings). While the Commissioner asked for security breach disclosure legislation and identified cross-border data transfers as a concern, the big story of the day is that she effectively killed the prospect of order-making power. A shift toward order-making power was raised in both prior hearings and is likely to surface again when several privacy advocates appear before the committee. My guess is that the issue is now dead – the Commissioner opened by stating that she was not seeking any additional enforcement powers.
The move took committee members by surprise – several asked for clarification or reasons behind the decision. The Commissioner indicated that order making power raised other concerns and that it was premature to change the PIPEDA framework. With order making power likely finished (the committee is not going to add order making power if the Commissioner and the Industry Minister don't want it), the key remaining issues to look out for are security breach disclosure, cross-border transfers, the costs of PIPEDA to small business (a big concern for the Conservative members of the committee), and questions around the definition of "work product."
A full review of the day's events, thanks to Kathi Simmons, follows.