The PIPEDA hearings continued on Monday with a robust debate on order making power, naming names, and the effect of contractual provisions on privacy protection. The Information Technology Association of Canada uniformally argued that PIPEDA works fine, changes are unnecessary and costly, and dismissed proposed provisions such as naming names or order making power. My colleague Ian Kerr focused on contractual issues, while the Canadian Bar Association supported order making power with the development of a new tribunal.
While I was not in attendance, the notes from the hearing suggest that this hearing would be better named "ITAC Attacks". In its zeal to dissuade the committee from recommending any changes, ITAC made several unsubstantiated claims including claims that most organizations approach the commissioner where security breaches occur, that there is a good level of privacy compliance in Canada, and that the U.S. is not less prone to privacy invasions than Canada (all offered without reference to any supporting study). It would be worth noting which companies comprise ITAC's membership and inquire directly whether they support the strongest assault yet on reforms that might improve Canada's privacy law framework.
The full notes of the day's event, from Kathleen Simmons, are posted below: