No, I don't think the current rules are sufficient.
I appreciate that the committee's mandate may be to focus on this specific incident and whether it was legal or not, but I fear that would miss the forest for the trees. There is an opportunity here to use this particular incident to highlight both the enormous value that the data can have, and then, by extension, the necessity of ensuring we have an effective data framework in Canada that includes adequate privacy safeguards, both within the federal government with the Privacy Act and in PIPEDA.
I think we can look at this incident as further evidence that at the moment we just don't have that.