The adoption of data protection standards for both the private and public sectors is a goal worth pursuing. The inclusion of such standards in legislation, even without strong coercive measures, would provide an incentive to both the public and private sectors to give personal information the protection it deserves. This legislation could also help Canada meet privacy standards that are being set by its trading partners in Europe. Data protection laws have been in existence in Europe and in Canada for many years, and are now familiar to Canadians. They are not intended to prevent businesses or governments from collecting and using the personal information they need to conduct their business, but to give back to citizens some control over what is known about them by others.
The first step for the ULCC, if it decides to deal with this issue, is to agree on the principles that a data protection law should promote. These might be the principles identified in the CSA Draft Model Privacy Code; in any event, they should be consistent with the OECD Guidelines. The second step would be to decide on the best approach to ensure compliance with those principles, i.e. "light" or "heavy" legislation. The third and final step would be to prepare draft legislation that would be available to any government in Canada. The ULCC can play a vital role in ensuring that legislation adopted in this area by Parliament and the provinces does not lead to confusion in the marketplace for consumers and businesses alike or to the creation of new non-tariff barriers between provinces.