Therrien’s recommendations
Privacy Commissioner Daniel Therrien has made 16 recommendations to update the Privacy Act. They include: Privacy breach reporting Therrien has suggested that when government departments and agencies have serious privacy breaches, they should be required to be reported to his office. Currently, government-wide regulations require departments to consider reporting any “material” breach — breaches involving a large number of people, or where damages to an individual are foreseeable — to the privacy watchdog, although reporting has been spotty over the last number of years. Power to compel Currently the privacy commissioner has no order-making power — he can recommend a department take action, but cannot compel them to do so. In recommendations to a House of Commons committee, Therrien notes that though most departments agree with his recommendations, there are some who take lengthy delays to take action. Public education The commissioner’s office has no explicit authority to educate Canadians about risks to their privacy, although they do make some efforts to do so. Therrien says that the OPC should be explicitly allowed to educate government departments and agencies about their responsibilities to protect Canadians’ personal information. Five-year review The Privacy Act has not been substantially updated since 1983 — when Return of the Jedi was big in theatres, and Stephen King’s novel Pet Sematary dominated the New York Times’ bestseller list. Therrien’s office believes a mandatory five-year review would ensure the Privacy Act does not become so badly out-ofdate in the future.